I want to write a script to support my clients online. I decided to use ICQ-protocol for this (kind a icq-bot).
I have 25 icq uins. I need something that will be able to:
Make them all online
If some uins got disconnected - reconnect them.
Use proxy to login, because ICQ server could not accept connection from one IP.
Receive some messages and answer on them.
What should I use to do this?
Thanks a lot.
I suggest using XMPP (a.k.a. Jabber) instead of ICQ, really.
It's a free protocoll, and there are python APIs for it, like jabber.py and xmpppy.
xmpppy is as easy as:
jid = xmpp.protocol.JID('your id')
cl = xmpp.Client(jid.getDomain(),debug=[])
cl.connect()
cl.auth(jid.getNode(), 'your password')
cl.send(xmpp.protocol.Message('reciever id', 'your text'))
Also, you can use so called transports to use XMPP to transparently send/reviece messages from other protocols like ICQ, MSN, AOL etc, which may be what you need if you really need ICQ.
Otherwise, I only know about NanoICQ, which claims to be a python based ICQ client, I don't know if the project is still active...
Related
I simply want to receive notifications from dropbox that a change has been made. I am currently following this tutorial:
https://www.dropbox.com/developers/reference/webhooks#tutorial
The GET method is done, verification is good.
However, when trying to mimic their implementation of POST, I am struggling because of a few things:
I have no idea what redis_url means in the def_process function of the tutorial.
I can't actually verify if anything is really being sent from dropbox.
Also any advice on how I can debug? I can't print anything from my program since it has to be ran on a site rather than an IDE.
Redis is a key-value store; it's just a way to cache your data throughout your application.
For example, access token that is received after oauth callback is stored:
redis_client.hset('tokens', uid, access_token)
only to be used later in process_user:
token = redis_client.hget('tokens', uid)
(code from https://github.com/dropbox/mdwebhook/blob/master/app.py as suggested by their documentation: https://www.dropbox.com/developers/reference/webhooks#webhooks)
The same goes for per-user delta cursors that are also stored.
However there are plenty of resources how to install Redis, for example:
https://www.digitalocean.com/community/tutorials/how-to-install-and-use-redis
In this case your redis_url would be something like:
"redis://localhost:6379/"
There are also hosted solutions, e.g. http://redistogo.com/
Possible workaround would be to use database for such purpose.
As for debugging, you could use logging facility for Python, it's thread safe and capable of writing output to file stream, it should provide you with plenty information if properly used.
More info here:
https://docs.python.org/2/howto/logging.html
I work on a Django based app, and I want to know if there's a way to know if my server uses http connections or https.
I know that using
import socket
if socket.gethostname().startswith('****'):
I can get the hostname, is it possible to do something like that so I can get to know if the hosting uses a ssl certificate?
PD: I'm a rookie here, so I'm asking to see if it's possible and, if it is, how should I do it.
Thanks
it's completely possible:
def some_request_function(request):
if request.is_secure():
#You are safe!
else:
#You are NOT safe!
More details:
https://docs.djangoproject.com/en/2.0/ref/request-response/#django.http.HttpRequest.is_secure
There simply is an is_secure() method on the request object, returning True if the connection is secure.
Depending on your specific server configuration you may also need to set SECURE_PROXY_SSL_HEADER in your settings.
django requests (HttpRequest) have is_secure method:
https://docs.djangoproject.com/en/dev/ref/request-response/#django.http.HttpRequest.is_secure
I am trying to add authentication to a xmlrpc server (which will be running on nodes of a P2P network) without using user:password#host as this will reveal the password to all attackers. The authentication is so to basically create a private network, preventing unauthorised users from accessing it.
My solution to this was to create a challenge response system very similar to this but I have no clue how to add this to the xmlrpc server code.
I found a similar question (Where custom authentication was needed) here.
So I tried creating a module that would be called whenever a client connected to the server. This would connect to a challenge-response server running on the client and if the client responded correctly would return True. The only problem was that I could only call the module once and then I got a reactor cannot be restarted error. So is there some way of having a class that whenever the "check()" function is called it will connect and do this?
