I'm currently trying to write some test for a small play (2.4.0) application. I need to get a link that I send in a mail (generated with database content), but I didn't find how to get access directly to the mocked email.
I know from another answer that there was a way to do it for the play 1.x versions but I didn't find any equivalent. Any idea?
Related
I have a java (Spring boot) web service which does not have any UI.
I want to send a dynamic Email (created using Thymeleaf and injecting values from a database) using my web service on a daily Cron schedule, using Microsoft Graph and O365 APIs.
Right now I use SMTP to send emails, but I cannot use it anymore as that is no longer going to be supported by the O365 account that I am using.
I found the SendMail APIs on the Graph Documentation which looks pretty straightforward.
But, using the Graph AIPs requires you to create an Azure AD project first and use their Microsoft Identity platform - which I created.
Now, the problem is that most of the flows also require a user to manually login from a login window.
This is where things get complicated.
I do not have a place to show a Login window to any user from my web service, because it is just a backend service there is no UI. I intend to use a service account for sending the emails through the Application.
I found a Daemon support as well, but it seems to only support Python or .Net code.
Migrating my code from Java to either of those platforms just to be able to send emails
does not feel like a good solution.
And, I'm not even sure if they even offer similar capabilities of sending dynamic emails like Java+Thylemeaf do?
Is there a way to be able to continue doing this using my existing code in Java?
If not, then as the worst case scenario, are there any libraries in Python which can allow me to send dynamic emails like thymeleaf does in Java?
As you don't want to manually login from a login window, you can use the client credential flow.
Here is the guide regarding how to access graph api without user.
Reference:
msgraph-sdk-java-auth (You can choose to use Client credential provider)
I created endpoint apis but problem is anyone with my project id can go to api explorer and execute those apis. I have put only android client id (using debug keystore) on top of endpoint class declaration but still I can go to incognito mode and execute the apis. How can I restrict the apis so that only my android apps have access and all others will be thrown with some exception?
The APIs can be protected by adding a key parameter that has to be correct for API to be invoked. If the user of the API does not know the key, he won't be able to use the API even with API Explorer.
Advantages of this approach is that it is simple to do, allow you yourself to experiment with the API if you need.
Disadvantages include being very easy to circumvent by a determined user, just by looking at the traffic.
You need to make sure that you have coded your API/backend correctly to only accept the clientId for your app; make sure that you do not see com.google.api.server.spi.Constant.API_EXPLORER_CLIENT_ID as one of the clientIds in your #Api annotation on the API class:
#Api(
name = "myApi",
version = "v1",
clientIds = {<your android clientId>},
)
public class myApi {
// your API code here
}
If the API Explorer client ID is present, it will allow it to execute your API from the API. I am not 100% sure, but I think you may still see your API form the explorer without the client ID, but execution will be prevented with an error.
This article has more info: https://cloud.google.com/appengine/docs/java/endpoints/auth#Specifying_authorized_clients_in_the_API_backend
You may want to think about putting proper auth around the endpoint calls (i.e. per-user auth checks around each method) if it is particularly sensitive. Just adding a User parameter to the #ApiMethod should be enough for force users to auth before executing each method.
Hope that helps.
You can use on each api allowed_client_ids to be ANDROID_CLIENT_ID only, can be a possible workaround.
I think this could help if you haven't followed it yet : https://cloud.google.com/appengine/docs/python/endpoints/auth#Python_Creating_OAuth_20_client_IDs
Use symmetric key cryptography along with digital signatures for this. However, you'll need to share the key with the Android app first.
Here's how it would work.
Whenever the Android app is making a network request, you take the URL & the parameters, then you Hash it and then encrypt it using the shared private key. You then append the signature as another parameter to the URL.
At the receiving end, your web API will validate whether the request came from your Android app ONLY.
