I am trying to lookup API which can give items like Top Products or Top Selling Products in a certain section(Book etc). I try to look for browser Node Section but could not find helpful as such.
I hope this PHP example helps you:
// Your AWS Access Key ID, as taken from the AWS Your Account page
$aws_access_key_id = $key_id;
// Your AWS Secret Key corresponding to the above ID, as taken from the AWS Your Account page
$aws_secret_key = $secret_key;
// The region you are interested in
$endpoint = "webservices.amazon.co.uk";
$uri = "/onca/xml";
$params = array(
"Service" => "AWSECommerceService",
"Operation" => "BrowseNodeLookup",
"AWSAccessKeyId" => "$aws_access_key_id",
"AssociateTag" => "$tag",
"BrowseNodeId" => "$nodeid_uk",
"ResponseGroup" => "TopSellers"
);
// Set current timestamp if not set
if (!isset($params["Timestamp"])) {
$params["Timestamp"] = gmdate('Y-m-d\TH:i:s\Z');
}
// Sort the parameters by key
ksort($params);
$pairs = array();
foreach ($params as $key => $value) {
array_push($pairs, rawurlencode($key)."=".rawurlencode($value));
}
// Generate the canonical query
$canonical_query_string = join("&", $pairs);
// Generate the string to be signed
$string_to_sign = "GET\n".$endpoint."\n".$uri."\n".$canonical_query_string;
// Generate the signature required by the Product Advertising API
$signature = base64_encode(hash_hmac("sha256", $string_to_sign, $aws_secret_key, true));
// Generate the signed URL
$request_url = 'http://'.$endpoint.$uri.'?'.$canonical_query_string.'&Signature='.rawurlencode($signature);
echo "Signed URL: \"".$request_url."\"";
Related
I am trying to integrate Docusign with my website. I am going to use embedded signing. For this, I have used JWT Authentication. After Authentication, I generated access token. With the help of access token I am trying to call createEnvelope('--account_id--', '--envelop_definition--'), but, I am getting HTTP 302 response.
Here is my code
<?php
require_once('../vendor/autoload.php');
require_once('../config/docusignConfiguration.php');
use DocuSign\eSign\Client\ApiClient;
use DocuSign\eSign\Configuration;
class DocumentSigner{
private $jwtUserToken = null;
private $envelope_api = null;
public function getAccessManinderToken(){
if(!$this->jwtUserToken){
$this->jwtUserToken = $this->getJwtUserToken();
}
return $this->jwtUserToken[0]->getAccessToken();
}
private function getJwtUserToken(){
global $DOCUSIGN_CONFIG;
$apiClient = new ApiClient();
$apiClient->getOAuth()->setOAuthBasePath($DOCUSIGN_CONFIG['base_path']);
$jwtToken = $apiClient->requestJWTUserToken(
$DOCUSIGN_CONFIG['client_id'],
$DOCUSIGN_CONFIG['user_id'],
$DOCUSIGN_CONFIG['rsa_key'],
$DOCUSIGN_CONFIG['scope']
);
return $jwtToken;
}
public function make_envelope()
{
$demo_docs_path = '../documents/Sample';
$content_bytes = file_get_contents($demo_docs_path . ".pdf");
$base64_file_content = base64_encode($content_bytes);
# Create the document model
$document = new \DocuSign\eSign\Model\Document([ # create the DocuSign document object
'document_base64' => $base64_file_content,
'name' => 'Example document', # can be different from actual file name
'file_extension' => 'pdf', # many different document types are accepted
'document_id' => 1 # a label used to reference the doc
]);
# Create the signer recipient model
$signer = new \DocuSign\eSign\Model\Signer([ # The signer
'email' => 'check#gmail.com', 'name' => 'Checker Singh',
'recipient_id' => "1", 'routing_order' => "1",
# Setting the client_user_id marks the signer as embedded
'client_user_id' => 1000
]);
# Create a sign_here tab (field on the document)
$sign_here = new \DocuSign\eSign\Model\SignHere([ # DocuSign SignHere field/tab
'anchor_string' => '/sn1/', 'anchor_units' => 'pixels',
'anchor_y_offset' => '10', 'anchor_x_offset' => '20'
]);
# Add the tabs model (including the sign_here tab) to the signer
# The Tabs object wants arrays of the different field/tab types
$signer->settabs(new \DocuSign\eSign\Model\Tabs(['sign_here_tabs' => [$sign_here]]));
