Is there a way to unsubscribe from a user's presence? I no longer want to receive updates on /_ah/xmpp/presence/... for a particular user. I can't seem to find a simple API call to do that.
After digging around the XMPP protocol I found this which seems to indicate that doing a send_presence with presence type of 'unsubscribe' should work. Unfortunately digging into the GAE's xmpp API it appears that it defines
_VALID_PRESENCE_TYPES = frozenset([PRESENCE_TYPE_AVAILABLE,
PRESENCE_TYPE_UNAVAILABLE,
PRESENCE_TYPE_PROBE])
Which means I can't even do a send_presence(user_to_remove, status="", presence_type="unsubscribe") (PRESENCE_TYPE_AVAILABLE and others are just strings like "available" as per the xmpp specificiation)
Has anyone come across this issue or know how to achieve this ?
It seems that you can't. The docs (and the docstring) confirm that presence_type accepts a subset of the types defined in RFC 3921.
You can submit this as a feature request to the issue tracker.
As an experiment, you could re-implement your own "send_presence" that does the same thing as the existing function, without the check for valid presence types. Not officially sanctioned but worth a try.
One thing to note is that this won't block clients from re-subscribing from your bot or from badly-behaved clients ignoring it.
And as Drew mentioned, please do submit an issue on the issue tracker.
Related
I am writing a simple SOAP client application in Python.
WSDL file can be found here: https://clients.nationalmailing.com.au/ServiceTest/OrderService.svc?wsdl
Unfortunately the server declared usage of wsHttpBinding in its WSDL file and I had to learn how many troubles it brings to not-.NET developers.
I have working C# code (and it is pretty simple there) and used Fiddler to capture the traffic and analyze messages. Now I know the structure to follow. Client sends 2 subsequental messages.
I managed to create and send first request and receive a response from the server. BUT second request is a way more complex. I have found a library signxml which helped me to create <Signature> structure with all the fields that should present (as per captured traffic).
But the server continues to answer with "Error 500: An error occurred when verifying security for the message."
I realized that in the first message I put just random values for the following structure:
<s:Body>
<trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:TokenType>http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct</trust:TokenType>
<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
<trust:Entropy>
<trust:BinarySecret
u:Id="uuid-0649fd7a-9ae2-4f9f-964c-e3aa5d68e8cd-1"
Type="http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce">h/MaeQVSL5Br30Hnt/SAl274flYfZVZyx2Fri9zNuEY=</trust:BinarySecret>
</trust:Entropy>
<trust:KeySize>256</trust:KeySize>
</trust:RequestSecurityToken>
</s:Body>
The value of BinarySecret is just a random string encoded with Base64. I think this should be an issue on this stage. I also do not use the same parameters from server's response.
Could anyone explain how should I use Entropy.BinarySecret - should it take part in the calculations of Signature and how it is used?
Answering my own question. Yes, the issue was in improper usage of Entropy parameter.
To sign the message you need to generate a key, it consists of two parts (client entropy and server's entropy). They get combined with P_SHA1 algorithm into a key.
To anyone who find this post in the future: for Python have a look on signxml library and section 4 of ws-trust spec.
I'm seeing an issue where the SoftLayer API is missing the serverRoom field for over 75% of our servers. I've confirmed this using both their python and ruby libraries (https://softlayer-api-python-client.readthedocs.org/en/latest/api/managers/hardware/#SoftLayer.managers.hardware.HardwareManager.list_hardware and https://softlayer.github.io/ruby/server_locate/ respectively). Note that the ruby code I'm running is simply one of their published examples.
It seems like SoftLayer has a naming convention of creating FQDN like [dataCenter].[serverRoom].[rackNumber].[slotNumber]. I'm not sure if it is just another indicator of the problem or helpful in troubleshooting the root cause, but the servers that are missing serverRoom seem to be named incorrectly by SoftLayer, according to what appears to be SoftLayer's naming convention. They are named [dataCenter].[rackNumber].[slotNumber], notably missing serverRoom.
Basically it looks like their database (which I assume is backing their API) is just missing the serverRoom for most of the hosts, or they named most of our hosts incorrectly and the database can't account for it, so the info is missing when I call their API. Does anyone have a similar experience where SoftLayer perhaps named things wrong, or forgot to do this data entry, or are there some other/different API calls I should be making beyond what SoftLayer themselves recommend?
I tried to verify and reproduce the issue that you mentioned, but I couldn't. please Submit a ticket with all the information that you can provide to verify and isolate this issue.
SoftLayer support confirmed that there was a some sort of block on hidden sites where this info wasn't displayed via their API. Thanks to #ruber-cuellar was who said something similar in one of his comments, but I disagree that "There is not an issue." From my perspective there definitely was an issue that they (SoftLayer support) needed to resolve on their end before their example API calls started showing us all the info. Special thanks to ALLmightySPIFF on #softlayer who was able to repro the issue for me and provided a realtime response.
My project has been trying to implement a credential checker using scrypt. We've tried implementing our own credentials and checker objects, but we've had a lot of trouble getting pb to use them.
Pb seems hard-coded to use MD5 hashes over the wire, which absolutely won't work in our implementation; we don't have a way to get the correct password in plaintext on the server side, since we're using scrypt, so we need a way to transmit the password to be verified in plaintext instead. We've tried using twisted.cred.credentials.UsernamePassword with our credential checker, but it doesn't seem to make it to the server. (we still get _PortalAuthChallenger instead)
The ticket at http://twistedmatrix.com/trac/ticket/4398 seems to indicate that a PBServerFactory subclass is needed in order to support custom credential checkers in pb, but so far I have been completely unable to figure out what to override in order to make it use a different ICredentials implementation. Are there any examples (or even just documentation) of how to get pb to use a different credentials class?
