You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shindig.apache.org by Loic Dachary <lo...@dachary.org> on 2009/07/07 01:56:54 UTC

Signed makeRequest that fails on http://partuza.nl/

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The application http://opensocial.dachary.org/signed-test.xml runs a
signed makeRequest to http://opensocial.dachary.org/fetchme.php.txt .
Although it runs fine on
http://shindig.opensocial.dachary.org/gadgets/ifr?nocache=1&url=http://opensocial.dachary.org/signed-test.xml
it fails on
http://modules.partuza.nl/gadgets/ifr?nocache=1&url=http://opensocial.dachary.org/signed-test.xml
with the following error : <h1>Internal server error</h1><p>Missing or
invalid security token</p>

Any hint would be appreciated

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpSj0UACgkQ8dLMyEl6F20R4QCeIes/hA19eq0uGfTAO+ayBUIs
fYsAn0pRxO7uJF+BfhrhE8Ia4BhgkRoy
=iuK9
-----END PGP SIGNATURE-----

Re: how to install gadget

Posted by luca <lu...@gmail.com>.

luca <lu...@...> writes:

> 
> luca <lu...@...> writes:
> 
> I substituted my shindig installation:
> mv shindig shindig_OLD
> 
> then i downloaded again with this command:
> svn checkout https://svn.apache.org/repos/asf/shindig/trunk
> 
> and now it seems to work better....
> 
> 


OK, 
i have only one problem now:
i can't upload photos in any of my albums...
Is there anybody who can help me?

Re: how to install gadget

Posted by luca <lu...@gmail.com>.

luca <lu...@...> writes:




I substituted my shindig installation:
mv shindig shindig_OLD

then i downloaded again with this command:
svn checkout https://svn.apache.org/repos/asf/shindig/trunk

and now it seems to work better....

Re: how to install gadget

Posted by luca <lu...@gmail.com>.

Agustin Casiva <ca...@...> writes:

> 
> >
> > OK thx,
> > when I login to partuza I see on the left Applications/Add applications.
> > When I click on that link i see a page in which i can add an application
> > by url.
> >
> > In this way i can use a gadget for my particular profile.
> > I would like  to  istall a gadget visible in all profiles.
> > Could u help me?
> >
> 
> Mmmmm, I don't know if is possible to do that by default, maybe you have to
> hack a little into partuza to do that.
> 
> Best Regards.
> 

I see :-(
I notice I have some others problem, may You help me?
I installed shindig and partuza on ubuntu server 12.04 with php5.3.
When I go on partuza home page (before i log-in) i have 3 js errors:
1)Failed to load resource: the server responded with a status of 500 (Internal
Server Error)         http://shindig/gadgets/js/rpc.js?c=1
2)Failed to load resource: the server responded with a status of 500 (Internal
Server Error)         http://shindig/gadgets/files/container/osapi.js
3)Uncaught ReferenceError: gadgets is not defined        container.js:168

I found out I have no gadgets dir in /var/www/html/shindig.
I notice i have a gadgets dir in /var/www/html/shindig/content/
and gadgets contains two subfolders: compliance and compliance-1.0

To download shindig i used this command:

     sudo svn co http://svn.apache.org/repos/asf/shindig/trunk

and then

     sudo mv trunk shindig

Could you help me to understand what kind of problem should I have?

If i login partuza I can add a album and add photos. I see my upload on db but
when i go on myprofile/Photos i can't see any album. I cant' write any message
to. Mybe these to problems are related to those three i wrote u before?
Please, if u can help me.

Re: how to install gadget

Posted by Agustin Casiva <ca...@gmail.com>.

>
> OK thx,
> when I login to partuza I see on the left Applications/Add applications.
> When I click on that link i see a page in which i can add an application
> by url.
>
> In this way i can use a gadget for my particular profile.
> I would like  to  istall a gadget visible in all profiles.
> Could u help me?
>

Mmmmm, I don't know if is possible to do that by default, maybe you have to
hack a little into partuza to do that.

Best Regards.

-- 
Ing. Casiva  Agustin

Mail/Msn/GTalk/Jabber: casivaagustin@gmail.com
Skype: casivaagustin
CEL : 054-03722-15270639
Site: http://www.casivaagustin.com.ar

Re: how to install gadget

Posted by luca <lu...@gmail.com>.