# Next, create the top level envelope definition and populate it.
$envelope_definition = new \DocuSign\eSign\Model\EnvelopeDefinition([
'email_subject' => "Please sign this document sent from the PHP SDK",
'documents' => [$document],
# The Recipients object wants arrays for each recipient type
'recipients' => new \DocuSign\eSign\Model\Recipients(['signers' => [$signer]]),
'status' => "sent" # requests that the envelope be created and sent.
]);
return $envelope_definition;
}
public function generate(){
global $DOCUSIGN_CONFIG;
# Create the envelope request object
$envelope_definition = $this->make_envelope();
# Call Envelopes::create API method
# Exceptions will be caught by the calling function
$config = new \DocuSign\eSign\Configuration();
$config->setHost($DOCUSIGN_CONFIG['base_path']);
$config->addDefaultHeader('Authorization', 'Bearer ' . $this->getAccessManinderToken());
$api_client = new \DocuSign\eSign\client\ApiClient($config);
$api_client->getOAuth()->setOAuthBasePath($DOCUSIGN_CONFIG['base_path']);
// var_dump($api_client->getUserInfo($this->getAccessManinderToken()));
$this->envelope_api = new \DocuSign\eSign\Api\EnvelopesApi($api_client);
try{
$results = $this->envelope_api->createEnvelope('23c46058-c4e4-4101-8ddc-8f3f317a6e30', $envelope_definition);
return $envelope_id = $results->getEnvelopeId();
}
catch(DocuSign\eSign\Client\ApiException $e){
var_dump($e);
}
}
}
$documentSigner = new DocumentSigner();
// echo $documentSigner->getAccessToken();
var_dump($documentSigner->generate());
?>
The URL that you have for setHost is the account server which is used for API calls related to authentication. I'm thinking that you'd instead want: https://demo.docusign.net which is the base URL for the eSignature endpoints
(Try that, and if that doesn't work, could you try https://demo.docusign.net/restapi).
In general, it looks like that code may have originally come from example code that DocuSign hosts
Code example links: https://developers.docusign.com/docs/esign-rest-api/how-to/code-launchers/
PHP example:
https://github.com/docusign/code-examples-php/blob/master/src/EG001EmbeddedSigning.php
I am trying to set output context to a particular intent via v2 create intent API.
Please check my code.
use Google\Cloud\Dialogflow\V2\SessionsClient;
use Google\Cloud\Dialogflow\V2\TextInput;
use Google\Cloud\Dialogflow\V2\QueryInput;
use Google\Cloud\Dialogflow\V2\IntentsClient;
use Google\Cloud\Dialogflow\V2\Intent_TrainingPhrase_Part;
use Google\Cloud\Dialogflow\V2\Intent_TrainingPhrase;
use Google\Cloud\Dialogflow\V2\Intent_Message_Text;
use Google\Cloud\Dialogflow\V2\Intent_Message;
use Google\Cloud\Dialogflow\V2\Intent;
use Google\Cloud\Dialogflow\V2\Context;
use Google\Cloud\Dialogflow\V2\ContextsClient;
private function intent_create(){
putenv('GOOGLE_APPLICATION_CREDENTIALS='.getcwd() . '/strive_stage.json');
$intentsClient = new IntentsClient();
/** Create Intent **/
$disaplayName = "Where is Goa";
$utterances = ["Goa", "Where is Goa"];
// prepare training phrases for intent
$trainingPhrases = [];
foreach ($utterances as $trainingPhrasePart) {
$part = new Intent_TrainingPhrase_Part();
$part->setText($trainingPhrasePart);
// create new training phrase for each provided part
$trainingPhrase = new Intent_TrainingPhrase();
$trainingPhrase->setParts([$part]);
$trainingPhrases[] = $trainingPhrase;
}
$messageTexts = 'Goa is in India.';
// prepare messages for intent
$text = new Intent_Message_Text();
$text->setText([$messageTexts]);
$message = new Intent_Message();
$message->setText($text);