Please note, that this will work ONLY for your app. It will not work as a way to catch all generic Android requests/
Here are some points for consideration :
Cloud Endpoints has been supporting the ANDROID CLIENT ID and
package signing, so that should atleast take care of the fact that
only a signed Android application from your side can access the
endpoint
.
If you wish to remove the Web Clients from access, then I would
probably look into the HTTP Headers and Agents to see if there is a
sure way of identifying these web clients.However, this would
require that you write your own Authorization logic in the method
since I do not believe that the endpoints infrastructure can take
care of this automatically for you
.
Remove access for everyone via the Annotations could be
problematic if you want a quick way to use the API Explorer to test
out the API. So do keep the API Explorer access available.
I'm trying to set up Google Identity Toolkit (GIT) on a test webpage on localhost. I completed all the necessary steps on Google Console and downloaded the Java sample from the tutorial, and it's working.
Now what I want to do is disable self-registration (which I couln't disable), create users on GIT, send them an email link activation and set password for first time. I took a look at the API provided, but there's no way I can figure out how to use it.
I managed to create users and delete them with com.google.identitytoolkit classes like GitkitClient and GitkitUser, as seen in the example, but I cannot get the email activation and password reset working.
If anybody can point me to some good examples on how to do that, I'll really appreciate it.
I'm writing an application which will need to be able to receive email from a specific account (in this instance Gmail) and get the unique Gmail ID of each message in order for it to create a link to that message for future reference.
All of this can be done in Java using the JavaMail API and the GmailMessage class and connecting via 'gimaps'. However this API doesn't compile when imported into my Android application - Unable to execute dex: Multiple dex files define Lcom/sun/mail/iap/AString I get different variations of these depending on which jars I try to import (pop3, imap, gimap etc)
Searching around it seems I need to use one of the JavaMail android ports however none of them have the ability to grab the Gmail unique message id.
So my question is does anyone know of a way to do this on Android, using either the official JavaMail API (if that's possible) or using on the various ports?
Thanks.
EDIT:
Thanks, actually I've got it partially working using a port found here https://code.google.com/p/java-gmail-imap/ however it crashes when trying to grab the body of text from the email. I know this is due to the same files missing that are corrected in this port https://code.google.com/p/javamail-android/
I've checked out the java-gmail-imap code into eclipse to try and add the missing classes from the android port but everytime I export I get java.lang.NoClassDefFoundError: com.google.code.javax.mail.Session
Opening the jar file this class is present.. anyone know what I could be doing wrong?
Unfortunately, Android isn't Java, so some of this stuff might not work.
Based only on the error message, it looks like you've tried to import multiple jar files that define the same class (com.sun.mail.iap.AString). Check that you don't have more than one copy of JavaMail in your application.
I managed to get this working using the library found here and changing some of the imports to the myjava.* imports from the Android Java Mail port.
I am looking for a way to validate the DKIM signature of the incoming email.
I know how to do it in Java SE but it will use classes like javax.naming.directory.DirContext to get data from DNS server and this class is not white listed in App Engine.
Any idea how to communicate with DNS form Google App engine?
There is a blog post that says:
Once you've configured DKIM, just send
an email from your Google Apps account
to:
dkim#dkim-test.appspotmail.com
within minutes, you should get back an
email that says "PASS" or "FAIL". If
your test passed, you're all set!
I tried it and it works!
It seems like a Google App Engine Application. How is it done?!
I'm the author of the dkim-test app. Unfortunately I did not actually find a native way to do DNS queries in AppEngine. There's a feature request in the AppEngine issues tracker here:
http://code.google.com/p/googleappengine/issues/detail?id=354
The way I got around this for dkim-test was to do a HTTP GET request to http://whatsmyip.us/dns_txt.php?host=google.com (where google.com is the host I want to retrieve TXT records for).
Obviously there are some down sides here. dkim-test is entirely dependent on whatsmyip.us to work, should that service go down or they decide to block dkim-test, then it would break. Things would also break if they changed the format of the response.