I want to make a program in Python where is someone transfers money to my bankaccount,
i sent them a confirmation mail.
I don't know where to start and don't know how i can achieve this.
Mailjet provides such service. It has a free tier too. You can use it either posting request with requests.post or using pypi package here. The API documentation is also here.
As you may guess this is only for the mail service you asked. If the money transfer is a serious job, then the back end, transactions etc. requires some experience in that field.
Related
I have written a python script to make updates to SalesForce. However the issue is that I login to SalesForce using my username and password but this is a problem because my password changes regularly. I realize that I need to use the JWT method to avoid this. According to PyPi all I need to do is use simple salesforce and provide a private key and consumer key but I cannot figure out how to do this. I have made a connected app and associated it with a self signed certificate. Please advise on how I finish setting up this method.
You could have a dedicated user account for this with Profile flag that says password never expires. There would be a license cost, yes - but it'd work OK even if you leave company and the updates done by "Mr Admin" can look better to end users than by "Brian". Do you get any "why have you changed my data!!!" angry emails? ;)
But if you really need the JWT route these should help:
https://help.salesforce.com/articleView?id=remoteaccess_oauth_jwt_flow.htm&type=5
https://gist.github.com/booleangate/30d345ecf0617db0ea19c54c7a44d06f (Python example but read the comments, I had to pip install pyjwt, not jwt)
https://salesforce.stackexchange.com/questions/201636/authentication-using-jwt/201648 (Apex example, 2 versions of code, raw HTTP requests or using built-in JWT libraries)
I'm building an app that has a frontend for both iOS and Android, and a Backend composed of a Flask API and a MySQL database.
Right now, our authentication uses JWT. Except that I'm not sure I totally understand how it is supposed to work.
I don't know where to find the specifications for JWT, so when I say JWT I simply mean a JSON payload encrypted using the PyJWT library.
Currently, the expiration of the tokens happens 6 months from their creation.
I feel like this is a rather insecure setup.
From all the examples I've seen, JWTs have a very short lifetime, and then there's some sort of "refresh token" that renews it.
But that's all I know. I don't understand it well enough to code it in Python.
Could someone please help explain what this refresh token is, what exactly it does, how it is created, etc.?
UPDATE:
As for the specifications for JWT, I read this: https://www.rfc-editor.org/rfc/rfc7519
It doesn't mention any refresh tokens.
So now my question is, is what I'm doing secure enough?
Is it worth it to have a logout API endpoint that sends the token and adds it to a blacklist, so no one can steal it?
Six months for a JWT is way too high and unsecure. You might want to keep it a few hours or a day max. Along with that, have a long lived refresh token (RT), which you can use to keep getting new JWT. The function of the refresh token is to maintain a long lived session (so that the user can be logged in for a long period of time), to detect token theft (if you keep changing the RT on each use) - since you mentioned stealing, and to enable you to use short lived access tokens (since those are exposed over the wire most frequently). And yes, blacklisting JWTs can be a good idea, but if you are keeping them short lived, then why do that?
This topic is quite vast and complex. You can refer to my blog post about this - it provides information about all session flows, their security and also has an end-to-end implemented library.
Premise: I am a beginner in search for an easy way to send bug reports from users over sea.
I've made a script for some friends that are living on the other side of the sea (US - EUROPE)... I will like to gather automatic bug reports whenever they happen. So my first idea was to send myself an email with the smtplib module. It works fine when testing home, but as soon as the sender "sends", my email provider (gmail) blocks the connection because of course, its from an "unknown device". I've already enabled "Allow less secure apps" as someone suggested but with no avail.
What I am searching its a simple way of dealing with this.
Yes I could make the script to ignore the error if the email its not being sent, and then go into my google account and enable those devices so at least it will work from the second run..
But it doesn't seem what a programmer would do in this case. I am learning so a solution withing the language is what I am after.
A different provider that has no restriction its also a good start but I tried Yahoo, Live, Yandex but I couldn't make them work. Are there any?