$createIntentObject = $intentsClient->projectAgentName(env("DIALOG_FLOW_PROJECT_ID"));
// prepare intent
$intent = new Intent();
$intent->setDisplayName($disaplayName);
$intent->setTrainingPhrases($trainingPhrases);
$intent->setMessages([$message]);
$contexts = ['test'];
foreach($contexts as $con){
$contextObj = new Context();
$contextObj->setName($con);
$contextData[] = $contextObj;
$intent->setOutputContexts($contextData);
}
// $intent->getOutputContexts('test');
//dd($intent);
$response = $intentsClient->createIntent($createIntentObject, $intent);
printf('Intent created: %s' . PHP_EOL, $response->getName());
}
I am getting error message
{
"message": "com.google.apps.framework.request.BadRequestException: Resource name does not match format 'projects/{project_id}/agent/sessions/{session_id}/contexts/{context_id}' or 'projects/{project_id}/locations/{location_id}/agent/sessions/{session_id}/contexts/{context_id}'.",
"code": 3,
"status": "INVALID_ARGUMENT",
"details": []
}
I believe the issue is with the format of storing the output context. Please help me on this.
I had the same issue. The answer is to not put in the bare name, but to have a string of a certain format made
see http://googleapis.github.io/google-cloud-php/#/docs/google-cloud/v0.131.0/dialogflow/v2/intent?method=setOutputContexts
// $projectId your project id
// $sessionId can be anything, I use $sessionId = uniqid();
$uri = "projects/$projectId/agent/sessions/$sessionId/contexts/$con";
$contextObj->setName($uri);
I can see that there are any response about this topic.
I leave here my solution for the next generations
To create a output context you need to create the correct format, for this objetive you can use Context class Google\Cloud\Dialogflow\V2\Context
private function parseoOutputContexts($contexts, $project_id, $lifespan = 5)
{
$newContexts = array();
foreach ($contexts as $context) {
$newContexts[] = new Context(
[
'name' => 'projects/' . $project_id . '/agent/sessions/-/contexts/' . $context,
'lifespan_count' => $lifespan
]
);
}
return $newContexts;
}
And you can use this function to finnaly add the output context to the object Intent.
$dialogflow_intent = new Intent();
$output_contexts = ['output_context_1'. 'output_context_2'];
$output_contexts = $this->parseOutputContexts($output_contexts, '[YOUR_PROJECT_ID]');
$dialogflow_intent->setOutputContexts($output_contexts);
CakePHP Version 3.5.5
The id is visible in the address bar for view and edit which for my application creates a security risk. Any logged in user at the same company can change the id in the address bar and view or edit the details
of users they are not allowed to.
IE: https://localhost/crm/users/edit/1378 can be manually changed in the address bar to https://localhost/crm/users/edit/1215 and entered. This would display the details of user 1215 which is not allowed.
To overcome this I am selecting the ids which the user is allowed to edit and checking that the id from the url is one of these ids with the following code:
public function view($id = null)
{
if ($this->request->is('get')) {
// Select the permitted ids.
if (superuser) { // example to explain only
$query = $this->Users->find()
->where(['companyid' => $cid])
->andWhere(['status' => 1])
->toArray();
}
elseif (manager) { // example to explain only
$query = $this->Users->find()
->where(['areaid' => $areaid])
->andWhere(['status' => 1])
->toArray();
}
elseif (team leader) { // example to explain only
$query = $this->Users->find()
->where(['teamid' => $teamid])
->andWhere(['status' => 1])
->toArray();
}
// Check if the edit id is in the array of permitted ids.