Agustin Casiva <ca...@...> writes:
> 
> In order to run Gadgets in partuza, you need to indicate the Url to the Xml
> Gadget inside the Partuza site,
> there is a menu option to include gadgets, if  I'm not wrong, is in
> Applications -> Edit.
> 
> Best Regards
> 
> On Fri, May 25, 2012 at 7:26 AM, luca <lu...@...> wrote:
> 
> > Hello Chris,
> > could you help me?
> > I installed shindig and partuza. They work together but I have a little
> > problem.
> > I have an "hello_world.xml", my first gadget. I dont' understand in which
> > folder
> > I have to put it to see it working in partuza.
> > Best regards,
> > Luca
> >
> >
> >
> 
OK thx,
when I login to partuza I see on the left Applications/Add applications.
When I click on that link i see a page in which i can add an application by url.

In this way i can use a gadget for my particular profile. 
I would like  to  istall a gadget visible in all profiles.
Could u help me?
Thank you for ur replay and help.
Luca

Re: how to install gadget

Posted by Agustin Casiva <ca...@gmail.com>.

In order to run Gadgets in partuza, you need to indicate the Url to the Xml
Gadget inside the Partuza site,
there is a menu option to include gadgets, if  I'm not wrong, is in
Applications -> Edit.

Best Regards

On Fri, May 25, 2012 at 7:26 AM, luca <lu...@gmail.com> wrote:

> Hello Chris,
> could you help me?
> I installed shindig and partuza. They work together but I have a little
> problem.
> I have an "hello_world.xml", my first gadget. I dont' understand in which
> folder
> I have to put it to see it working in partuza.
> Best regards,
> Luca
>
>
>

-- 
Ing. Casiva  Agustin

Mail/Msn/GTalk/Jabber: casivaagustin@gmail.com
Skype: casivaagustin
CEL : 054-03722-15270639
Site: http://www.casivaagustin.com.ar

how to install gadget

Posted by luca <lu...@gmail.com>.

Hello Chris,
could you help me?
I installed shindig and partuza. They work together but I have a little problem.
I have an "hello_world.xml", my first gadget. I dont' understand in which folder
I have to put it to see it working in partuza.
Best regards,
Luca

Re: Signed makeRequest that fails on http://partuza.nl/

Posted by Loic Dachary <lo...@dachary.org>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Chabot wrote:
> On Sun, Jul 12, 2009 at 3:16 PM, Loic Dachary <lo...@dachary.org>
> wrote:
>
>> I'm not sure I understand what you mean. Does it mean there is no
>> way for me to install
>> http://opensocial.dachary.org/signed-test.xml on partuza.nl ? If
>> I can install signed-test.xml I would be grateful if you could
>> tell me what I need to do to make this happen. How can I
>> generated a security token and where should I set it ?
>>
>
> There's a big difference between calling a gadget url directly (
> http://shindig/gadgets/ifr?url=http://foo.com/gadget.xml) and
> adding it to your profile in partuza. In the first situation
> there's no user preferences, lang and country values and no
> security token (since you didn't add them to the url), in the
> second situation, Partuza does all of this for you.
>
> For instance if you open the OSDA gadget frame (that you're viewing
> in partuza) in a new window you'll see that the url is something
> like:
> http://modules.partuza.nl/gadgets/ifr?synd=partuza&container=partuza&viewer=1&owner=1&aid=2&mid=14020&country=US&lang=en&view=canvas&parent=http%3A%2F%2Fwww.partuza.nl&up_lastloaded=1247390131263&st=ZUI2Q05kaU5USVNvSzBWc0ZYazIxUFpHN1BxdUY2WHdoeWZuMEJtM2VZOHFkckRzR1RtR080ZkZZVUtVQkEyOGVaUldPUkhVSzdqZ2FZUVhKYlZSMVZIRTZyU0pLbXUlMkJkbFclMkJQRm1UMG4yUCUyQjVTem9Sd05jR3FhdWZpMUpMRFlRcjVWODI3QWpTeXh0YVREcTZMWWFsU09hRXVmNnEyOXBVUkFaZkx3RG9TSDA5dGZkSmc5RDFmRXJhMUdhWDVUM2ZZV3RRJTNEJTNE&v=05e6036d0a18352307db81c39ed56ec6&url=http%3A%2F%2Fosda.appspot.com%2Fgadget%2Fosda-0.8.xml#rpctoken=817534465
>
>
> Which includes the security token I was referring too (the
> &st=<long string> value).
>
> So yes, you can install your signed-test.xml on partuza without any
>  problems.. you just can't validate signed requests if you call the
>  /gadgets/ifr?url=signed test directly without having a proper
> setup envirioment / query url
>
Thanks for the clarification :-)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpcWgYACgkQ8dLMyEl6F21fDgCgqcWFgNd5l2kQ1p8FjlYYhNKz
s3MAn1vxTji17XkgSEuKkSB1szkFPwHz
=Khrh
-----END PGP SIGNATURE-----