PB isn't exactly hard-coded to use MD5 hashes over the wire; that's just the authentication protocol as it's currently implemented. You can do pretty much whatever you want by implementing your own authentication protocol - which, in PB, just means an object that you get to call some authentication methods on.
Make your own object that implements IPBRoot, and pass it to PBServerFactory. This just means you need to implement a method called rootObject which returns the root object for a particular connection (and then declare that implementation with Zope Interface, of course).
Your IPBRoot implementation should wrap a Portal, similar to similar to _PortalRoot in Twisted's implementation.
Then, make a remote method on the object returned from rootObject suitable to your application; maybe something like remote_loginPlaintext. In this method you can authenticate users however you want, then call login on your particular Portal with whatever credentials are derived from that interaction and make sense for your requirements (and whatever interface, although for hopefully obvious reasons, IPerspective is what I'd recommend).
The fact that the somewhat inflexible _PortalRoot (which only supports 2 credential types; IAnonymous and IUsernamePassword) is registered as the adapter for Portal, making it seem a bit more official than it really is. Don't think of it is as the "official" PB/Cred integration mechanism, just the "default" one.
It would be great if you could contribute a more flexible authentication mechanism (perhaps a full SASL implementation?) for PB so that we could support other authentication types. I hope that you'll consider doing that when your application's particular needs are met.
Here's a link to the preliminary fix we came up with: http://paste.skewedaspect.com/show/20/
Note that this requires the custom credential to be Copyable, and allows the default MD5 key exchange behavior to be controlled by the keyword arg useMD5Challenge.
Note: in our implementation we're leaving the checking entirely to the Checker and having our Credential object contain nothing but username and password, so no actual code is being serialized.
I want to create a gmail client with the ability to view emails as conversations (threads). In imaplib, there is a method:
IMAP4.thread(threading_algorithm, charset, search_criterion[, ...])
I think it could be the solution. Anybody has experience using it? Please give an example. Thanks.
That method is simply a wrapper to the IMAP4rev1 extension THREAD command. Have a look at this link which describes how that IMAP command works: https://www.rfc-editor.org/rfc/rfc5256
However, I'm not sure that Gmail actually implements the THREAD command. If it does, it should list 'THREAD=' among its capabilities.
As far as I know, Gmail uses an algorithm that is private, and it's not stated in RFCs.
They use a combination of headers (like in-reply-to and references) and considering subject (but in a different way that THREAD=references does).
I'm attempting to write a Python function to send an email to a list of users, using the default installed mail client. I want to open the email client, and give the user the opportunity to edit the list of users or the email body.
I did some searching, and according to here:
http://www.sightspecific.com/~mosh/WWW_FAQ/multrec.html
It's apparently against the RFC spec to put multiple comma-delimited recipients in a mailto link. However, that's the way everybody else seems to be doing it. What exactly is the modern stance on this?
Anyhow, I found the following two sites:
http://2ality.blogspot.com/2009/02/generate-emails-with-mailto-urls-and.html
http://www.megasolutions.net/python/invoke-users-standard-mail-client-64348.aspx
which seem to suggest solutions using urllib.parse (url.parse.quote for me), and webbrowser.open.
I tried the sample code from the first link (2ality.blogspot.com), and that worked fine, and opened my default mail client. However, when I try to use the code in my own module, it seems to open up my default browser, for some weird reason. No funny text in the address bar, it just opens up the browser.
The email_incorrect_phone_numbers() function is in the Employees class, which contains a dictionary (employee_dict) of Employee objects, which themselves have a number of employee attributes (sn, givenName, mail etc.). Full code is actually here (Python - Converting CSV to Objects - Code Design)
from urllib.parse import quote
import webbrowser
....
def email_incorrect_phone_numbers(self):
email_list = []
for employee in self.employee_dict.values():
if not PhoneNumberFormats.standard_format.search(employee.telephoneNumber):
print(employee.telephoneNumber, employee.sn, employee.givenName, employee.mail)
email_list.append(employee.mail)
recipients = ', '.join(email_list)
webbrowser.open("mailto:%s?subject=%s&body=%s" %
(recipients, quote("testing"), quote('testing'))
)
Any suggestions?
Cheers,
Victor
Well, since you asked for suggestions: forget about the mailto: scheme and webbrowser, and write a small SMTP client using Python's smtplib module. It's standard, fully supported on all systems, and there's an example included in the documentation which you can practically just copy-and-paste pieces out of.
Of course, if you're using smtplib you will have to ask the user for the details of an SMTP server to use (hostname and port, and probably a login/password). That is admittedly inconvenient, so I can see why you'd want to delegate to existing programs on the system to handle the email. Problem is, there's no system-independent way to do that. Even the webbrowser module doesn't work everywhere; some people use systems on which the module isn't able to detect the default (or any) browser, and even when it can, what happens when you provide a mailto: link is entirely up to the browser.
If you don't want to or can't use SMTP, your best bet might be to write a custom module that is able to detect and open the default email client on as many different systems as possible - basically what the webbrowser module does, except for email clients instead of browsers. In that case it's up to you to identify what kinds of mail clients your users have installed and make sure you support them. If you're thorough enough, you could probably publish your module on PyPI (Python package index) and perhaps even get it included in a future version of the Python standard library - I'm sure there are plenty of people who would appreciate something like that.
As is often the case in Python, somebody's already done most of the hard work. Check out this recipe.
In the following line, there shouldn’t be a space after the comma.
recipients = ', '.join(email_list)
Furthermore, Outlook needs semicolons, not commas. Apart from that, mailto never gave me grief.
The general tip is to test mailto URLs manually in the browser first and to debug URLs by printing them out and entering them manually.