$ids = array_column($query, 'id');
$foundKey = array_search($id, $ids);
// If the edit id is not in the array of permitted ids redirect to blank.
if (empty($foundKey)) {
// Handle error.
}
$user = $this->Users->get($id);
$this->set('user', $user);
$this->set('_serialize', ['user']);
}
else {
// Handle error.
}
}
My question: Is the above code the best cake way of achieving this or is there a better way to do it?
This code does work but because it's to do with security I'd appreciate any input which would improve it or point out it's weakness/es.
/////////////////////////////////////////////////////////////////////////////
As requested by cgTag please see below.
My app has superusers, managers, team leaders and users.
Managers manage one area which can contain many teams.
Team Leaders lead one team and must belong to an area.
Users are assigned to an area or a team.
For example:
Area is UK
Team is England
Team is Scotland
Team is Wales
Area is USA
Team is Florida
Team is California
Team is Texas
On index - superusers see all the superusers, managers, team leaders and users in the company.
On index - managers see themself and users in their area, team leaders in their area and users in the teams.
On index - team leaders see themself and users in their team
My problem is say the manager of area UK clicks edit on one of the records and that record is displayed with a url of https://localhost/crm/users/edit/1378
Then say this disgruntled manager makes a guess and changes the url to https://localhost/crm/users/edit/1215 and submits it then this record is displayed. (This record could be anyone, a superuser, another manager, a team leader who is not in their area or a user not in their area.
This manager could then change say the email address and submit this and it's this type of situation that I need to protect against.
My fix is to reiterate the find for the superuser, manager and team leader I've done on index in the view and edit class. This ensures that say a manager can only view or edit someone in their area.
Hopefully I've explained it well enough but if not just let me know and I'll have another go.
Thanks. Z.
/////////////////////////////////////////////////////////////////////////////
Thanks cgTag, I feel a lot more confident with this approach but I cannot use this code because you have correctly assumed that I am using an id to select all the companies results but I'm using a 40 char string. I do this so I can make my sql queries more robust.
It's impossible for you to help me unless you have all the info required so I have posted an accurate representation below:
public function view($id = null)
{
if(!$this->request->is('get') || !$id) {
//throw new ForbiddenException();
echo 'in request is NOT get or id NOT set ' . '<hr />';
}
$user_id = $this->Auth->user('id');
// regular users can never view other users.
if($user_id !== $id) {
//throw new ForbiddenException();
echo 'in $user_id !== $id ' . '<hr />';
}
// Declare client id 1.
if ($this->cid1() === false) {
echo 'in throw exception ' . '<hr />';
}
else {
$c1 = null;
$c1 = $this->cid1();
}
$company_ids = $this->getCompanyIds($c1);
$area_ids = $this->getAreaIds($user_id, $c1);
$team_ids = $this->getTeamIds($user_id, $c1);
// company_id does not exist which will cause an unknown column error.
// The column I select by is cid_1 so I have changed this column to cid_1 as shown below.
$user = $this->Users->find()
->where([
'id' => $id,
'cid_1 IN' => $company_ids,
'area_id IN' => $area_ids,
'team_id IN' => $team_ids,
'status' => 1
])
->firstOrFail();
$this->set(compact('user'));
}
The functions:
public function cid1()
{
$session = $this->request->session();
if ($session->check('Cid.one')) {
$c1 = null;
$c1 = $session->read('Cid.one');
if (!is_string($c1) || is_numeric($c1) || (strlen($c1) !== 40)) {
return false;
}
return $c1;
}
return false;
}
public function getCompanyIds($c1 = null)
{
$query = $this->Users->find()
->where(['status' => 1])
->andWhere(['cid_1' => $c1]);
return $query;
}
public function getAreaIds($c1 = null, $user_id = null)
{
$query = $this->Users->find()
->where(['status' => 1])
->andWhere(['cid_1' => $c1])
->andWhere(['area_id' => $user_id]);
return $query;
}
public function getTeamIds($c1 = null, $user_id = null)
{
$query = $this->Users->find()
->where(['status' => 1])
->andWhere(['cid_1' => $c1])
->andWhere(['team_id' => $user_id]);
return $query;
}
With this code I get the following error:
Error: SQLSTATE[21000]: Cardinality violation: 1241 Operand should contain 1 column(s)
I don't know if your example will work with this new information but at least you have all the information now.
