Posting an XML document to a protected API

********************************************************************
server_addr = "http://#{API_KEY}@#{BACKEND_HOST_AND_PORT}"
api_path =
"#{BACKEND_HOST_PATH}/users/#{session[:user_id]}/contact_groups.xml?session_key=#{session[:session_key]}"

url = URI.parse(server_addr + api_path)
request =
Net::HTTP::Post.new(url.path+"?session_key=#{session[:session_key]}")

request.body = "<?xml version='1.0'
encoding='UTF-8'><contact_groups>SOME NESTED DATA GOES
HERE</contact_groups>"
response = Net::HTTP.start(url.host, url.port) {|http|
http.request(request)}
********************************************************************

When using the exact same code as above, the Backend responds back with
a HTTP 401 - !ruby/object:Net::HTTPUnauthorized error code.

And if I change the last line to include the API KEY as shown below:

response = Net::HTTP.start(url.user + "@" + url.host, url.port) {|http|
http.request(request)}

Ruby gives a"getaddrinfo: nodename nor servname provided, or not known"
error.

What is the right way to make this post to the Backend. Any response in
this regard will be greatly appreciated.

Thanks,
--
Posted via http://www.ruby-forum.com/.

--
Posted via http://www.ruby-forum.com/.

On Jul 27, 8:17 pm, Maruthy Mentireddi <maruthymuk...@gmail.com> wrote:

I am working on the FrontEnd of a website and need to make a RESTful
HTTP POST to a Backend system which checks for the presence of an API
KEY and a SESSSION KEY in the request URL as part of the security model.

Eg: To make a HTTP POST request, the URL should be of the format:
http://#{API_KEY}@#{BACKEND_HOST}:#{BACKEND_PORT}/#{PATH_TO_RESOURCE}?session_key=#{SESSION_KEY}

Now the problem I am facing is how do I specify the API_KEY in the URL
using the following code:

********************************************************************
server_addr = "http://#{API_KEY}@#{BACKEND_HOST_AND_PORT}"
api_path =
"#{BACKEND_HOST_PATH}/users/#{session[:user_id]}/contact_groups.xml?session_key=#{session[:session_key]}"

url = URI.parse(server_addr + api_path)
request =
Net::HTTP::Post.new(url.path+"?session_key=#{session[:session_key]}")

request.body = "<?xml version='1.0'
encoding='UTF-8'><contact_groups>SOME NESTED DATA GOES
HERE</contact_groups>"
response = Net::HTTP.start(url.host, url.port) {|http|
http.request(request)}
********************************************************************

When using the exact same code as above, the Backend responds back with
a HTTP 401 - !ruby/object:Net::HTTPUnauthorized error code.

And if I change the last line to include the API KEY as shown below:

response = Net::HTTP.start(url.user + "@" + url.host, url.port) {|http|
http.request(request)}

Ruby gives a"getaddrinfo: nodename nor servname provided, or not known"
error.

What is the right way to make this post to the Backend. Any response in
this regard will be greatly appreciated.

Thanks,
--
Posted viahttp://www.ruby-forum.com/.

-------------------------------------------------------
Net::HTTP::start
     Net::HTTP::start(address, port = nil, p_addr = nil, p_port = nil,
     p_user = nil, p_pass = nil) {|+http+| ...}
------------------------------------------------------------------------
     creates a new Net::HTTP object and opens its TCP connection and
     HTTP session. If the optional block is given, the newly created
     Net::HTTP object is passed to it and closed when the block
     finishes. In this case, the return value of this method is the
     return value of the block. If no block is given, the return value
     of this method is the newly created Net::HTTP object itself, and
     the caller is responsible for closing it upon completion.

so instead of loading the apikey and port and all into a single
string, have you tried using the parameters to the Net::HTTP.start
method as such?

Eitherway, you might just be better of using curb for anything HTTP
related.

The first thing I would do is try to get a response from the server
without all the variables in your request string. To begin with, you
need a valid API key and a valid session key. Then you can try
something like this:

require 'net/http'

Net::HTTP.start("1234@host.com:1200) do |http|
  req =
Net::HTTP::Post.new("/users/John/contact_groups.xml?session_key=123456789")

  resp = http.request(req).body
  puts resp
end

--
Posted via http://www.ruby-forum.com/\.

--
Posted via http://www.ruby-forum.com/\.

On Jul 27, 8:17�pm, Maruthy Mentireddi <maruthymuk...@gmail.com> > wrote:

********************************************************************
HERE</contact_groups>"
http.request(request)}

Ruby gives a"getaddrinfo: nodename nor servname provided, or not known"
error.

What is the right way to make this post to the Backend. Any response in
this regard will be greatly appreciated.

Thanks,
--
Posted viahttp://www.ruby-forum.com/.

Since there doesn't seem to be alot of ri documentation about
Net::HTTP::Post and I'm too lazy to look at the source,
Net::HTTP.start looks like its invoked like this:

-------------------------------------------------------
Net::HTTP::start
     Net::HTTP::start(address, port = nil, p_addr = nil, p_port = nil,
     p_user = nil, p_pass = nil) {|+http+| ...}
------------------------------------------------------------------------
     creates a new Net::HTTP object and opens its TCP connection and
     HTTP session. If the optional block is given, the newly created
     Net::HTTP object is passed to it and closed when the block
     finishes. In this case, the return value of this method is the
     return value of the block. If no block is given, the return value
     of this method is the newly created Net::HTTP object itself, and
     the caller is responsible for closing it upon completion.

so instead of loading the apikey and port and all into a single
string, have you tried using the parameters to the Net::HTTP.start
method as such?