Re: Signed makeRequest that fails on http://partuza.nl/

Posted by Chris Chabot <ch...@google.com>.

On Sun, Jul 12, 2009 at 3:16 PM, Loic Dachary <lo...@dachary.org> wrote:

>
> I'm not sure I understand what you mean. Does it mean there is no way
> for me to install http://opensocial.dachary.org/signed-test.xml on
> partuza.nl ? If I can install signed-test.xml I would be grateful if
> you could tell me what I need to do to make this happen. How can I
> generated a security token and where should I set it ?
>

There's a big difference between calling a gadget url directly (
http://shindig/gadgets/ifr?url=http://foo.com/gadget.xml) and adding it to
your profile in partuza. In the first situation there's no user preferences,
lang and country values and no security token (since you didn't add them to
the url), in the second situation, Partuza does all of this for you.

For instance if you open the OSDA gadget frame (that you're viewing in
partuza) in a new window you'll see that the url is something like:
http://modules.partuza.nl/gadgets/ifr?synd=partuza&container=partuza&viewer=1&owner=1&aid=2&mid=14020&country=US&lang=en&view=canvas&parent=http%3A%2F%2Fwww.partuza.nl&up_lastloaded=1247390131263&st=ZUI2Q05kaU5USVNvSzBWc0ZYazIxUFpHN1BxdUY2WHdoeWZuMEJtM2VZOHFkckRzR1RtR080ZkZZVUtVQkEyOGVaUldPUkhVSzdqZ2FZUVhKYlZSMVZIRTZyU0pLbXUlMkJkbFclMkJQRm1UMG4yUCUyQjVTem9Sd05jR3FhdWZpMUpMRFlRcjVWODI3QWpTeXh0YVREcTZMWWFsU09hRXVmNnEyOXBVUkFaZkx3RG9TSDA5dGZkSmc5RDFmRXJhMUdhWDVUM2ZZV3RRJTNEJTNE&v=05e6036d0a18352307db81c39ed56ec6&url=http%3A%2F%2Fosda.appspot.com%2Fgadget%2Fosda-0.8.xml#rpctoken=817534465

Which includes the security token I was referring too (the &st=<long string>
value).

So yes, you can install your signed-test.xml on partuza without any
problems.. you just can't validate signed requests if you call the
/gadgets/ifr?url=signed test directly without having a proper setup
envirioment / query url

Re: Signed makeRequest that fails on http://partuza.nl/

Posted by Loic Dachary <lo...@dachary.org>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Chabot wrote:
> Hey Loic,
>
> Partuza.nl runs the latest version of shindig and partuza (ie:
> trunk), and the makeRequest check is a bit stricter there.. in this
> case signing a request means adding opensocial_app_id,
> opensocial_viewer_id and opensocial_owner_id to the request, and
> without a security token (which is an encrypted blob containing the
> owner/viewer & app id amongst others) there's no way to fill those
> in ... So since that's invalid, it's generating an error.

I'm not sure I understand what you mean. Does it mean there is no way
for me to install http://opensocial.dachary.org/signed-test.xml on
partuza.nl ? If I can install signed-test.xml I would be grateful if
you could tell me what I need to do to make this happen. How can I
generated a security token and where should I set it ?

Thanks for your patience
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpZ4kEACgkQ8dLMyEl6F22RTACcDMRFeBfXNX0csuFKn+vrqyMR
G/IAn351ohI48tb+7YHg8z2PxObefzUC
=aRFT
-----END PGP SIGNATURE-----

Re: Signed makeRequest that fails on http://partuza.nl/

Posted by Chris Chabot <ch...@google.com>.

