I'm currently trying to show the data about an openproject workpackage in my website using the openproject api v3 (I'm using PHP with symfony.).
I have no issue getting the general data (subject, description, priority, etc), but I'm not sure I know how to show the attachments to the user.
I tried using "/api/v3/work_packages/".$id."/attachments", but there is no image in the json returned:
"_type":"Collection",
"total":1,
"count":1,
"_embedded":{
"elements":[{
"_type":"Attachment",
"id":1888,"fileName":"128-128-logo.png",
"fileSize":9583,
"description":{"format":"plain","raw":null,"html":""},
"contentType":"image/png",
"digest":{"algorithm":"md5","hash":"/*-hash-here-*/"},
"createdAt":"2018-07-09T16:49:26Z",
"_links":{
"self":{"href":"/api/v3/attachments/1888","title":"128-128-logo.png"},
"author":{"href":"/api/v3/users/7","title":"User Name"},
"container":{"href":"/api/v3/work_packages/1697","title":"Subject -\u003E Test Query OpenProject"},
"downloadLocation":{"href":"/attachments/1888/128-128-logo.png"},
"delete":{"href":"/api/v3/attachments/1888","method":"delete"}
}
}]
},
"_links":{
"self":{"href":"/api/v3/work_packages/1697/attachments"}
}
I also tried with a direct link to the attachment, but got
"_type":"Attachment",
"id":1888,
"fileName":"128-128-logo.png",
"fileSize":9583,
"description":{"format":"plain","raw":null,"html":""},
"contentType":"image/png",
"digest":{"algorithm":"md5","hash":"/*-hash-here-*/"},
"createdAt":"2018-07-09T16:49:26Z",
"_links":{
"self":{"href":"/api/v3/attachments/1888","title":"128-128-logo.png"},
"author":{"href":"/api/v3/users/7","title":"User Name"},
"container":{"href":"/api/v3/work_packages/1697","title":"Subject -\u003E Test Query OpenProject"},
"downloadLocation":{"href":"/attachments/1888/128-128-logo.png"},
"delete":{"href":"/api/v3/attachments/1888","method":"delete"}
}
The download location is not an API url and return 406 - unauthorised if I try to access it with an img tag ( <img src="https://XXXXXX.openproject.com/attachments/1888/128-128-logo.png"> )
So I guess my question is: How do I show my users the attachments even if they don't have an account on my openproject?
To show the attachment on your website you will have to:
Grant anonymous access to your openproject instance.
Have the attachment in a public project, meaning that it will have to be attached to a work package, wiki page ... of a public project
Grant anonymous access to your openproject instance
Uncheck "Authentication required" in the system settings ("Administration" -> "System settings" -> "Authentication" (Tab)") and save.
Turn project public
Check "Public" in the project settings (After navigating to a project -> "Project settings" -> "Information" (Tab)) and save.
Only attachments attached to a resource of that now public project will be accessible by your website.
Consequences
Everyone will be able to access your OpenProject instance, at least the part with the public project.
Alternative 1
If it is a private website and all visitors of that website will also have an account on the OpenProject instance and if it is assured, that they will always be logged into OpenProject when visiting the website, their browser will send the session cookie to the OpenProject instance automatically upon fetching the image which will result in them being authorized to get the attachment.
Alternative 2
Once OP 8.0 is released, API clients will be able to download attachments. Then a script with an API key could download the attachments of interest and store them in a location accessible to your website. The website visitors would then get the attachment from the website directly.
Related
I have been having a long and frustrating experience trying to get AASA to work for webcredentials. My goal here is to allow usernames and passwords to be stored in the iOS keychain.
I did have this working on a root domain the other week but it is not sufficient for my scenario as I will explain. It didn't work for me straight away I have to say but it eventually started working after a clean build so I thought this was the issue then but now I am not so sure.
I am using Expo with EAS build. We have a multi-tenant application. From a single codebase we deploy to multiple apps in the store. All are on the same team ID but they are separate applications and use separate credentials, nothing is shared.
