Delphi 83 Posted July 2, 2014 Share Posted July 2, 2014 how does IHttpClient handle basic auth? Link to comment Share on other sites More sharing options...
Luke 37066 Posted July 2, 2014 Share Posted July 2, 2014 authentication to what? IHttpClient is what plugins use to send http requests to external services (e.g. the movie db). 1 Link to comment Share on other sites More sharing options...
Delphi 83 Posted July 2, 2014 Author Share Posted July 2, 2014 yup im trying to fix up snazy2000 initial commit of pushbullet which requires send the token as username with a blank password.. Link to comment Share on other sites More sharing options...
Luke 37066 Posted July 2, 2014 Share Posted July 2, 2014 you can set http request headers. it doesn't have any specific properties for auth attributes although it's possible some are needed. let me know if the request headers aren't enough. 1 Link to comment Share on other sites More sharing options...
Delphi 83 Posted July 2, 2014 Author Share Posted July 2, 2014 ok ill try it out and get back to you Link to comment Share on other sites More sharing options...
Delphi 83 Posted July 2, 2014 Author Share Posted July 2, 2014 "Sequence contains no matching element" ? on Save or Test any ideas? https://github.com/delphiactual/MediaBrowser.Plugins/tree/master/MediaBrowser.Plugins.PushBulletNotifications its probably something stupid I'm just not seeing it... Link to comment Share on other sites More sharing options...
Luke 37066 Posted July 2, 2014 Share Posted July 2, 2014 You're linking us to the repo. Not sure what we're supposed to be looking at. Probably best for you to work with Snazy. Link to comment Share on other sites More sharing options...
Delphi 83 Posted July 2, 2014 Author Share Posted July 2, 2014 (edited) @@snazy2000 can you take a look at this when you get a chance, when i press "save" or "test" i get the following error "Sequence contains no matching element" EDIT: @@Luke can you rename this thread to PushBullet Notifications or something similar... Edited July 2, 2014 by Delphi Link to comment Share on other sites More sharing options...
snazy2000 342 Posted July 2, 2014 Share Posted July 2, 2014 The plugin id needs changing on webpage I beleave. Reason I never finished was because you need to make a call to pushbullet asking for all devices then populate a drop down to choose from as the user doesn't know the device I'd Sent from my HTC One using Tapatalk 1 Link to comment Share on other sites More sharing options...
Delphi 83 Posted July 2, 2014 Author Share Posted July 2, 2014 @@snazy2000, thanks for the ideas, as far as the dropdown, for testing if DeviceId is blank it sends to all your devices... Link to comment Share on other sites More sharing options...
snazy2000 342 Posted July 2, 2014 Share Posted July 2, 2014 Oh ok indidnt realise that Sent from my HTC One using Tapatalk Link to comment Share on other sites More sharing options...
Delphi 83 Posted July 3, 2014 Author Share Posted July 3, 2014 @@Luke, @@snazy2000, The following snippet should create the basic auth header correctly and submit the request to pushbullet.com, I keep getting 401 UNAUTHORIZED... any ideas? var _httpRequest = new HttpRequestOptions(); //Create Basic HTTP Auth Header... string _auth = string.Format("{0}:{1}", options.Token, ""); string _enc = Convert.ToBase64String(System.Text.Encoding.ASCII.GetBytes(_auth)); string _cred = string.Format("{0} {1}", "Basic", _enc); _httpRequest.RequestHeaders["Authorization"] = _cred; _httpRequest.Url = "https://api.pushbullet.com/api/pushes"; _logger.Debug("PushBullet <TEST> to {0} - {1}", options.Token, _cred); return _httpClient.Post(_httpRequest, parameters); Link to comment Share on other sites More sharing options...
snazy2000 342 Posted July 3, 2014 Share Posted July 3, 2014 Do u need to base 64 the token Sent from my HTC One using Tapatalk Link to comment Share on other sites More sharing options...
speechles 1917 Posted July 3, 2014 Share Posted July 3, 2014 string _auth = string.Format("{0}:", options.Token); perhaps? You shouldn't need to add anything after the colon, then the base64 signed payload shouldn't throw 401s. Sent from my Nexus 7 using Tapatalk Link to comment Share on other sites More sharing options...
snazy2000 342 Posted July 3, 2014 Share Posted July 3, 2014 Just looked api you shouldn't bsse64 the token not sure why you doing that Sent from my Nexus 7 using Tapatalk 1 Link to comment Share on other sites More sharing options...
