I receive an HTTP 400 error using convenience operations on Orion:
Request:
GET /v1/contextEntities/mydevice
HTTP/1.1 Host: XXX.XXX.XXX.XXX:1026
Content-Type: application/json
Accept: application/json
Fiware-Service: myfiwareservice
Fiware-ServicePath: /
X-Auth-Token:XXXXXXXXXXX
Response:
{
"orionError": {
"code": "400",
"reasonPhrase": "Bad Request",
"details": "Sorry, no request treating object found for RequestType /IndividualContextEntity/"
}
}
I've verified that my entity exists using the regular NGSI10 operation, that works fine.
The problem arises when the Context Broker is protected with a PEP proxy and it receives a request that:
Has the header 'Content-type: application/json'
Doesn't have any body
In this case, due to some libraries used, the PEP Proxy forwards the request adding an empty JSON body, that arrives to the Context Broker, causing the error you mentioned.
The solution in this case is to remove the 'Content-type: application/json' header from the requests that do not have any body (typically GET requests).
EDIT: In the above answer we refer to Steelskin PEP implementation. Other PEP implementations could behave differently.
Related
I am trying to dispatch webhook create endpoint and getting 403 Forbidden response code with no error information in body. My request looks like:
POST /v2/apps/618ce23498488b00e1582723/integrations/618ce235a6ccf400e1a4b992/webhooks HTTP/1.1
Host: api.smooch.io
Content-Type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6ImFwcF82MThjZTIzNGZiYTk5MDAwZTFiZDgyYWMifQ.eyJzY29wZSI6ImFwcCJ9.hXigeREGoUQ8YtM_gPUXfgWEGumbnlbBNLk_*******
Content-Length: 120
{
"target": "https://example.com/inbound-smooch-request",
"triggers": [
"conversation:message"
]
}
Response I am getting:
{"errors":[{"code":"forbidden","title":"Forbidden"}]}
That's how I generate Bearer token:
$signer = new Sha256();
$a = (new Builder())
->withHeader('alg', 'HS256')
->withHeader('typ', 'JWT')
->withHeader('kid', 'app_618ce234fba99000e1bd8***')
->withClaim('scope', 'app')
->getToken($signer, new Key('4K5KoVqLixLOUrkJSebr4rFsvZAu66d2WD8WEhXDgAZnJaltEpnHWpF_PUwQUGuNlFnBXvr8mtGsvNKj******'));
echo $a . PHP_EOL;
die();
Webhook api documentation: https://docs.smooch.io/rest/#operation/createWebhook
There is a bearerAuth (integration, app) explanation but there is no information what does this means. Documentation says that there are only two scopes: account and app. So what is this?
Other endpoints work normally (app create, app keys create, integration create)
Tried Basic auth also but it did not help.
The *Webhook endpoints are used (in v2) to create/update/remove webhooks from an existing customIntegration (integration with type: custom).
This endpoint will allow you to create a new integration, and when you set type: custom, it will also accept a webhooks list: https://docs.smooch.io/rest/#operation/createIntegration
I'm using a URL query string to debug my viewer-request and viewer-response lambda#edge functions by returning the event as JSON to the frontend (FYI so I can check for the presence/absence of certain things via an external monitoring tool).
This works fine with the viewer-request: if I go to https://example.org/?debug_viewer_request_event I get a JSON of the viewer-request event:
import json
def lambda_handler(event, context):
request = event["Records"][0]["cf"]["request"]
if "debug_viewer_request_event" in request["querystring"]:
response = {
"status": "200",
"statusDescription": "OK",
"headers": {
"cache-control": [
{
"key": "Cache-Control",
"value": "no-cache"
}
],
"content-type": [
{
"key": "Content-Type",
"value": "application/json"
}
]
},
"body": json.dumps(event)
}
return response
# rest of viewer-request logic...
Testing with cURL:
curl -i https://example.org/?debug_viewer_request_event
HTTP/2 200
content-type: application/json
content-length: 854
server: CloudFront
date: Mon, 26 Apr 2021 06:05:28 GMT
cache-control: no-cache
x-cache: LambdaGeneratedResponse from cloudfront
via: 1.1 xxxxxxxxxxx.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS50-C1
x-amz-cf-id: pU0ItvQA1-r5v3yR1Dl6Z3VpPW_EuuUCHhnOD60uLhng...
{"Records": [{"cf": {"config": {"distributionDomainName": "xxxxxxx.cloudfront.net", "distributionId": "xxxxxxx", "eventType": "viewer-request", "requestId": "pU0ItvQA1-r5v3yR1Dl6Z3VpPW_EuuUCHhnOD60uLhng...