I am confident my apps textContentType of username and password on my TextFields is correct as this has not changed from when I managed to get it working originally and I have checked it countless times.
Expectation
For the "Save Password" prompt to be displayed after login. What I have noticed however is when going to store a password manually using "add password" via iCloudKeychain from the keyboard accessory this does accurately show the correct "TENANT_SUBDOMAIN.example.com". I find this confusing.
Goal Scenario
I am hosting a site on Netlify. I have it setup to support wildcard subdomains with a LetsEncrypt provisioned wildcard SSL certificate. I then have edge functions which change the content of my index.html and apple-app-site-association file dynamically based on the requested subdomain.
I have added the Associated Domains capability to my provisioning profile.
I am using the latest Expo 47 and EAS build. I have added in the appropriate associated domains configuration and I can see this when introspecting my entitlements under com.apple.developer.associated-domains and it is correct.
I am using TestFlight for testing. I am doing a --clean-build on EAS every time and I also increase the runtime version. I have also tried manually refreshing credentials outside of the build process which does this automatically. This must be using the correct provisioning profile otherwise I would get a build failure as the requested entitlements wouldn't match.
The AASA file is currently hosted just in the .well-known directory. I have tried using the root and also tried using both. There are no redirects taking place.
I am aware the AASA file is pulled on application installation and update. I repeatedly remove the apps and then reboot my phone in an attempt to reset any device caches.
The content-type of the file is application/json and I have confirmed this using developer tools in the browser.
There is no robots.txt or anything blocking the request from an infrastructure perspective. There are no additional firewalls or geo restricted access as I am just using plain Netlify to host this, nothing fancy.
I am confident the Team ID and bundle IDs are correct in the AASA file.
I remove the content-length header in the Edge function so it is correctly calculated by the network instead and I have confirmed this using curl.
When I check the file using https://app-site-association.cdn-apple.com/a/v1/site.example.com Apple has the correct file cached on it's CDN so I would expect it to work.
I added in an applinks section so I could use the Apple App Search API validation tool and the Branch.io AASA verification tool to verify correctness. Branch.io says the file is fine and Apple says it's fine also but because the App has not been deployed to the store yet I see Error no apps with domain entitlements. From what I can tell this is normal in development and makes sense as it uses the current released version of the app to verify the deep link configuration. So to me this means Apple can parse the file correctly.
When I stream my device console logs; on install I can see the AASA requesting the correct domains. I see no errors on swcd I just see the Beginning data task AASA-XXXX with the correct domains.
When I run Charles proxy on my phone with a verified SSL installation (also reinstalled a few times now) I do not see quite what I would expect - but the device logs seem to imply it is doing the correct thing. When I view the app-site-association... URL requests in Charles there is one per application install which is correct. The request is marked as Unknown and when I look at the request the host is shown but as you would expect from SSL I see no path. The info says METHOD: CONNECT with Error - Input Error: EOF. This is the only error I see, I am not sure if it is a red herring and something to do with Charles. Given the error as you expect there is no body in the request or response. It is worth noting in general testing I have no VPN enabled and I have do not have Private Relay enabled in my iOS settings.
When I perform a sysdiagnose I see the following at the timestamp in my console log in the swcutil_show.txt device log. This looks correct in comparison to other apps webcredentials and applinks services I see there and I see no errors:
Service: webcredentials
App ID: MYTEAMID.com.cf.example.b2c.ios
App Version: 1.0
App PI: <LSPersistentIdentifier 0x141816200> { v = 0, t = 0x8, u = 0x1e7c, db = 0094F7C4-3078-41A2-A33E-79D5A62C80A6, {length = 8, bytes = 0x7c1e000000000000} }
Domain: CORRECT_SUBDOMAIN.example.app
User Approval: unspecified
Site/Fmwk Approval: approved
Flags:
Last Checked: 2022-12-09 14:14:32 +0000
Next Check: 2022-12-14 14:03:00 +0000
Service: applinks
App ID: MYTEAMID.com.cf.example.b2c.ios
App Version: 1.0
App PI: <LSPersistentIdentifier 0x13fd38d00> { v = 0, t = 0x8, u = 0x219c, db = 0094F7C4-3078-41A2-A33E-79D5A62C80A6, {length = 8, bytes = 0x9c21000000000000} }
Domain: CORRECT_SUBDOMAIN.example.app
Patterns: {"/":"*"}
User Approval: unspecified
Site/Fmwk Approval: approved
Flags:
Last Checked: 2022-12-13 13:13:23 +0000
Next Check: 2022-12-18 13:01:51 + 0000
At end of file:
MYTEAMID.com.cf.example.b2c.ios: 8 bytes
(This seems correct for all apps)
Other Scenario
I have tried setting this up using an apex on another domain which hasn't been seen before by Apple. I have tried using a subdomain with a root domain serving the same content and I have tried the subdomain and root domain on their own. I have also tried not using the Edge functions and having static files but to no avail.
