cannot login using curl or XMLHttpRequest

[Kyaw Tun]

Hi!

Sorry, I am new to basic authentication. I am not able to login using curl or XMLHttpRequest.

I CORS login request, i receive 401 for wrong password. For correct password, not reply with error with 'Origin not allow'

curl -D - http://***:kyawtun%40yath...@beta.checkvist.com/auth/login.json

HTTP/1.1 401 Unauthorized

Server: nginx/1.2.3

Date: Fri, 07 Jun 2013 12:41:46 GMT

Content-Type: application/json; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Status: 401 Unauthorized

WWW-Authenticate: Basic realm="Application"

X-UA-Compatible: IE=Edge,chrome=1

Cache-Control: no-cache, private

Set-Cookie: _checkvist_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRkkiJTUwYzllMTcxZDgzOGNjOGVmZjM3OWZkNGIxY2Y4NzcyBjsAVA%3D%3D--35e689deae3b56bfae55c3f422ed7f5a7bbeae4a; path=/; HttpOnly

X-Request-Id: 959bf5c1e1bda2fb6ceb5bb58fe21155

X-Runtime: 0.005813

X-Rack-Cache: miss

HTTP Basic: Access denied.

Did I miss anything?

Best,

Kyaw

[KIR]

Hello,

  The following code should work for the login to beta.checkvist.com (jQuery):

            $.ajax({

                type: "POST",

                url: "https:" + app.config.api_url + "/auth/login.json",

                data: {username: username, remote_key: password}

            })  

           .done(function (auth_token) {

               // process auth_token

           });

  Hope, this helps.

  Regards,

  KIR

--
You received this message because you are subscribed to the Google Groups "checkvist-api" group.
To unsubscribe from this group and stop receiving emails from it, send an email to checkvist-ap...@googlegroups.com.
To post to this group, send email to checkv...@googlegroups.com.
Visit this group at http://groups.google.com/group/checkvist-api?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--
Kirill (KIR) Maximov
Software Engineer & Starter

Twitter:       http://twitter.com/maxkir
Google+      http://gplus.to/maxkir
Skype:        maxkir
http://kirblog.idetalk.com | http://checkvist.com | http://www.jetbrains.com/teamcity

[Kyaw Tun]

Hi!

Thanks. Login request works.

But resource request do not. I do replace password with remote_key. It has following error. 

1. GET https://beta.checkvist.com/checklists.json?username=kyawtun%40yathit.com&remote_key=OalQEp7zJfbs 401 (Unauthorized) checkvist.js:126

1. XMLHttpRequest cannot load https://beta.checkvist.com/checklists.json?username=kyawtun%40yathit.com&remote_key=OalQEp7zJfbs. Origin http://dev.yathit.com is not allowed by Access-Control-Allow-Origin.

When I enter the GET url on the browser, it return the result. Obviously server expect cookie, but cookie is not set for CORS request by default. So i set withCredentials to true. But it results another error, as follow:

MLHttpRequest cannot load https://beta.checkvist.com/auth/login.json?username=kyawtun%40yathit.com&remote_key=gizmos. Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.

Indeed, server set 

1. Access-Control-Allow-Origin:
   *

  

Server must set exact value of access-control-allow-origin as the request origin header.  

Best wishes,

Kyaw

On Saturday, June 8, 2013 7:28:34 PM UTC+8, KIR wrote:

Hello,

  The following code should work for the login to beta.checkvist.com (jQuery):

            $.ajax({

                type: "POST",

                url: "https:" + app.config.api_url + "/auth/login.json",

                data: {username: username, remote_key: password}

            })  

           .done(function (auth_token) {

               // process auth_token

           });

  Hope, this helps.

  Regards,

  KIR

On 7 June 2013 14:47, Kyaw Tun <kya...@yathit.com> wrote:

Hi!

Sorry, I am new to basic authentication. I am not able to login using curl or XMLHttpRequest.

I CORS login request, i receive 401 for wrong password. For correct password, not reply with error with 'Origin not allow'

curl -D - http://***:kyawtun%40yathit.c...@beta.checkvist.com/auth/login.json

[Kyaw Tun]

BTW, you can try out my app here http://localhost/ydn-dev/public/demo/checkvist/checkvist-sync.html

[Kyaw Tun]

should be http://dev.yathit.com/demo/checkvist/checkvist-sync.html# 

[KIR]

Hello Kyaw,

   Instead of using remote_key parameter one should use 'token'.

