I have an API for logging in my AngularJS app. It just posts to a login URL and then gets a session object back if it went well. If it goes wrong however, what would be the right HTTP code to answer?
401: Unauthorized. Well not really. The user is authorized to try and login, it's just that the credentials were wrong.
400: Bad Request. Well not really. I understood the request, it's just that the credentials didn't match up.
If you think 401 would be best, that runs into another problem: I have an interceptor to catch 401s and show the login modal as a result. The idea is that a 401 will only happen when a session has expired (or something about the user changed), and the user should re-authenticate.
What would be the best solution?
The API should return 400: Bad Request only when the data is truly in bad form.
I'd return 422: Unprocessable Entity
Here are two articles:
http://www.restpatterns.org/HTTP_Status_Codes/422_-_Unprocessable_Entity
http://www.bennadel.com/blog/2434-http-status-codes-for-invalid-data-400-vs-422.htm
Related
I want to check if the backend is returning a error code `ERR_USER_NOT_AUTHORIZED' whenever any fetch request is sent, and logout the user from frontend if this occurs.
Basically I want to redirect user to login whenever the token is incorrect, expired, etc. One method is polling, I poll the server every x seconds and validate, but the time between polls is vulnerable and the user may see lots of errors.
P.S. I'm a newbie to React, I work mostly on Django, what I would prefer is something like #login_required decorator in Django.
You can handle this in two ways:
Every fetch would attach the authentication token in the fetch's header, and the backend would check if the token is valid. If not, the backend would send a 301 Redirect response to your fetch pointing to your login page
You can handle this in the frontend by wrapping all your fetch request routes in a method that, if the fetch fails with Unauthorised, would redirect the page to login
You can check the response.status on the back-end. It usually returns 401: not authorised.
I call a dahua API for preset response in angular js but it gives me a 401 Unauthorised error.
My code is below :
var streamurl='http://admin:123456#192.168.1.202/cgi-bin/ptz.cgi?action=start&channel=0&code=PositionABS&arg1=180&arg2=190&arg3=10';
$http.get(streamurl, { withCredentials: true })
.then(function(response2) {
console.log(response2.data);
});
I could be wrong but I think you are getting login screen with that request. I've read through documentation and I have found your way of authentication only working on rtsp:// protocol, and for http I believe you should modify headers, and encode your username/pasword to base64, here's documentation:
ftp://ftp.wintel.fi/drivers/dahua/SDK-HTTP_ohjelmointi/DAHUA_IPC_HTTP_API_V1.00x.pdf
Also you should probably use this since you are using AngularJS/NodeJS, it will make your life easier - or check how this guy did his authentication and "borrow" from him:
https://github.com/nayrnet/node-dahua-api
How to Fix the 401 Unauthorized Error
Check for errors in the URL. It's possible that the 401 Unauthorized error appeared because the URL was typed incorrectly or the link that was clicked on points to the wrong URL - one that is for authorized users only.
If you're sure the URL is valid, visit the website's main page and look for a link that says Login or Secure Access. Enter your credentials here and then try the page again. If you don't have credentials, follow the instructions provided on the website for setting up an account.
If you're sure the page you're trying to reach shouldn't need authorization, the 401 Unauthorized error message may be a mistake. At that point, it's probably best to contact the webmaster or other website contact and inform them of the problem.
The 401 Unauthorized error can also appear immediately after login, which is an indication that the website received your username and password but found something about them to be invalid (e.g. your password is incorrect). Follow whatever process is in place at the website to regain access to their system.
From https://www.lifewire.com/401-unauthorized-error-what-it-is-and-how-to-fix-it-2622934
So what is going on is I have integrated the PayU payment gateway in my angular app. It has a success and failure url to which it gets redirected to according to the payment response. Now those urls are client's url where the client receives the response from PayU after payment success/failure. It is sent as a POST with few query parameters that are to be parsed.
Now the problem is that since the request is a POST request on a localhost url(with the same port on which I am already running the app), the console says that 'Method is not Allowed'.
The success url is http://localhost:8005/#!/payment/success
My app is running on http://localhost:8005 (which is the same).
Now I tried to define the url in app.js so as to receive the response as follows -
.state('successScreen',{
url:'/payment/success/',
templateUrl:'partials/successScreen.html',
controller:'paySCtrl'
});
but it doesn't work.
when I am redirected to the url(http://localhost:8005/#!/payment/success) after payment, I am getting that 'Method Not Allowed' error.
The same url is working with GET request though but it cannot be a GET request as it is a response from third party so cannot change it from POST to GET.
So can anyone please help me with how can I overcome this thing or a work around maybe?
I am using REST API get information from Salesforce to my PHP page. After a long time don't use on PHP page I take a error message "failed with status 401, response [{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}], curl_error , curl_errno 0". Please help me how to recall Authentication on php to avoid session timeout? I want my Page is always connection to Salesforce. please tell me other suggestions to resolve it.
The session ID or OAuth token used has expired or is invalid. The response body contains the message and errorCode. - http://www.salesforce.com/us/developer/docs/api_rest/Content/errorcodes.htm
Just catch that 401 error and reauthenticate.
Or use the refreshToken when using Oauth. As documented here: http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com
When I test submitting my form (by the post method) with a logged in user, it sends data correctly, but when I am not logged in, it redirects to the login page.
But this if statement in beforeRender() of app_controller.php returns false:
if ($this->RequestHandler->isPost())
In fact, $this->data is empty. Where is the problem?
Yes, indeed. POST data cannot be retained through a redirect. The HTTP protocol simply doesn't allow for it* and CakePHP doesn't do anything to work around this limitation. The browser sends a POST request to the server, the server responds with a 302 Found redirect with a Location header, the browser issues a GET request to the given Location. The browser does not send the POST data again.
See Stack Overflow question Post data again after authorization for a manual workaround.
* HTTP allows it using a 307 Temporary Redirect, but no browser seems to implement this correctly.