[katello-devel] Help with ReST API coding.
Lukas Zapletal
lzap at redhat.com
Thu Jan 26 09:54:47 UTC 2012
>From the log you have provided I see you are sending a key called
"_json" which this controller obviously does not accept.
It is sending it straight to the database, which is not correct. We must
not allow sending arbitrary parameters to the query. This is not
correct. Fortunately this is select and sql injection is not possible
(Rails3 checks all input params).
But I can't tell, looks like your checkout is not the current master (at
least environments_controller.rb line 34 is not the database call for
me). Local changes?
In short - do not send this "_json" thing and it will work.
LZ
On Wed, Jan 25, 2012 at 10:07:26PM -0500, Eric Sammons wrote:
> I have the following code, which is practically stolen line for line from katello/client/server.py and katello/client/api/system.py. Yet in my code returns errors, for the GET I get a 500 Internal Server Error and for the POST I get a 404 Not Found. Any assistance is greatly appreciated, I rather certain it is something simple that I'm missing.
>
> Thanks!
> Eric
>
> [code]
> #!/usr/bin/env python
>
> import base64
> import httplib
> import urllib
> import locale
> import os
> import mimetypes
>
> try:
> import json
> except ImportError:
> import simplejson as json
>
> def process_response(response):
> response_body = response.read()
> try:
> response_body = json.loads(response_body, encoding='utf-8')
> except:
> pass
>
> return (response.status, response_body, response.getheaders())
>
> def https_connection(host, port=443):
> return httplib.HTTPSConnection(host, port)
>
> def build_url(path, queries=()):
> path_prefix = '/headpin/api'
>
> path = '/'.join((path_prefix, path))
> path = urllib.quote(str(path))
> queries = urllib.urlencode(queries)
> if queries:
> path = '?'.join((path, queries))
> return path
>
> def prepare_body(body, multipart):
> content_type = 'application/json'
> #if multipart:
> # content_type, body = self._encode_multipart_formdata(body)
> #elif not isinstance(body, (type(None), Bytes, file)):
> body = json.dumps(body)
>
> return (content_type, body)
>
> def request(method, path, queries=(), body=None, multipart=False, customHeaders={}):
> username = 'admin'
> password = 'admin'
> headers = {}
> raw = ':'.join((username, password))
> encoded = base64.encodestring(raw)[:-1]
> headers['Authorization'] = 'Basic ' + encoded
>
> connection = https_connection('cubert.usersys.redhat.com')
> url = build_url(path,queries)
> content_type, body = prepare_body(body, multipart)
>
> headers['content-type'] = content_type
> headers['content-length'] = str(len(body) if body else 0)
> print (url)
> connection.request(method, url, body=body, headers=dict(headers.items() + customHeaders.items()))
> return process_response(connection.getresponse())
>
> def GET(path, queries=(), customHeaders={}):
> return request('GET', path, queries, customHeaders=customHeaders)
>
> def POST(path, body, multipart=False, customHeaders={}):
> return request('POST', path, body=body, multipart=multipart, customHeaders=customHeaders)
>
>
> def register(name, org):
> #path = "environments/166/systems"
> path = "/api/organizations/%s/systems" % org
> sysdata = {
> "name" : name,
> "cp_type" : "system",
> "facts" : {
> "distribution.name": "Fedora",
> "cpu.cpu_socket(s)": "1"}
> }
> return POST(path, sysdata)[1]
>
> def environment_by_name(orgId, envName):
> #path = "organizations/ACME_Corporation/environments"
> path = "organizations/%s/environments" % orgId
> envs = GET(path, {"name": envName})[1]
> if len(envs) > 0:
> return envs[0]
> else:
> return None
>
> envs = environment_by_name('ACME_Corporation', 'DEV')
> print envs
> register('restfulserver', 'ACME_Corporation')
> [/code]
>
> [production.log]
>
> Started GET "/headpin//api/organizations/ACME_Corporation/environments?name=DEV" for xxx.xxx.xxx.xxx at Wed Jan 25 22:01:46 -0500 2012
> Processing by Api::EnvironmentsController#index as HTML
> Parameters: {"name"=>"DEV", "_json"=>nil, "organization_id"=>"ACME_Corporation"}
> ActiveRecord::StatementInvalid: PGError: ERROR: column environments._json does not exist
> LINE 1: ...ronments" WHERE "environments"."name" = 'DEV' AND "environme...
