I'm working on a simple app to embed a transparent pixel into emails being sent out manually with Gmail and then cookie the user.
I'm inserting this <img> into the email:
<img height="1" src="https://example.net/pixel.png?guid=1234" style="visibility:" width="1">
The intent is that when the email is opened it should request the image from example.net/pixel.png
The Django app with an endpoint of pixel.png has this view:
def set_cookie(request):
PIXEL_GIF_DATA = "R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7"
data = base64.b64decode(PIXEL_GIF_DATA)
response = HttpResponse(data, content_type='image/gif')
response.set_cookie('some_cookie_name', 'some_cookie_value')
return response
If I visit `example.net/pixel.png?guid=1234' it's setting the cookie appropriately, so we're good there.
The only issue I'm running into is that when the email is opened the request is not being made out to my server. As the recipient if I go into the developer tools and watch the network requests I'm not seeing the request being made to mysite.net
However, if I view the original email, down in the footer I can see that my <img> tag is included.
If I try using an external image like static.example.net/images/sometest123.png the image does come through and is visible.
Gmail fetches the image and caches it on its servers, to prevent this kind of tracking and protect the recipient's privacy.
Related
I had created an API that I use to get processed data from a postgresql db in the form of json. I am able to authenticate the user via the api using the Django Rest Framework and get an authentication token for the same. Now in some pages of my app, I need to display pages in a webview from the web app. These pages require a csrf token in order to be accessed. The csrf token is generated on the submit button of the login on the web app.
I can extract the csrf token from the cookies generated after login. So here's what I'm hoping to accomplish. Whenever I login from the login screen on my app, I want to programmatically create a webview in the background, fill in the login and password and tap the submit button in the web page. I will then proceed to extract the token from the cookies.
Most of the parts I have down, I am not able to figure out how to programmatically fill in the webview and hit the submit button. (The reason I want to hit the submit button is because the view checks if the request is a post and ajax). Can anyone shed some light on how I go about performing dual authentication in this manner?
If anyone is curious, I managed to perform dual authentication via a hidden webview at the login. I hit the api url to get the api auth token, and simultaneously hit the web app url on my webview. I fill in the username, password and tap the submit button through code
func webViewDidFinishLoad(_ webView: UIWebView) {
print("loadFinished")
let loadUsername = "var emailText = document.getElementById('email'); emailText.value = '\(username)';"
let loadPass = "var passText = document.getElementById('password'); passText.value = '\(pass)';"
let submitAction = "var passFields = document.getElementById('login_button'); passFields.click();"
webView.stringByEvaluatingJavaScript(from: loadUsername)
webView.stringByEvaluatingJavaScript(from: loadPass)
webView.stringByEvaluatingJavaScript(from: submitAction)
print("Executed!")
let req = URLRequest(url: URL(string: "https://app.xyz.io/abc/")!)
if tf != true {
webView.loadRequest(req)
tf = true
}
}
After my request loads and authenticates successfully, I merely retrieve the csrf token and sessionid from the session's cookies.
Hope this helped someone!
I am wondering whether Flask app in Google App Engine Production server can receive email with attachment from gmail or any other third party.
As I am having a requirement now that I would receive a email with csv attachment, need to parse it - take the decision and change the content on the website.
I am thinking of automating the entire thing, but I do no how to setup mail with google app engine, that is my application whenever receive a mail with attachment, parse it, do the computations and change the page content and display on the website.
I have gone through google app engine document but it doesn't provide much information.
I have setup the inbound_email in app.yaml and also handlers for the email, now the only question is how to get the email to the handler script. enter link description here
Is there any way on doing the above requirements ???
I am working on a project in which i am working on a signup/login module. I have implemented the sessions in webapp2 python successfully. Now i want to implement the remember me feature on login. I am unable to find anything which can help me. I do know that i have to set the age of session. But i do not know how. Here is my session code.
def dispatch(self):
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
try:
# Dispatch the request.
webapp2.RequestHandler.dispatch(self)
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
#webapp2.cached_property
def session(self):
# Returns a session using the default cookie key.
return self.session_store.get_session()
Config:
config = {}
config['webapp2_extras.sessions'] = {
'secret_key': 'my-super-secret-key',
}
Kindly help me.
First in case you don't know the difference between sessions and cookies
What is a Cookie? A cookie is a small piece of text stored on a
user's computer by their browser. Common uses for cookies are
authentication, storing of site preferences, shopping cart items, and
server session identification.