So my question is: how others do? what is the best solution for some one like me?
I've read about sentry or other error/bug tracking but its obviously way too much for want I need
You should certainly not incorporate e.g. Gmail credentials in the code that is remotely executed on devices you do not control, given I understand correctly the Gmail less secure device issue happens as every "user" is running this code and using your credentials. This holds true for any other provider.
Now this won't exactly be simple but one way to go about it would be to create a server side API endpoint that can accept HTTP(s) or any other protocol requests that then will authenticate in a little more secure way on the server side with Gmail.
The concept for emails is:
Bug > Python Script > API call > Email
This could be implemented using Python on the API side (Flask e.g.) using an AWS Lambda Function with Amazon API Gateway, but again that is something to get through and understand by itself which will take a good chunk of time.
You need to touch a lot of concepts, like auth tokens to make this really secure.
Could you elaborate a little on where the code needs to run and if you are willing to try AWS or any other cloud provider, or would have access to an internet connected server ? This makes it easier to provide you with a full example on the solution in a hackish way while I would highlight the problems you could face on the security side.
I understand that this is not the way to go but as for my needs and my level of experience it works for me!
Yandex allows you to send email from different ip so Yandex is the way to go. What I was doing wrong in the first place was to use the wrong port (587 instead of 465)
New to programming, using Python 3.
I work in sales and want to make a program using the Podio API which is going to take information about potential clients from an excel sheet and use it to create subpages in Podio with their information. To get an API-key, Podio wants a redirect-URL for the purposes described here and here, a whole bunch of text I don't really understand. Does it mean I have to authenticate myself in my program (using my Podio login info?), which sends me to Podio (where I log in to Podio manually, using the same login info?), which sends me to the redirect URL, which sends me back to Podio? I can't really make sense of this.
I googled and found some similar questions but none of the answers explained exactly what the actual functions of these authentication flows are. When do I need them? Do I need them if I'm just going to be using this program myself? Do I always need them to gain access to my Podio account through my program?
Thanks in advance.
If you are only going to use your program yourself, then username/password flow is what you need. It is simplest to understand and use flow of authenticating with Podio API. Here are all needed details for it: https://developers.podio.com/authentication/username_password
To be short: yes, you can enter localhost as full domain (without protocol) of your return URL
We use a lot of of python to do much of our deployment and would be handy to connect to our TFS server to get information on iteration paths, tickets etc. I can see the webservice but unable to find any documentation. Just wondering if anyone knew of anything?
The web services are not documented by Microsoft as it is not an officially supported route to talk to TFS. The officially supported route is to use their .NET API.
In the case of your sort of application, the course of action I usually recommend is to create your own web service shim that lives on the TFS server (or another server) and uses their API to talk to the server but allows you to present the data in a nice way to your application.
Their object model simplifies the interactions a great deal (depending on what you want to do) and so it actually means less code over-all - but better tested and testable code and also you can work around things such as the NTLM auth used by the TFS web services.
Hope that helps,
Martin.
So, this question is friggin' old, but let me take a whack at it (since it keeps coming up in my google searches).
There's no officiall supported API for the on premise TFS (the MSFT hosted one has http://www.visualstudio.com/en-us/integrate/api/overview).
That said, you can always use Fiddler (http://www.telerik.com/fiddler) or something like it to inspect the calls that the web client for TFS is making to the server and do your magic to turn those into the scripts in python you want.
You'll need to run your python scripts under a service account that has TFS privs appropriate to what it is trying to do (read, update, confugure... whatever).
Since it sounds like you are just trying to read from TFS, this might be a really easy way for you to get what you want since an HTTP get to
http://yourserver/tfs/yourcollection/yourproject/_workitems#id=yourworkitemid
will hand you back (halfway) sane html payloads.
If you want lists of iterations or teams or whatever, then your service account needs to have the appropriate admin privileges and hit things like
http://yourserver/tfs/yourcollection/yourproject/_admin/_iterations
and use that response.