> ^
> : SELECT "environments".* FROM "environments" WHERE "environments"."name" = 'DEV' AND "environments"."_json" IS NULL AND "environments"."organization_id" = 1
> /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/abstract_adapter.rb:207:in `log'
> /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/postgresql_adapter.rb:514:in `execute'
> /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/postgresql_adapter.rb:1004:in `select_raw'
> /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/postgresql_adapter.rb:997:in `select'
> /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/abstract/database_statements.rb:7:in `select_all'
> /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/abstract/query_cache.rb:54:in `select_all'
> /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/abstract/query_cache.rb:68:in `cache_sql'
> /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/abstract/query_cache.rb:54:in `select_all'
> /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/base.rb:473:in `find_by_sql'
> /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/relation.rb:64:in `to_a'
> /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/relation.rb:80:in `as_json'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/json/encoding.rb:46:in `encode'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/json/encoding.rb:77:in `check_for_circular_references'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/json/encoding.rb:45:in `encode'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/json/encoding.rb:30:in `encode'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/core_ext/object/to_json.rb:15:in `to_json'
> /usr/share/katello/app/controllers/api/environments_controller.rb:34:in `index'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal/implicit_render.rb:4:in `send_action'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal/implicit_render.rb:4:in `send_action'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/abstract_controller/base.rb:150:in `process_action'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal/rendering.rb:11:in `process_action'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/abstract_controller/callbacks.rb:18:in `process_action'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:452:in `_run__856191886__process_action__199225275__callbacks'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:221:in `_conditional_callback_around_2555'
> /usr/share/katello/lib/util/threadsession.rb:79:in `thread_locals'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:220:in `_conditional_callback_around_2555'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:441:in `_run__856191886__process_action__199225275__callbacks'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:410:in `send'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:410:in `_run_process_action_callbacks'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:94:in `send'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:94:in `run_callbacks'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/abstract_controller/callbacks.rb:17:in `process_action'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal/rescue.rb:17:in `process_action'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/notifications.rb:52:in `instrument'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/notifications/instrumenter.rb:21:in `instrument'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/notifications.rb:52:in `instrument'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal/instrumentation.rb:29:in `process_action'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/abstract_controller/base.rb:119:in `process'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/abstract_controller/rendering.rb:41:in `process'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal.rb:138:in `dispatch'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal/rack_delegation.rb:14:in `dispatch'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal.rb:178:in `action'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/routing/route_set.rb:62:in `call'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/routing/route_set.rb:62:in `dispatch'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/routing/route_set.rb:27:in `call'
> /usr/lib/ruby/gems/1.8/gems/rack-mount-0.7.1/lib/rack/mount/route_set.rb:150:in `call'
> /usr/lib/ruby/gems/1.8/gems/rack-mount-0.7.1/lib/rack/mount/code_generation.rb:93:in `recognize'
> /usr/lib/ruby/gems/1.8/gems/rack-mount-0.7.1/lib/rack/mount/code_generation.rb:110:in `optimized_each'
> /usr/lib/ruby/gems/1.8/gems/rack-mount-0.7.1/lib/rack/mount/code_generation.rb:92:in `recognize'
> /usr/lib/ruby/gems/1.8/gems/rack-mount-0.7.1/lib/rack/mount/route_set.rb:141:in `call'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/routing/route_set.rb:493:in `call'
> /usr/lib/ruby/gems/1.8/gems/warden-1.0.5/lib/warden/manager.rb:35:in `call'