   I think that if you make this change, it will work :)

   At least it works for me :)

  Regards,

  KIR

--
You received this message because you are subscribed to the Google Groups "checkvist-api" group.
To unsubscribe from this group and stop receiving emails from it, send an email to checkvist-ap...@googlegroups.com.
To post to this group, send email to checkv...@googlegroups.com.
Visit this group at http://groups.google.com/group/checkvist-api?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Kyaw Tun]

Hi!

Oh yes, it works for me too now :-)

Now the app caches checklists data to client database and works offline.

There are several problems though. First, conditional request needs etag header for each resource (checklist). And expires header for cache invalidation. last-modifed header for conflict resolution. Non of these three header are exposed to CROS request respond header.

Second, all these three meta data are to be send in checklists collection request. Current api, however, return full objects, which is not optimal. The app will request full object after observing these meta data.

Third, cache invalidation required checklists collection query request based on last modified date. Please gdata api for more detail.

Best wishes,

Kyaw

[KIR]

Hello Kyaw,

  Thanks a lot for your suggestions! Some of them are sitting in my todo-list for quite some time, but I haven't implemented them yet. 

  BTW, the last modification date of the list is returned as 'updated_at' field of the list (and it is available for collection query as well).

  I've had some debugging issues with Ydn-DB and decided to try a simpler solution so far, where I can easily modify source code of used libraries. My attempts to build own version of ydn-db with latest closure compiler failed, and I gave up.

  So right now I'm developing an offline Checkvist app using CanJS and db.js+IndexedDBShim. 

  Thanks again for all your help,

  KIR

  

[Kyaw]

Hi Kirill,

Welcome!

Compilation can be difficult. My suggestion is to start with pre-compiled js file. Debugging is even easier in my library due to fine grain logging facility. Just add ydn.debug.log('ydn.db', 'finest');  Source map are available right away as well. The library is well tested and used in many large projects, so you don't have to worry about common issue.

Yes, there is updated_at in collection uri request, but it is also required (in my implementation) in object uri request. 

Best wishes,

Kyaw

[KIR]

Hello Kyaw,

   So far I use rather simple storage functions of IndexedDB, so I probably don't need the full power of your library. 

   May be a bit later, I consider to switch back :)

  

   Thanks again!

   KIR

[Kyaw]

I could not understand the app works on Chrome few days back, but now not working. It still work in Firefox and Safari.

[KIR]

Hello Kyaw,

   Sorry for a delay with answer.

   I've made an update of the http://beta.checkvist.com site recently, but my own code works without any issues with it. 

   Both login and getting lists call work as expected. I do the XHR calls with jQuery/ajax.

   Could it be some issue of updated Chrome?

   Regards,

   KIR

--
You received this message because you are subscribed to the Google Groups "checkvist-api" group.
To unsubscribe from this group and stop receiving emails from it, send an email to checkvist-ap...@googlegroups.com.
To post to this group, send email to checkv...@googlegroups.com.
Visit this group at http://groups.google.com/group/checkvist-api?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Kyaw]

On Thursday, June 13, 2013 2:38:51 PM UTC+8, KIR wrote:

Hello Kyaw,

   Sorry for a delay with answer.

   I've made an update of the http://beta.checkvist.com site recently, but my own code works without any issues with it. 

   Both login and getting lists call work as expected. I do the XHR calls with jQuery/ajax.

Does your app hosted in cross domain or /beta.checkvist.com  itself? Is it working in Chrome?

[KIR]

   I've made an update of the http://beta.checkvist.com site recently, but my own code works without any issues with it. 

   Both login and getting lists call work as expected. I do the XHR calls with jQuery/ajax.

Does your app hosted in cross domain or /beta.checkvist.com  itself? Is it working in Chrome?

   This app is works from the nginx of my development machine, macbook pro. In Chrome (Canary and Beta channels).

  

   Regards,

   KIR

[Kyaw]

Hi!

Finally, I figure out the problem is from my side. Now chrome require NETWORK: section in appcache minifast. Previously it is optional. All missing request are assume network. 

So, working now.

Thanks,

Kyaw