When I do this I ensure I wait for the Apple CDN to catch up and remove/add entries prior to deleting the apps, rebooting my device, and reinstalling to test.
AASA File
AASA content comes back with the correct payload and Content-Type: application/json and Content-Length headers, both from Apples CDN and the origin. When I had this somehow working in my initial test it was on a root domain and I did not have an applinks section, this was only added so I could use the verification tools for universal links.
I am not sending back different content or duplicated content and I block the www subdomain - I have also tried it with a www subdomain for the record.
{
"applinks": {
"details": [
{
"appIDs": [
"MYTEAMID.com.cf.example.b2c.ios"
],
"components": [
{
"#": "no_universal_links",
"exclude": true,
"comment": "Matches any URL with a fragment that equals no_universal_links and instructs the system not to open it as a universal link."
}
]
}
]
},
"webcredentials": {
"apps": [
"MYTEAMID.com.cf.example.b2c.ios"
]
}
}
I have also tried this with the older format:
{
"applinks": {
"apps": [],
"details": [
{
"appID": "MYTEAMID.com.cf.example.b2c.ios",
"paths": [
"*"
]
}
]
},
"webcredentials": {
"apps": [
"MYTEAMID.com.cf.example.b2c.ios"
]
}
}
associatedDomains iOS. expo config
associatedDomains: [
`webcredentials:${SUBDOMAIN}.example.app`,
`applinks:${SUBDOMAIN}.example.app`,
],
Help :)
I have been trying to get this to work for a long time now and I am completely out of ideas. If anybody has any suggestions I would really appreciate it. I am very confused how the devices request seems correct and the CDN content is correct but it is still not working. It's worth also reiterating that I need to have different subdomains for each tenant as the credentials must not be shared across apps so the keychain->domain association store must be different.
I am wondering if it's the LetsEncrypt wildcard SSL certificate but I wouldn't expect it to verify and for Apple to cache the file if this was the case. It seems very unlikely to me but it is the only thing I haven't tried at this point.
Many Thanks,
Mark
Looking to implement Oauth2 in my Chrome extension
I have been researching how to implement oauth2 on a chrome extension. I have been stuck for quite some time. I eventually got information to use chrome.identity in my background.ts file.
Here is my manifest.json
...
"permissions": [
"identity"
],
"oauth2": {
"client_id": "855289137547-bd37ghe68neqevqs47esitvc99rb5f8d.apps.googleusercontent.com",
"scopes":["https://www.googleapis.com/auth/userinfo.email"]
},
"background": {
"scripts": [
"background.js",
"runtime.js"
]
},
...
Call the chrome.identity API
There is a method on the API that is called getAuthToken which I am trying to call. When I try to call this method I get the following:
// background.ts
chrome.identity.getAuthToken({ interactive: true }, (token) => {
// store token here
});
Error
Unchecked runtime.lastError: OAuth2 request failed: Service responded with error: 'bad client id: 855289137522-bd37ggg68neqevqs47esitvc99rb5f8d.apps.googleusercontent.com'.
I checked multiple times and I can confirm that that the id is the same as I my console developer credentials.
