I am currently developing a server for android social network app. I am using Django and I need to add a real-time chat to it. I decided to use django-channels, but I am not sure how to use auth tokens coming to the server from the android to make the authentication in chat. Also, will django-channels even work properly in this situation or should I consider something else?
I would start be reading the following section of the Django channels documentation:
http://channels.readthedocs.io/en/stable/getting-started.html#authentication
As you can see you can use the session key from either the cookie, or from a GET parameter.
There are several decorators available to your web socket methods to retrieve session information.
These are:
#channel_session_user_from_http
#channel_session_user
#http_session
#http_session_user
etc...
By using these you can retrieve current user and other session details.
if you are going to use django-channels check this blog they wrote some decorators that do what channels sessions decorators(like those in #turbotux answer) do but for JWT.
Related
I am creating an app with appengine to manage datastore queries from my Android application.
I want certain parts of the appengine app to be executed only if the request comes from my Android application.
For example, if I want to create a new user, I create a POST request from my Android application and this POST is executed in my appengine app, creating a new entity in the datastore. I don't want people to create a form in a webpage and call the same POST request to create users outside the Android app.
What's the best solution for this?
You could give your app a key that has to be passed to the server to post.
Another approach would be to send a challenge from your server to your client at the beginning of protocole communication and then see if the client can find the solution. A typical challenge like this uses asymetric keys.
I am using asp.net web service with Android application for select and insert the data from MS-SQL Server.
I just want to web service only access by my Android application.
Because, web service is hosted on my private server and data is very secure. I am not want anyone can call my web service.
Any solution?
Make request in the POST request and use extra field to check for sender's. In this field you could use any secret key !
In your request, just put a SHA-1 key (e.g SHA1(Hard_coded_password_in_app_and_WS, unique_ID_stored_in_preference_and_in_data__base))
In your WS, just check if this parameter is ok, and then answer. It's not the best security ever, but it's quite easy to set up, and it will do the trick.
there are a few ways to do this (in my opinion):
if your app has user account involved, you can simply use user session to authenticate or the social logins eg. facebook
post request, with a header of a hashed key,
good read: https://weblogs.java.net/blog/gmurray71/archive/2006/08/restricting_acc.html
I have created an AppEngine connected Android application, and I'm trying to modify it to be able to store some user data on the server. I do not know what's the easiest way to do so, because I want it to be as simple as possible. I just want to store some basic data for every user. This data is: Name, Email, and some other Strings. I have created a form in the android side which will allow the user to type all the requested data, but I do not know how to send this information to the GAE server and store it in the datastore. I guess I will have to use a Servlet and some kind of RPC service to call the methods. I'm really lost because it is my first time doing this. I'm not experienced neither in android nor in web apps. I hope you can help me.
Update
Well, maybe I did not explain myself well. The system I've been asked to build consists on a web service that store your personal login credentials for most common sites (facebook, gmail, etc). Using a chrome extension, you ask the server for the credentials on the website you are navigating, and then the server asks to your phone for authorization. It will ask (do you give me permission to send your credentials to "some user"), and you have to ansewer yes or no and then the server will act in consequence. The point is that you have to store your credentials in the server in some way, maybe from the android app (which is what I was trying) or from somewhere else. I will also need authentication.
Pd: I use java for the server side.
Since you already started with AppEngine connected Android application, it makes sense to continue customizing it: App Engine Data Access: Adding Entities and RPC.
Update:
There are of course many ways to exchange data between client and server. The most simple would be a servlet handling GET and POST requests with some query parameters.
Also, most popoular lately is REST:
Android REST client: http://appfulcrum.com/2010/08/20/android-how-to-call-rest-service-using-asynctask/ (try using GSON instead to parse JSON)
Server: use a REST framework. My personal choice is RESTEasy. An example: http://ankiewsky.blogspot.com/2010/08/resteasy-on-googleappengine-corerest.html
Update 2:
The simplest possible way - making/handlin a simple POST request:
Android client - making POST request with parameters: http://www.androidsnippets.com/executing-a-http-post-request-with-httpclient
Server handling POST (or GET) and extracting parameters: http://www.exampledepot.com/egs/javax.servlet/GetReqParam.html
Find and follow thoroughly the Topic Index on this page. Gud luck
I'm trying to get json data from a django view (login required)
into a new android app I'm working on.
I would like to authenticate the user against the django login
and keep the cookie/session for all the django view calls to
get data from the server.
I did some googling but nothing helped me,
even if I guess it should be a quite common task.
Maybe I'm facing the problem from a wrong point of view..
So I'll switch the question to:
how can I do some user authenticated json request/response to a django server?
Any clue?
You have to do as the website expects, and you need to persist the session cookie.
What I did is using XML-RPC to do all the transfers.
Not exactly sure if it's the best way, considering django's xml-rpc support is some kind of a hack.
Here's a very detailed XML-RPC handler for django:
https://code.djangoproject.com/wiki/XML-RPC
then, setup ur client end on android.
When communication is okay. Start writing server end API.
from django.contrib.auth import authenticate
and use this function to do authentication.
Then for sessionId stuff, you need to go to backend db to manually do them: https://docs.djangoproject.com/en/dev/topics/http/sessions/
as u can see, this is why I don't think it's the best way. You can't send httprequest, hence most django build-in functions doesn't work.
I am writing an android program and I need to connect to the Drupal service to fretch the data or submit data. How can I do that?
Thank you very much!!!
I don't have a link available, but I know there was a fairly recent talk about using the Services module to integrate drupal with a mobile application. There is a featured article on the drupal website that discusses this a bit too.
I wrote an article with detailed instructions, about how to integrate Drupal with Android.
For connection to services, you can use xml-rpc.
You need xml-rpc client library for Android (for example, Redstone's lib with my modifications. You can find it at link, given at the end of my article about Drupal-Android integration).
xml-rpc exposes a set of remote methods, the most interesting are:
user.login - logs in user, it takes username and password as arguments
user.logout - logout
Node CRUD operations:
node.retrieve - retrieve
node.create - create a new node
node.update - update existing node
node.delete - delete node
node.index - get list of nodes
The same CRUD methods exists for other Drupal objects (files, comments, users, taxonomy_terms), only replace "node" to object name.
For example: "file.create" - create file, "file.index" - retrieve list of files, and etc
If you need to authorize, you need to call "user.login" first, and if call is succeeded,
store sessid and session_name values of returned method structure.
Then send value
session_name+"="+sessid
as cookie in all subsequent calls to identify the session. Also, you must enable "session authentication" checkbox in Drupal service endpoint configuration. Without it, all requests to endpoint will be executed as anonymous user.
If you need more details, you can find it here:
Drupal with Android integration: make posts and upload photos.
Sorry I don't know anything about Drupal services. But assuming they are a HTTP based services (e.g. REST service), Android uses the Apache HTTP library, see here for the HTTP docs.