Would the simplest thing to do be to connect using SSL? Would that protect the password? Although this solution would not be optimal as I am trying to avoid having to generate SSL certificates for all the nodes.
Don't invent your own authentication scheme. There are plenty of great schemes already, and you don't want to become responsible for doing the security research into what vulnerabilities exist in your invention.
There are two very widely supported authentication mechanisms for HTTP (over which XML-RPC runs, therefore they apply to XML-RPC). One is "Basic" and the other is "Digest". "Basic" is fine if you decide to run over SSL. Digest is more appropriate if you really can't use SSL.
Both are supported by Twisted Web via twisted.web.guard.HTTPAuthSessionWrapper, with copious documentation.
Based on your problem description, it sounds like the Secure Remote Password Protocol might be what you're looking for. It's a password-based mechanism that provides strong, mutual authentication without the complexity of SSL certificate management. It may not be quite as flexible as SSL certificates but it's easy to use and understand (the full protocol description fits on a single page). I've often found it a useful tool for situations where a trusted third party (aka Kerberos/CA authorities) isn't appropriate.
For anyone that was looking for a full example below is mine (thanks to Rakis for pointing me in the right direction). In this the user and password is stored in a file called 'passwd' (see the first useful link for more details and how to change it).
Server:
#!/usr/bin/env python
import bjsonrpc
from SRPSocket import SRPSocket
import SocketServer
from bjsonrpc.handlers import BaseHandler
import time
class handler(BaseHandler):
def time(self):
return time.time()
class SecureServer(SRPSocket.SRPHost):
def auth_socket(self, socket):
server = bjsonrpc.server.Server(socket, handler_factory=handler)
server.serve()
s = SocketServer.ForkingTCPServer(('', 1337), SecureServer)
s.serve_forever()
Client:
#! /usr/bin/env python
import bjsonrpc
from bjsonrpc.handlers import BaseHandler
from SRPSocket import SRPSocket
import time
class handler(BaseHandler):
def time(self):
return time.time()
socket, key = SRPSocket.SRPSocket('localhost', 1337, 'dht', 'testpass')
connection = bjsonrpc.connection.Connection(socket, handler_factory=handler)
test = connection.call.time()
print test
time.sleep(1)
Some useful links:
http://members.tripod.com/professor_tom/archives/srpsocket.html
http://packages.python.org/bjsonrpc/tutorial1/index.html
I'm in a situation where I need to pass some texts to a prompt generate by a API (seems for API it's a pretty weird behavior, this is the first time I ran into this), like below:
kvm_cli = libvirt.open("qemu+ssh://han#10.0.10.8/system")
then a prompt shows up asking for the ssh password (password for 10.0.10.8 is:), I have to manually type it there in order to move on and yield the kvm_cli object I needed.
I tried to use the pexpect module to deal with this however it's for OS command line instead of API.
It's also possible to work around this by using ssh certification files but it's not a favorable authentication approach in our scenario.
Since our wrapper to the 'open' method is not interactive, we cannot ask the user to input the password, do you guys have any thought how could I address it?
I am not a libvirt user, but I believe that the problem is not in the library, but in the connection method. You seem to be connecting via ssh, so you need to authenticate yourself.
I've been reading the libvirt page on ArchWiki, and I think that you could try:
setting up the simple (TCP/IP socket) connection method, or
setting up key-based, password-less SSH login for your virtual host.
I'd like to provide a functionality for users of my website to get assigned an email address upon registration (such as firstname.lastname#mydomain.com) but I don't really think it is feasible to actually support all these emails account normally through a webmail program. I am also not sure if my webhost would be cool with it. What I'd really want is to be able to have a seamless integration of this email into the bigger system that the website is, as it is mostly going to be for intra-site messaging but we want to allow users to put actual email addresses. So what I would like to do instead is have a catch-all account under mydomain and have this email look at incoming mail, see who it was meant to be sent to, and add a message for the user in the system.