Maybe it needs a key in the manifest
I was assuming that I have to have a key in my manifest.json. So, I followed the documentation at the following link where it says to follow the steps:
At the Developer Dashboard, click Add new item.
Click Choose file and select the .zip extension directory and upload it.
Without filling in additional fields, select Save Draft and return to dashboard.
Find the extension under Your Listings and click on more info. From the popup, copy the public key and add it to the manifest inside the unzipped directory under the "key" field.
However, I looked everywhere but could not find the "more info" link or any other info leading me to a key.
Key is available in the new UI --> Package on left side menu --> Public Key
At of time of my post (August 2020), if you go to the Developer Dashboard, you will always be directed to the new UI, which doesn't contain the More Information section, which means you can't find the public key.
AFAIK there is no other way to get the public key. You can't substitute your application ID because it is a hashed version of the public key,
Look for the Welcome popup on the bottom left corner of the screen and click on opt out link in tiny font to revert to the legacy interface.
I was able to connect and upload videos using the library but when I deleted the app connection on Vimeo.com (as a test) the app didn't authorize again.
the upload looks like it's working but nothing is uploaded as the app is no longer connected.
I deleted the app on the phone and restarted but it still won't re-authorize the app.
This comes up in the output:
Vimeo upload state : Executing
Vimeo upload state : Finished
Invalid http status code for download task.
And this is in OldVimeoUpload.swift: ( didn't include the actual access code!)
import Foundation
class OldVimeoUpload: VimeoUpload
{
static var VIMEO_ACCESS_TOKEN :String! // = "there's a string of numbers here"
static let sharedInstance = OldVimeoUpload(backgroundSessionIdentifier: "") { () -> String? in
return VIMEO_ACCESS_TOKEN // See README for details on how to obtain and OAuth token
}
// MARK: - Initialization
override init(backgroundSessionIdentifier: String, authTokenBlock: AuthTokenBlock)
{
super.init(backgroundSessionIdentifier: backgroundSessionIdentifier, authTokenBlock: authTokenBlock)
}
}
It looks like the access token number is commented out. I deleted the 2 forward slashes to see if that would fix it but it didn't.
I spoke too soon.
It sounds like you went to developer.vimeo.com and created an auth token. Used it to upload videos. And then went back to developer.vimeo.com and deleted the auth token.
The app / VimeoUpload will not automatically re-authenticated in this situation. You've killed the token and the app cannot request a new one for you. You'll need to create a new auth token and plug it into the app.
If this is not accurate and you're describing a different issue let us know.
If you inspect the error that's thrown from the failing request I'm guessing you'll see it's a 401 unauthorized related to using an invalid token.
Edit:
Disconnecting your app (as described in your comment below) has the same effect as deleting your auth token from developer.vimeo.com.
Also, VimeoUpload accepts a hardcoded auth token (as you see from the README and your code sample). It will not automatically re-authenticate, probably ever.
If you'd like to handle authentication in your app check out VimeoNetworking or VIMNetworking. Either of those libraries can be used to create a variety of authentication flows / scenarios. Still, if a logged in user disconnects or deletes their token, you will need them to deliberately re-authenticate (i.e. you will need to build that flow yourself). In that case, the user has explicitly stated that they don't want the app to be able to access information on their behalf. It would go against our security contract with them to automatically re-authenticate somehow.
Does that make sense?