Hey Loic,

Partuza.nl runs the latest version of shindig and partuza (ie: trunk), and
the makeRequest check is a bit stricter there.. in this case signing a
request means adding opensocial_app_id, opensocial_viewer_id and
opensocial_owner_id to the request, and without a security token (which is
an encrypted blob containing the owner/viewer & app id amongst others)
there's no way to fill those in ... So since that's invalid, it's generating
an error.

If however you would register on www.partuza.nl, add the OpenSocial Dev App
to your profile and pasted the function in it's edit function (canvas view),
you'd see it's making the request just fine.. ie when modify the signed-test
javascript slightly (to use the dom_handle div for it's output) to:

function makeSignedRequest() {
   var params = {};
   params[gadgets.io.RequestParameters.AUTHORIZATION] =
gadgets.io.AuthorizationType.SIGNED;
   params[gadgets.io.RequestParameters.CONTENT_TYPE] =
gadgets.io.ContentType.JSON;
   var url = "http://opensocial.dachary.org/fetchme.php";
   gadgets.io.makeRequest(url, response, params);
 };

 function response(ret) {
   var html = [ "<font size='-1'><b>", ret.data.validated, "</b><br
/>\n<ul><li>",
     "<b>opensocial_app_id</b>: ", ret.data.query.opensocial_app_id,
"</li>\n<li>",
     "<b>opensocial_owner_id</b>: ", ret.data.query.opensocial_owner_id,
"</li>\n<li>",
     "<b>opensocial_viewer_id</b>: ", ret.data.query.opensocial_viewer_id,
"</li>\n<li>",
     "<b>oauth_consumer_key</b>: ", ret.data.query.oauth_consumer_key,
"</li>\n<li>",
     "<b>oauth_nonce</b>: ", ret.data.query.oauth_nonce, "</li>\n<li>",
     "<b>oauth_signature</b>: ", ret.data.query.oauth_signature,
"</li>\n<li>",
     "<b>oauth_signature_method</b>: ",
ret.data.query.oauth_signature_method, "</li>\n<li>",
     "<b>oauth_timestamp</b>: ", ret.data.query.oauth_timestamp,
"</li>\n<li>",
     "<b>oauth_token</b>: ", ret.data.query.oauth_token, "</li>\n<li>",
     "<b>xoauth_signature_publickey</b>: ",
ret.data.query.xoauth_signature_publickey, "</li></ul></font>" ].join("");
   document.getElementById('dom_handle').innerHTML = html;
 };
makeSignedRequest();


And press execute, it shows me:

*The data was validated with http://partuza.nl/ key*

   - *opensocial_app_id*: 2
   - *opensocial_owner_id*: 1
   - *opensocial_viewer_id*: 1
   - *oauth_consumer_key*: partuza
   - *oauth_nonce*: b4e86f4bc30909963edf18180005ba5a
   - *oauth_signature*:
   bck6dj0mTVYseOPQSspSiaxiZbufPHf4kDRt82Hyb1NhccdLQGnCTb16SC/oDuYfRZSfHn3srGx0MVKaMuvZJXgzmTcHNb8zYiWQmu8hOjH4ixiie63N7j/Jt2fwxhxGVcOtmHcAfN8bY94wsxW3ptHyhP4BFtY9rtXzaP3mfH4=
   - *oauth_signature_method*: RSA-SHA1
   - *oauth_timestamp*: 1246961028
   - *oauth_token*:
   - *xoauth_signature_publickey*: http://modules.partuza.nl/public.cer



On Tue, Jul 7, 2009 at 1:56 AM, Loic Dachary <lo...@dachary.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> The application http://opensocial.dachary.org/signed-test.xml runs a
> signed makeRequest to http://opensocial.dachary.org/fetchme.php.txt .
> Although it runs fine on
>
> http://shindig.opensocial.dachary.org/gadgets/ifr?nocache=1&url=http://opensocial.dachary.org/signed-test.xml
> it fails on
>
> http://modules.partuza.nl/gadgets/ifr?nocache=1&url=http://opensocial.dachary.org/signed-test.xml
> with the following error : <h1>Internal server error</h1><p>Missing or
> invalid security token</p>
>
> Any hint would be appreciated
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkpSj0UACgkQ8dLMyEl6F20R4QCeIes/hA19eq0uGfTAO+ayBUIs
> fYsAn0pRxO7uJF+BfhrhE8Ia4BhgkRoy
> =iuK9
> -----END PGP SIGNATURE-----
>
>