> /usr/lib/ruby/gems/1.8/gems/warden-1.0.5/lib/warden/manager.rb:34:in `catch'
> /usr/lib/ruby/gems/1.8/gems/warden-1.0.5/lib/warden/manager.rb:34:in `call'
> /usr/lib/ruby/gems/1.8/gems/sass-3.1.4/lib/sass/../sass/plugin/rack.rb:54:in `call'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/best_standards_support.rb:17:in `call'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/head.rb:14:in `call'
> /usr/lib/ruby/gems/1.8/gems/rack-1.3.0/lib/rack/methodoverride.rb:24:in `call'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/params_parser.rb:21:in `call'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/flash.rb:182:in `call'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/session/abstract_store.rb:149:in `call'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/cookies.rb:302:in `call'
> /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/query_cache.rb:32:in `call'
> /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/abstract/query_cache.rb:28:in `cache'
> /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/query_cache.rb:12:in `cache'
> /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/query_cache.rb:31:in `call'
> /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:354:in `call'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/callbacks.rb:46:in `call'
> /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:416:in `_run_call_callbacks'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/callbacks.rb:44:in `call'
> /usr/lib/ruby/gems/1.8/gems/rack-1.3.0/lib/rack/sendfile.rb:102:in `call'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/remote_ip.rb:48:in `call'
> /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/show_exceptions.rb:47:in `call'
> /usr/lib/ruby/gems/1.8/gems/railties-3.0.10/lib/rails/rack/logger.rb:13:in `call'
> /usr/lib/ruby/gems/1.8/gems/rack-1.3.0/lib/rack/runtime.rb:17:in `call'
> /usr/lib/ruby/gems/1.8/gems/rack-1.3.0/lib/rack/lock.rb:34:in `call'
> /usr/lib/ruby/gems/1.8/gems/railties-3.0.10/lib/rails/application.rb:168:in `call'
> /usr/lib/ruby/gems/1.8/gems/railties-3.0.10/lib/rails/application.rb:77:in `send'
> /usr/lib/ruby/gems/1.8/gems/railties-3.0.10/lib/rails/application.rb:77:in `method_missing'
> /usr/lib/ruby/gems/1.8/gems/rack-1.3.0/lib/rack/urlmap.rb:52:in `call'
> /usr/lib/ruby/gems/1.8/gems/rack-1.3.0/lib/rack/urlmap.rb:46:in `each'
> /usr/lib/ruby/gems/1.8/gems/rack-1.3.0/lib/rack/urlmap.rb:46:in `call'
> /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/connection.rb:84:in `pre_process'
> /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/connection.rb:82:in `catch'
> /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/connection.rb:82:in `pre_process'
> /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/connection.rb:57:in `process'
> /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/connection.rb:42:in `receive_data'
> /usr/lib/ruby/gems/1.8/gems/eventmachine-0.12.10/lib/eventmachine.rb:256:in `run_machine'
> /usr/lib/ruby/gems/1.8/gems/eventmachine-0.12.10/lib/eventmachine.rb:256:in `run'
> /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/backends/base.rb:61:in `start'
> /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/server.rb:159:in `start'
> /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/controllers/controller.rb:86:in `start'
> /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/runner.rb:185:in `send'
> /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/runner.rb:185:in `run_command'
> /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/runner.rb:151:in `run!'
> /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/bin/thin:6
> /usr/share/katello/script/thin:59:in `load'
> /usr/share/katello/script/thin:59
> Rendered text template (0.0ms)
> Completed 500 Internal Server Error in 15ms (Views: 0.6ms | ActiveRecord: 4.7ms)
>
> started POST "/headpin//api/organizations/ACME_Corporation/systems" for xxx.xxx.xxx.xxx at Wed Jan 25 22:04:26 -0500 2012
> Processing by ErrorsController#routing as HTML
> Parameters: {"facts"=>{"distribution.name"=>"Fedora", "cpu.cpu_socket(s)"=>"1"}, "name"=>"restfulserver", "cp_type"=>"system", "organization_id"=>"ACME_Corporation"}
> Rendered common/_config.html.haml (0.5ms)
> Rendered layouts/_ajax_notices.haml (0.9ms)
> Rendered layouts/_notification.haml (0.2ms)
> Rendered common/_common_i18n.html.haml (0.5ms)
> Rendered layouts/_header.haml (2.1ms)
> Rendered layouts/_footer.haml (0.2ms)
> Rendered common/404.html.haml within layouts/katello (9.1ms)
> Completed 404 Not Found in 11ms (Views: 9.9ms | ActiveRecord: 0.0ms)
> [/production.log]
>
> _______________________________________________
> katello-devel mailing list
> katello-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/katello-devel
--
Later,
Lukas Zapletal | E32E400A
RHN Satellite Engineering
Red Hat Czech s.r.o. Brno
More information about the katello-devel
mailing list