Each time the users' web browser interacts with a web server it will
pass the cookie information to the web server. Only the cookies stored
by the browser that relate to the domain in the requested URL will be
sent to the server. This means that cookies that relate to
www.example.com will not be sent to www.exampledomain.com.
In essence, a cookie is a great way of linking one page to the next
for a user's interaction with a web site or web application.
.
What is a Session? A session can be defined as a server-side storage of
information that is desired to persist throughout the user's
interaction with the web site or web application.
Instead of storing large and constantly changing information via
cookies in the user's browser, only a unique identifier is stored on
the client side (called a "session id"). This session id is passed to
the web server every time the browser makes an HTTP request (ie a page
link or AJAX request). The web application pairs this session id with
it's internal database and retrieves the stored variables for use by
the requested page.
If you want to implement something like "remember me" you should use cookies because data stored in session isn't persistent.
For setting and getting cookies in webapp2:
response.headers.add_header('Set-Cookie', 'remember_me=%s' % some_hash)
request.cookies.get('remember_me', '')
I strongly recommend you to read this article that has explained this stuff thoroughly.
I am writing a python desktop app that will access a user's facebook photos. The app currently supports flickr, which uses a similar oauth authentication process, but I am struggling to figure out how to authenticate the app for facebook. For flickr, the basic steps are:
App opens a browser on the authentication page
user gives the app permission to access the account
App receives a token as a http response that can then be used with flickr's api
I am hoping that there is something similar for facebook, but I haven't been able to figure it out.
There are a variety of facebook API libraries for python, such as Pyfb, which provides a simple way of accessing graph data, but none of them provide an obvious way to do the authentication steps above and retrieve a token that can be used. Here's the example from Pyfb, which presumes that the user token will be manually entered by the user, which is totally ridiculous for a desktop app...
from pyfb import Pyfb
#Your APP ID. You Need to register the application on facebook
#http://developers.facebook.com/
FACEBOOK_APP_ID = 'YOUR_APP_ID'
pyfb = Pyfb(FACEBOOK_APP_ID)
#Opens a new browser tab instance and authenticates with the facebook API
#It redirects to an url like http://www.facebook.com/connect/login_success.html#access_token=[access_token]&expires_in=0
pyfb.authenticate()
#Copy the [access_token] and enter it below
token = raw_input("Enter the access_token\n")
#Sets the authentication token
pyfb.set_access_token(token)
#Gets info about myself
me = pyfb.get_myself()
Here's a shot at answering my own question.
First, the reason the code fragment above doesn't work. The call to pyfb.authenticate opens the authentication link in the default browser. After the user logs in and allows the app access, facebook is supposed to redirect the URL in the browser to something like
https://www.facebook.com/connect/login_success.html#access_token=ACCESS_TOKEN&
expires_in=SOMETIME
In the pyfb code sample, the user is supposed to copy the access token from the URL bar and all should be well. But... presumably because of some security concerns, facebook will perform some Javascript shenanigans which will instead leave you with:
https://www.facebook.com/connect/blank.html#_=_
(It turns out that you can work around this by digging through the browser history on some browsers -- see https://bugs.kde.org/show_bug.cgi?id=319252)
The solution to this for a desktop app is to open a web view within the app. The Javascript code apparently will correctly detect you are authenticating within an app and spit out the full URL with token. So here's an example using Python gtk and webkit:
import gtk
import webkit
view = webkit.WebView()
sw = gtk.ScrolledWindow()
sw.add(view)
win = gtk.Window(gtk.WINDOW_TOPLEVEL)
win.add(sw)
win.show_all()
win.connect("destroy", lambda *args:gtk.main_quit())
client_id = 'XXXXXXXXXXXXX' #your unique app id
auth_url = 'https://www.facebook.com/dialog/oauth?response_type=token&client_id=%s&redirect_uri=https://www.facebook.com/connect/login_success.html'%(client_id,)
view.open(auth_url)
def load_finished(view,frame):
#function will print the url with token second time
print frame.get_uri()
view.connect("document-load-finished",load_finished)
gtk.main()
I wish to send the data submitted using plone formgen as "mail attachment" for approval to a particular mail id. I use content rule for change in workflow state, to trigger the mail, stating that the data is ready for approval to the mail id. BUT I wish to mail the data also Using plone 4.1