Eitherway, you might just be better of using curb for anything HTTP
related.

--
Posted via http://www.ruby-forum.com/\.

----
Restrictions on valid host names

Hostnames are composed of series of labels concatenated with dots, as
are all domain names[1]. For example, "en.wikipedia.org" is a hostname.
Each label must be between 1 and 63 characters long, and the entire
hostname has a maximum of 255 characters.

RFCs mandate that a hostname's labels may contain only the ASCII letters
'a' through 'z' (case-insensitive), the digits '0' through '9', and the
hyphen. Hostname labels cannot begin or end with a hyphen. No other
symbols, punctuation characters, or blank spaces are permitted.
------
--
Posted via http://www.ruby-forum.com/\.

--
Posted via http://www.ruby-forum.com/\.

7stud -- wrote:

7stud -- wrote:

7stud -- wrote:

The first thing I would do is try to get a response from the server
without all the variables in your request string. To begin with, you
need a valid API key and a valid session key. Then you can try
something like this:

I lied. That's not the first thing I would try. The first thing I
would try is posting your url into your browser's address bar to see if
you get a response.

If that didn't work, then I would start looking for the specs on valid
host names.

----
Restrictions on valid host names

Hostnames are composed of series of labels concatenated with dots, as
are all domain names[1]. For example, "en.wikipedia.org" is a hostname.
Each label must be between 1 and 63 characters long, and the entire
hostname has a maximum of 255 characters.

RFCs mandate that a hostname's labels may contain only the ASCII letters
'a' through 'z' (case-insensitive), the digits '0' through '9', and the
hyphen. Hostname labels cannot begin or end with a hyphen. No other
symbols, punctuation characters, or blank spaces are permitted.
------

Then I would determine that this format is a mistake:

the URL should be of the format:

http://#{API_KEY}@#{BACKEND_HOST}:#{BACKEND_PORT}/#{PATH_TO_RESOURCE}?>session_key=#{SESSION_KEY}

and I would try the following instead:

http://#{BACKEND_HOST}:#{BACKEND_PORT}/#{API_KEY}@#{BACKEND_HOST}:#{BACKEND_PORT}#{PATH_TO_RESOURCE}?session_key=#{SESSION_KEY}

or some variation thereof.

--
Posted via http://www.ruby-forum.com/\.

-----------------
2.1. The main parts of URLs

   A full BNF description of the URL syntax is given in Section 5.

   In general, URLs are written as follows:

       <scheme>:<scheme-specific-part>

3. Specific Schemes

   The mapping for some existing standard and experimental protocols is
   outlined in the BNF syntax definition. Notes on particular protocols
   follow. The schemes covered are:

   ftp File Transfer protocol
   http Hypertext Transfer Protocol
   gopher The Gopher protocol
   mailto Electronic mail address
   news USENET news
   nntp USENET news using NNTP access
   telnet Reference to interactive sessions
   wais Wide Area Information Servers
   file Host-specific file names
   prospero Prospero Directory Service

   Other schemes may be specified by future specifications. Section 4 of
   this document describes how new schemes may be registered, and lists
   some scheme names that are under development.

3.1. Common Internet Scheme Syntax

   While the syntax for the rest of the URL may vary depending on the
   particular scheme selected, URL schemes that involve the direct use
   of an IP-based protocol to a specified host on the Internet use a
   common syntax for the scheme-specific data:

        //<user>:<password>@<host>:<port>/<url-path>

   Some or all of the parts "<user>:<password>@", ":<password>",
   ":<port>", and "/<url-path>" may be excluded. The scheme specific
   data start with a double slash "//" to indicate that it complies with
   the common Internet scheme syntax. The different components obey the
   following rules:

    user
        An optional user name. Some schemes (e.g., ftp) allow the
        specification of a user name.

    password
        An optional password. If present, it follows the user
        name separated from it by a colon.

   The user name (and password), if present, are followed by a
   commercial at-sign "@". Within the user and password field, any ":",
   "@", or "/" must be encoded.

Berners-Lee, Masinter & McCahill [Page 5]

RFC 1738 Uniform Resource Locators (URL) December 1994

   Note that an empty user name or password is different than no user
   name or password; there is no way to specify a password without
   specifying a user name. E.g., <URL:ftp://@host.com/> has an empty
   user name and no password, <URL:ftp://host.com/> has no user name,
   while <URL:ftp://foo:@host.com/> has a user name of "foo" and an
   empty password.

    host
        The fully qualified domain name of a network host, or its IP
        address as a set of four decimal digit groups separated by
        ".". Fully qualified domain names take the form as described
        in Section 3.5 of RFC 1034 [13] and Section 2.1 of RFC 1123
        [5]: a sequence of domain labels separated by ".", each domain
        label starting and ending with an alphanumerical character and
        possibly also containing "-" characters. The rightmost domain
        label will never start with a digit, though, which
        syntactically distinguishes all domain names from the IP
        addresses.

    port
        The port number to connect to. Most schemes designate
        protocols that have a default port number. Another port number
        may optionally be supplied, in decimal, separated from the
        host by a colon. If the port is omitted, the colon is as well.

    url-path
        The rest of the locator consists of data specific to the
        scheme, and is known as the "url-path". It supplies the
        details of how the specified resource can be accessed. Note
        that the "/" between the host (or port) and the url-path is
        NOT part of the url-path.

   The url-path syntax depends on the scheme being used, as does the
   manner in which it is interpreted.
---------------

Note the statement:

---
there is no way to specify a password without
   specifying a user name
----

which after comparing formats is what your url is doing.
--
Posted via http://www.ruby-forum.com/\.