I'm developing a quickblox application using Adobe AIR, which forces me to use the REST Api instead of the native libraries. I can't get the push notifications to work for offline Messages or the admin panel. Here's the details of what I do:
Admin panel:
uploaded Apple certificates for both Devel and Production push notifications
Setup project ID and server key for GCM
on Application Activate:
Register with APNS. Get device token:
XXXXXXX1fd86e783c1410e9b9e41e9f11339e33f17f59bfcc7d6bf9XXXXXXXXX
Generate udid for device. This is not Apple's device UDID, since it is now deprecated. I generate one myself. I'm saying this just in case this could be the problem
Login to Quickblox as user with device info
POST
{
"auth_key":"XXXXXXXXXX",
"nonce":8072,
"user":{
"password":"XXXXXXX",
"login":"XXXXXX"
},
"application_id":"1563",
"timestamp":1363692198,
"device":{
"platform":"ios",
"udid":"71B18699-E1A3-13B6-F8C3-BDBF01AC1FFC-B4B3475569E9-6B6A-A27E-56D1-B73E0ED4"
},
"signature":"d61293bbd98d2e523952c0f30e44ec514fb7f86a"
}
Login is ok. Create push token. As client_identification_sequence I use the token retrieved from Apple
POST
{
"push_token":{
"environment":"development",
"client_identification_sequence":"XXXXXXX1fd86e783c1410e9b9e41e9f11339e33f17f59bfcc7d6bf9XXXXXXXXX"
},
"device":{
"platform":"ios",
"udid":"71B18699-E1A3-13B6-F8C3-BDBF01AC1FFC-B4B3475569E9-6B6A-A27E-56D1-B73E0ED4"
}
}
Quickblox returns a token 153323 so I assume everything is ok
Now create subscription
POST
{
"notification_channels":"apns"
}
Quickblox returns the following
[
{
"subscription":{
"device":{
"udid":"71B18699-E1A3-13B6-F8C3-BDBF01AC1FFC-B4B3475569E9-6B6A-A27E-56D1-B73E0ED4",
"platform":{
"name":"ios"
}
},
"id":167704,
"notification_channel":{
"name":"apns"
}
}
}
]
UDid matches udid I passed from login. Everything looks good
Now I go to Admin panel and try to send Message. Admin panel says:
Notification has been successfully added to queue
If I go to queue, message shows as 'sent' but I never receive the notification in my device.
Any help would be greatly appreciated
your code looks good,
some comments:
1) you dont need to pass
"device":{
"platform":"ios",
"udid":"71B18699-E1A3-13B6-F8C3-BDBF01AC1FFC-B4B3475569E9-6B6A-A27E-56D1-B73E0ED4"
},
params to session, because you are passing them while creating push token
2) udid - it's just to separate users devices, because user can has more than 1 device. So you can pass any value to 'udid' which uniquely identify user's particular device
3) if you have sent message from admin panel - it means i think everything is OK on client side. So just check your APNS certificates, reupload them.
I'm trying to upload images generated in my Flash application to an album on Facebook. This was working earlier in the year, but revisiting the code I now get the following OAuthException:
(#324) Requires upload file
I am using the most recent version of the ActionSccript Facebook API. The setup works like this:
First I do the authentication check with PHP to ensure users have granted permission before having to wait for the Flash to load. I'm requesting the publish_stream and user_photos permissions. The access token comes back correctly.
Once the user is authenticated the Flash is loaded and performs its own initialisation, passing fileUpload=true as part of the init object:
var initObject:Object = {
channelUrl : "myChannelURL.html",
fileUpload : true
}
Facebook.init(
'myAppID',
myCallbackFunction,
initObject,
myAccessToken
);
This seems to work as expected, the callback receives the uid of the current user.
At the end of my application I POST a Bitmap object to a predetermined album:
Facebook.api(
albumID+"/photos",
onImagePost,
{
message:"",
image:new Bitmap(myBitmapData),
fileName:''
},
URLRequestMethod.POST
);
At this point Facebook returns a 400 response:
"error": {
"message": "(#324) Requires upload file",
"type": "OAuthException"
}
What more do I need to do to ensure that this permission is being included?
It turns out that this was not a permissions error at all. Since I last deployed this code Facebook have tightened up their restrictions a bit, and the fileName parameter passed as part of the api call can no longer be an empty string. Simply passing any old text as a file name fixes the problem.
Facebook.api(
albumID+"/photos",
onImagePost,
{
message:"",
image:new Bitmap(myBitmapData),
fileName:'FILE' // required to be non-empty
},
URLRequestMethod.POST
);
Im not sure if this is a solution that can be translated into the Actionscript SDK... But, with the PHP SDK there is a method inside the facebook SDK that is called setFileUploadSupport - try looking in the code for a place to set that parameter to true.