If it can be ammended great but if not I really don't mind. And I do appreciate the time you've put aside to try to help.
Thanks Z
/////////////////////////////////////////////////////////////////////////////
#tarikul05 - Thanks for the input.
Your suggestion is very similar to my first effort at addressing this security issue but I went for security through obscurity and hid the id in a 80 char string, example below.
// In a cell
public function display($id = null)
{
// Encrypt the id to pass with view and edit links.
$idArray = str_split($id);
foreach($idArray as $arrkey => $arrVal) {
$id0 = "$idArray[0]";
$id1 = "$idArray[1]";
$id2 = "$idArray[2]";
$id3 = "$idArray[3]";
}
// Generate string for the id to be obscured in.
$enc1 = null;
$enc1 = sha1(uniqid(mt_rand(), true));
$enc2 = null;
$enc2 = sha1(uniqid(mt_rand(), true));
$encIdStr = $enc1 . $enc2;
// Split the string.
$encIdArray = null;
$encIdArray = str_split($encIdStr);
// Generate the coded sequence.
$codedSequence = null;
$codedSequence = array(9 => "$id0", 23 => "$id1", 54 => "$id2", 76 => "$id3");
// Replace the id in the random string.
$idTemp = null;
$idTemp = array_replace($encIdArray, $codedSequence);
// Implode the array.
$encryptedId = null;
$encryptedId = implode("",$idTemp);
// Send the encrypted id to the view.
$this->set('encryptedId', $encryptedId);
}
And then decrypted with
// In function in the app controller
public function decryptTheId($encryptedId = null)
{
$idArray = str_split($encryptedId);
foreach($idArray as $arrkey => $arrVal) {
$id0 = "$idArray[9]";
$id1 = "$idArray[23]";
$id2 = "$idArray[54]";
$id3 = "$idArray[76]";
}
$id = null;
$id = $id0.$id1.$id2.$id3;
return $id;
}
The problem with this was that when testing I managed to get the script to error which revealed the array positions which would of undermined the security by obscurity principle and made it a lot easier for a hacker.
Your suggestion is neater than my obscurity method but I believe md5 has been cracked therefore it should not be used.
I'm no security expert but in my opinion checking the view and edit id against an array of permitted ids is the most secure way to address this.
Maybe I'm wrong but if I do it this way there's is no way a hacker no matter what they try in the address bar can see or edit data they are not meant to and it keeps the url cleaner.
What I was originally looking/hoping for was a Cake method/function which addressed this but I couldn't find anything in the cookbook.
Thanks anyway. Z.
I would simplify your code so that the SQL that fetches the user record only finds that record if the current user has permissions. When you're dependent upon associated data for those conditions. Follow this approach even if you have to use joins.
You create the SQL conditions and then call firstOrFail() on the query. This throws a NotFoundException if there is no match for the record.
public function view($id = null) {
if(!$this->request->is('get') || !$id) {
throw new ForbiddenException();
}
$user_id = $this->Auth->user('id');
// regular users can never view other users.
if($user_id !== $id) {
throw new ForbiddenException();
}
$company_ids = $this->getCompanyIds($user_id);
$area_ids = $this->getAreaIds($user_id);
$team_ids = $this->getTeamIds($user_id);
$user = $this->Users->find()
->where([
'id' => $id
'company_id IN' => $company_ids,
'area_id IN' => $area_ids,
'team_id IN' => $team_ids,
'status' => 1
])
->firstOrFail();
$this->set(compact('user'));
}
The above logic should be sound when a user belongsTo a hierarchical structure of data. Where by, they can view many users but only if those users belong to one of the upper associations they have access too.
It works because of the IN clause of the where conditions.