However when I do the same with the viewer-response I get a 502 error:
the code is the same except debug_viewer_request_event is debug_viewer_response_event
if I don't include the debug query string, the response is 200 OK so I know overall both lambdas are working properly (with the exception of the debug for the viewer-response)
Here is the cURL output:
curl -i https://example.org/?debug_viewer_response_event
HTTP/2 502
content-type: text/html
content-length: 1013
server: CloudFront
date: Mon, 26 Apr 2021 06:07:39 GMT
x-cache: LambdaValidationError from cloudfront
via: 1.1 xxxxxxxxx.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS50-C1
x-amz-cf-id: NqXQ-FFEsIX-fEt8IvlHFTYoQdrZSGPScq1H-KNwVWR0-xxxxxx
The Lambda function result failed validation: The function tried to add, delete, or change a read-only header
If I look at the docs, the list of "Read-only Headers for CloudFront Viewer Response Events" is:
Content-Encoding
Content-Length
Transfer-Encoding
Warning
Via
As far as I can see I'm not directly changing any of these headers, but I'm guessing because I'm modifying the response, headers such as Content-Length are modified
Q: Is there a way to return the viewer-response event as JSON to the frontend for debugging or is it simply not possible due to not being able to change Content-Length?
As far as I can see I'm not directly changing any of these headers,
but I'm guessing because I'm modifying the response, headers such as
Content-Length are modified
I agree, I think your issue is that you are returning the response instead of calling
callback(null, response);
where callback should be the third argument to your lambda handler func:
def lambda_handler(event, context, callback):
Since content-length is not mutable, we should assume (and I checked this is true in practice at least for viewer request functions), cloudfront will generate it for you when you generate a response in the edge function.
quite new to testing, but currently Im testing rest services...
Really like SoapUI (did some soap testing in the past), but I have problem with testing one service - it is service for creating an event - have tried it in postman(working) and in soapui(not working).
When I try to run it in SoapUI Im getting error:
Object reference not set to an instance of an object.
Here is code from postman request (getting status: 200 OK):
POST /Event.Api/v1/events HTTP/1.1
Host: 172.26.2.66
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJCT0hVU0xBViIsImZhbWlseV9uYW1lIjoiRE9LT1VQSUwiLCJQT0lEIjoiOGYyMTdiZWItZmQ3My00OThjLWFhZjktOWY0ZTk0YmRhMjIzIiwiZXhwIjoxNTE1MTUzNTg0fQ.2uB_pPXyl3wSAqonaDb5pLAwDb-BujMIU6Rdeg_73Jw
Cache-Control: no-cache
Postman-Token: 1d92a58e-c4de-f790-caca-fd983392a17e
{
"name": "Michalova událost",
"place": "AC",
"start": "2018-01-05T15:00:39.164Z",
"end": "2018-01-05T16:00:39.164Z",
"wholeDay": true,
"repeating": "NEOPAKUJE_SE",
"description": "Popis michalovy události"
}
edit: screen of soapUI request added
and here is request code from soapUI, dont undestand why, but there is not the json content I added in the post window
POST http://172.26.2.66/Event.Api/v1/events HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJCT0hVU0xBViIsImZhbWlseV9uYW1lIjoiRE9LT1VQSUwiLCJQT0lEIjoiZWJhMWVmNjMtNWUzNS00YTU3LTljNWMtNDY3ZmJhZmI5YTIyIiwiZXhwIjoxNTE1MTU4MTI3fQ.s5dNZxV6NME1G8rbYrsuv8sb1nMiB8z1GSVGHe3auVA
Content-Length: 220
Host: 172.26.2.66
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
and here is raw response from soapUI:
HTTP/1.1 500 Internal Server Error
Transfer-Encoding: chunked
Server: Kestrel
X-Powered-By: ASP.NET
Date: Fri, 05 Jan 2018 11:17:25 GMT
{
"errors": [
{
"code": "COMMON_ERROR",
"description": "Object reference not set to an instance of an object."
}
]
}
Anyone can help? Thanks for your replys.
P.S:think it is something with that json content, cause when Im testing get methods, everything is fine and Im getting expected results even in the soapUI
MJ
I was writing a piece of simple Java code that calls a REST API to mimic the same I did with curl. The curl command sends a POST request to a login end-point:
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"username": "MicroStrategy",
"password": "MyPassword",
"loginMode": 1
}' 'https://env-792.customer.cloud.microstrategy.com/MicroStrategyLibrary/api/auth/login'
When this succeeds, you get back a 204 HTTP response code and a token as an HTTP Header.
Now, with the following code, I did not get the same result and instead got a HTTP 200 and no token and no body.