Sven 136 Posted July 3, 2014 Share Posted July 3, 2014 Check the RFC for that. http://www.ietf.org/rfc/rfc2617.txt No it's for the special chars. If you have special chars It could be "f word :)" up your header. That's why you need to base64 encode the access token. You don't need to, but to be sure. It's better. 1 Link to comment Share on other sites More sharing options...
speechles 1917 Posted July 3, 2014 Share Posted July 3, 2014 Now that I look closer.. What system encoding is used? Convert.ToBase64String(System.Text.Encoding.ASCII.GetBytes(_auth)); Why are you converting to ASCII? This breaks multibyte Unicode. Should it maybe be this: Convert.ToBase64String(_auth); That seems more likely than a null being appended to your _auth causing it. Sent from my Nexus 7 using Tapatalk Link to comment Share on other sites More sharing options...
snazy2000 342 Posted July 3, 2014 Share Posted July 3, 2014 Now that I look closer.. What system encoding is used? Convert.ToBase64String(System.Text.Encoding.ASCII.GetBytes(_auth)); Why are you converting to ASCII? This breaks multibyte Unicode. Should it maybe be this: Convert.ToBase64String(_auth); That seems more likely than a null being appended to your _auth causing it. Sent from my Nexus 7 using Tapatalk base64 is not needed...... the token is given by pushbullet like an api key. If its converted to base64 it will be wrong. Link to comment Share on other sites More sharing options...
speechles 1917 Posted July 3, 2014 Share Posted July 3, 2014 (edited) base64 is not needed...... the token is given by pushbullet like an api key. If its converted to base64 it will be wrong.Plaintext is even worse. I mean base64 at least requires some work. 5 seconds worth.. Haw..What prevents anybody from seeing those tokens when they digest and inspects packets on your network? Assuming wireless, and wireshark, for example. After they have this token can't they just attack with push floods? Why isn't this using oauth2 to avoid this? Insecurity in obscurity? Nobody would ever do that? I can, then others can just as easily. Sent from my Nexus 7 using Tapatalk Edited July 3, 2014 by speechles Link to comment Share on other sites More sharing options...
snazy2000 342 Posted July 3, 2014 Share Posted July 3, 2014 There is oauth but it's not been implemented here. The way he's doing it requires it not to have base64 yes I agree it should but it won't work with it as that's not what the api is asking for Sent from my HTC One using Tapatalk Link to comment Share on other sites More sharing options...
speechles 1917 Posted July 3, 2014 Share Posted July 3, 2014 I wrote my own oauth lib in tcl for my eggdrop, so I could have twitter on irc. I also dabble in the regular expression field of web scrape just because not enough sites offer a friendly api approach and to get the data you need to manually extract it with cleverness. Eventually I'd like to participate in some of this stuff just because it seems interesting and novel in its approach. This Python seems easy enough eh other than its ugly redundant syntax, tcl is much cleaner in that respect. But on the subject again, it should use oauth2 and their /v2/ endpoints. That endpoint he is using isnt even documented anymore. It appears to work, but I don't have a token and can't tell since I just stare at a credential required login. Should he be using their /v2/endpoints now? They aren't restricted to oauth2 only by the looks of it. Sent from my Nexus 7 using Tapatalk Link to comment Share on other sites More sharing options...
snazy2000 342 Posted July 3, 2014 Share Posted July 3, 2014 The v2 endpoints do not require oauth the endpoints use https so the api key is encrypted in the header so no need for it really Sent from my HTC One using Tapatalk 1 Link to comment Share on other sites More sharing options...
Sven 136 Posted July 3, 2014 Share Posted July 3, 2014 Indeed, it's an api key.... So you don't need to encode it with base64. If it was a regular name it was something else (special chars) --> see rfc 1 Link to comment Share on other sites More sharing options...
Delphi 83 Posted July 3, 2014 Author Share Posted July 3, 2014 (edited) @@snazy2000, @@Sven, OK based on your suggestions this is what the procedure looks like now, still getting 401's public object Post(TestNotification request) { var options = GetOptions(request.UserID); var parameters = new Dictionary<string, string> { {"type", "note"}, {"title", "Test Notification" }, {"body", "This is a test notification from MediaBrowser"} }; var _httpRequest = new HttpRequestOptions(); //Create Basic HTTP Auth Header... string _cred = string.Format("{0} {1}", "Basic", options.Token); _httpRequest.RequestHeaders["Authorization"] = _cred; _httpRequest.Url = "https://api.pushbullet.com/api/pushes"; _logger.Debug("PushBullet <TEST> to {0} - {1}", options.Token, _cred); return _httpClient.Post(_httpRequest, parameters); } } EDIT: I thought i needed base64 because of the requirements of the header posted on the rfc... Edited July 3, 2014 by Delphi Link to comment Share on other sites More sharing options...
snazy2000 342 Posted July 3, 2014 Share Posted July 3, 2014 I swear I did this for something I may have a test example I made for pushbullet were it was working I think its the basic string it needs to be a pre defined variable I'll try find it Sent from my HTC One using Tapatalk 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now