Note: The IN operator throws an error if the array is empty. When you have users who can see all "teams" just exclude that where condition instead of using an empty array.
The key here is to have functions which return an array of allowed parent associations such as; getCompanyIds($user_id) would return just the company IDs the current user is allowed access too.
I think if you implement it this way then the logic is easy to understand, the security is solid and a simple firstOrFail() prevents access.
We are using OpenAM (Forcibly 12) and its Policy Decision for ACL. How can we get list of resources (Uri+verb) though REST API or Client SDK? We have added some complementary REST using SDK, and we are able to add resource list as well.
using following IP you can get complete data
Get - http://youurl/openam/xacml/policies
Header - "iplanetDirectoryPro" = "Token value"
After that you need to filter "resources" with respect to "application".
function get_resources() {
$resources = array();
if(isset($_SESSION['OpenAmSession']['sso_token']) || !empty($_SESSION['OpenAmSession']['sso_token'])) {
$curl = new Curl();
$curl->setHeader('iPlanetDirectoryPro', $_SESSION['OpenAmSession']['sso_token']);
$curl->setHeader('Content-Type', 'application/json');
$curl->post(OPENAM_BASEURL.'/json/policies?_action=evaluate', array(
'resources' => array("your URL"),
'application' => 'Application Name',
));
if ($curl->error) {
//echo $curl->error_message;
} else {
if(isset($curl->response[0]->attributes->resources)) {
$resources = $curl->response[0]->attributes->resources;
}
}
}
return $resources;
}
In the last days, I'm working on the application which needs to search for users on Facebook. Since the FQL query for "username" was deprecated/canceled, I have decided to use common search API.
I use PHP so FB PHP SDK is the way I'd prefer. I have used it earlier for FQL queries, just like this:
// $api is already initialized, with access_key, app secret and so on
$users = $api(array(
'method' => 'fql.query',
'query' => "SELECT first_name,last_name FROM user WHERE uid='12345'",
));
I'd like to build the search query in the similar way. Especially, I don't want to urlencode the parameters, specify access key, app secret and all the stuff the SDK is supposed to do for me. However, I haven't been able to build this query using SDK yet. Is there any possibility to do it? If yes, how? I have found long list of sdk-supported "api calls" but I need to build the query for graph.facebook.com/search?arguments.
Thanks in advance.
EDIT: To make it clear, I don't want to build the string by myself. I know this solution works. But imho it's ugly when I have SDK:
$name = urlencode(trim($first_name . " " . $last_name_));
$users = $this->facebook->api("/search?q=$name&type=user&access_token=$key");
Searching User via Graph API using php-sdk 3.1.1
User will need to authorize your app before making a search for
users.
{
"error": {
"message": "A user access token is required to request this resource.",
"type": "OAuthException"
}
}
Php-skd 3.1.1 init.
<?php
require './src/facebook.php';
$facebook = new Facebook(array(
'appId' => 'your-app-id',
'secret' => 'your-app-secret',
));
$user = $facebook->getUser();
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
/* */
if ($user) {
$logoutUrl = $facebook->getLogoutUrl();
} else {
$loginUrl = $facebook->getLoginUrl();
}
?>
Search includes, encoding search term, setting results limit, and
offset for paging.
<?php
/* Get Search parameter from url or post and urlencode it. */
$q = urlencode($_GET['qs']);
if(!$_GET['qs']){
$q = urlencode($_POST['qs']);
if(!$_POST['qs']){
/* Default Search Term */
$q = "Shawn+E+Carter";
}
}
/* Get Results Limit from url or set default. */
$limit = $_GET['limit'];
if (!$_GET['limit']){
$limit = 60;
}
/* Get Offset from url or set default for paging. */
$offset = $_GET['offset'];
if (!$_GET['offset']){
$offset = 0;
}
/* Make Graph API call to user */
$usersearch = 'search%3Fq='.$q.'%26type=user%26limit='.$limit.'%26offset='.$offset.'';
echo '<pre style="text-align: left;">';
print_r($usersearch);
echo '</pre>';
?>