So, the questions are:
1) Is this the right approach? How expensive would it be to get a host that would allow me to just assign emails to at will to my domain? I am currently using WebFaction's shared hosting.
2) If it is an okay approach, what is the best way to route this catch all account to my python script? I have read about .forward but I am not very good at UNIX stuff. Once I figure that out, how would I get the script to be in the "Django environment" so I can use Django's model functionality to add the new messages to the user?
3) Is there anything Django can do to make this any easier?
4) Are there any tools in Python to help me parse the email address? How do they work?
To directly answer your questions:
1,2) Check out this FAQ in the WebFaction website. It explains how to easily route incoming emails into the script of your choice. When creating an email address, you can just not specify a username to make it be a catch-all email that anything sent to the domain goes to.
3) As others have suggested, you could check out django-messages, but maybe Django Plugables has something better.
4) Check out the email.parser module as it takes care of most of the scary parts of parsing emails.
See my answer to a similar question. It has all the basic code to get you started with an email parser for Django.
Edit: On second thought, here's the code:
There's an app called jutda-helpdesk that uses Python's poplib and imaplib to process incoming emails. You just have to have an account somewhere with POP3 or IMAP access.
This is adapted from their get_email.py:
def process_mail(mb):
print "Processing: %s" % q
if mb.email_box_type == 'pop3':
if mb.email_box_ssl:
if not mb.email_box_port: mb.email_box_port = 995
server = poplib.POP3_SSL(mb.email_box_host, int(mb.email_box_port))
else:
if not mb.email_box_port: mb.email_box_port = 110
server = poplib.POP3(mb.email_box_host, int(mb.email_box_port))
server.getwelcome()
server.user(mb.email_box_user)
server.pass_(mb.email_box_pass)
messagesInfo = server.list()[1]
for msg in messagesInfo:
msgNum = msg.split(" ")[0]
msgSize = msg.split(" ")[1]
full_message = "\n".join(server.retr(msgNum)[1])
# Do something with the message
server.dele(msgNum)
server.quit()
elif mb.email_box_type == 'imap':
if mb.email_box_ssl:
if not mb.email_box_port: mb.email_box_port = 993
server = imaplib.IMAP4_SSL(mb.email_box_host, int(mb.email_box_port))
else:
if not mb.email_box_port: mb.email_box_port = 143
server = imaplib.IMAP4(mb.email_box_host, int(mb.email_box_port))
server.login(mb.email_box_user, mb.email_box_pass)
server.select(mb.email_box_imap_folder)
status, data = server.search(None, 'ALL')
for num in data[0].split():
status, data = server.fetch(num, '(RFC822)')
full_message = data[0][1]
# Do something with the message
server.store(num, '+FLAGS', '\\Deleted')
server.expunge()
server.close()
server.logout()
mb is just some object to store all the mail server info, the rest should be pretty clear.
You'll probably need to check the docs on poplib and imaplib to get specific parts of the message, but hopefully this is enough to get you going.
but I don't really think it is
feasible to actually support all these
emails account normally through a
webmail program
I think that your base assumption here is incorrect. You see, most 'webmail' programs are just frontends (or clients) to the backend mail system (postfix etc). You will need to see how your webhost is set up. There is no reason why you can not create these accounts programmatically and then let them use a normal webmail interface like SquirrelMail or RoundCube. For instance, my webhost (bluehost) allows me 2500 email accounts - I am not sure how many yours allows - but I can upgrade to unlimited for a few extra dollars a month. I think that using the builtin email handling facility is a more robust way to go.
Your question is similar to this question.
Use a project like django-messages to handle messaging between your users.
If you want to let users receive mail from outside your Django site then you will need to set up an MTA to handle receiving and storing the email, then something like procmail to retrieve it into your Django message database.
Common MTA's are postfix, exim, and qmail. Python based ones listed in answers to this question
You'll also need to roll your own code to make each new user on your Django site a valid email recipient so they won't be rejected by the MTA.