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"username\": \"MicroStrategy\", \"password\": \"MyPassword\", \"loginMode\": 1}");
Request urlrequest = new Request.Builder()
.url("https://env-792.customer.cloud.microstrategy.com/MicroStrategyLibrary/api/auth/login")
.addHeader("accept", "application/json")
.post(body)
.build();
OkHttpClient client = new OkHttpClient();
Response urlresponse = client.newCall(urlrequest).execute();
In the process of trying to understand what I was doing wrong, I ran the request through a reverse proxy (I used "Charles") and realized that the content-type set by okhttp3 was including the charset for application/json:
POST /MicroStrategyLibrary/api/auth/login HTTP/1.1
accept: application/json
Content-Type: application/json; charset=utf-8
Content-Length: 63
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.8.0
Host: env-792.customer.cloud.microstrategy.com
{"username": "MicroStrategy", "password": "MyPassword", "loginMode": 1}
I verified that the matching curl statement also fails
curl -X POST --header 'Content-Type: application/json; charset=utf-8' --header 'Accept: application/json' -d '{
"username": "MicroStrategy",
"password": "MyPassword",
"loginMode": 1
}' 'https://env-792.customer.cloud.microstrategy.com/MicroStrategyLibrary/api/auth/login'
Is this a known issue? (it is my understanding that the RFC for content type only allows charset for the text/* content-types; but I'm no expert in that area!)
What can I do to overwrite the Content-Type to remove the charset part?
You are passing your JSON data to RequestBody.create() using a Java String. Per the OkHttp documentation:
public static RequestBody create(#Nullable
MediaType contentType,
String content)
Returns a new request body that transmits content. If contentType is non-null and lacks a charset, this will use UTF-8.
So, the method you are using intentionally forces UTF-8, so it is likely adding the charset attribute to match.
Try using one of the other create() methods that takes a byte[] or okio.ByteString as input instead of a Java String. They are not documented as forcing UTF-8, since they are taking raw bytes as input, so it is the caller's responsibility to specify a charset only if one is actually needed:
RequestBody body = RequestBody.create(mediaType, "{\"username\": \"MicroStrategy\", \"password\": \"MyPassword\", \"loginMode\": 1}".getBytes(StandardCharsets.UTF_8));
RequestBody body = RequestBody.create(mediaType, okio.ByteString.encodeUtf8("{\"username\": \"MicroStrategy\", \"password\": \"MyPassword\", \"loginMode\": 1}"));
I'm getting 403 watchDenied errors when I try to make File Watch requests in a Batch Request. Sending them normally is fine. I'm presuming that batching of File Watch requests is permitted?
Additional info: If I set an incorrect Address, I get the usually unpermitted webhook address error, and if I set a dummy file ID I get a 404, so it doesn't feel like the request I'm making is incorrect.
Example code (using the C# client library):
var request = new BatchRequest(service);
request.Queue<Channel>(service.Files.Watch(
new Channel
{
Id = [Guid being used],
Type = "web_hook",
Address = [notification endpoint],
Token = [token being used],
Expiration = DateTime.Now.AddHours(1).ToUnixTimeMilliseconds()
}, fileId)
, (content, error, i, message) =>
{
}
);
await request.ExecuteAsync();
API Request
Headers:
POST: https://www.googleapis.com/batch
User-Agent: OverDRIVE google-api-dotnet-client/1.16.0.0 (gzip)
Authorization: Bearer [token]
Content-Type: multipart/mixed; boundary="8d7a0653-4d9b-4c09-b701-9794341f882d"
Host: www.googleapis.com
Content-Length: 988
Accept-Encoding: gzip, deflate
Body:
--8d7a0653-4d9b-4c09-b701-9794341f882d
Content-Type: application/http
POST https://www.googleapis.com/drive/v2/files/[fileId]/watch
Content-Type: application/json; charset=utf-8
Content-Length: 241
{"address":"[notification endpoint]","expiration":1474036096103,"id":"938bd983-b071-4e63-8535-f20d7f39e248","token":"[token being used]","type":"web_hook"}
--8d7a0653-4d9b-4c09-b701-9794341f882d
Content-Type: application/http
POST https://www.googleapis.com/drive/v2/files/[fileId]/watch
Content-Type: application/json; charset=utf-8
Content-Length: 241
{"address":"[notification endpoint]","expiration":1474036096105,"id":"79303874-5f6c-49aa-a601-93950895ac0f","token":"[token being used]","type":"web_hook"}
--8d7a0653-4d9b-4c09-b701-9794341f882d--
Error example
{
"error": {
"errors": [
{
"domain": "push",
"reason": "watchDenied",
"message": "Watch request denied by backend"
}
],
"code": 403,
"message": "Watch request denied by backend"
}
}
Had an update from the developer support team for a ticket I submitted to them.
Unfortunately watch requests are known to largely incompatible with
Drive batch requests. Our Drive team recommended to make watch
requests separate from other requests.