Re: RobotUpload - API Key
Dear Samuele, - Messaggio originale - Da: "Samuele Kaplun" A: "Ricceri Rita" Cc: "project-invenio-devel (Invenio developers )" , "Tibor Simko" Inviato: Martedì, 17 maggio 2016 10:59:36 Oggetto: Re: RobotUpload - API Key Dear Rita, Il 11/05/2016 18:13, Ricceri Rita ha scritto: > I have followed your instruction but when I disabled the IP authentication I > cannot > perform any batchupload. The message I get is: > > [ERROR] Sorry, client IP 193.206.208.201 cannot use the service. > > > Analysing the code it seems that the method responsible for the upload, > cli_upload, > > (https://github.com/inveniosoftware/invenio/blob/v1.2.1/modules/bibupload/lib/batchuploader_engine.py#L94) > > will always perform the IP check. Is this correct? Are there other approaches > for the batchuploader which bypass > the IP security control using the APIs? You are right. However looking at the code, seems like, if you then authorize all IP addresses for the desired collection, and you set up a specific runbatchuploader authorization, it should then do the job. I changed the values in invenio-local.conf file CFG_BATCHUPLOADER_WEB_ROBOT_AGENTS = invenio_webupload|invenio_connector CFG_BATCHUPLOADER_WEB_ROBOT_RIGHTS ={ '0.0.0.0/0': [['*'], ['-o'], ['rita.ricc...@ct.infn.it]]} - #rricceri$ curl -T testapiricceri.xml -A invenio_webupload -H "Content-Type: application/marcxml+xml" 'http://mysite/batchuploader/robotupload/insert/?apikey="api-key"&uid="36"×tamp="1463488656"&signature="00";' [INFO] bibupload batchupload --insert /opt/invenio/var/tmp-shared/batchupload_20160517154512_Ka5t4N iRita:~ rricceri$ -- User "uid = 36" does not have the authorization for runbatchuploader. in the code there is not check for api-key Any idea? Thanks Rita
Re: RobotUpload - API Key
Dear Samuel, I have followed your instruction but when I disabled the IP authentication I cannot perform any batchupload. The message I get is: [ERROR] Sorry, client IP cannot use the service. Analysing the code it seems that the method responsible for the upload, cli_upload, (https://github.com/inveniosoftware/invenio/blob/v1.2.1/modules/bibupload/lib/batchuploader_engine.py#L94) will always perform the IP check. Is this correct? Are there other approaches for the batchuploader which bypass the IP security control using the APIs? Thanks in advance, Rita - Messaggio originale - Da: "Samuele Kaplun" A: "Ricceri Rita" Cc: "project-invenio-devel (Invenio developers )" , "Tibor Simko" Inviato: Lunedì, 9 maggio 2016 9:55:47 Oggetto: Re: RobotUpload - API Key Dear Rita, In data vendredi 6 mai 2016 17:26:32 CEST, Ricceri Rita ha scritto: > Now, I would like to use the Authorization based on API key. (API key a la > Twitter (in 1.1 and newer)) > Can you please point me to some documentations > I can use to configure this Authorization method ? The API key works across a whole installation. Your client needs a normal account in the system, to which an API key is generated in the "API keys" form within <.../youraccount/edit> You authorize the account of the client using regular WebAccess (e.g. you can grant it "runbatchuploader" action with a given collection. Then the client need to issue requests via robotupload as usual but adding some parameters: 1. Prepare your query (be sure to URL-encode it). 2. Add “apikey” with your public key to the list of parameters. 3. Sort (alphabetically) parameters of your query. 4. Create a HMAC-SHA1 signature of the full query (starting with http:// example.org/…) using your private key as the key. 5. Append the hexadecimal-encoded signature to your query string as “signature” parameter. See also: https://github.com/inveniosoftware/invenio/blob/maint-1.2/modules/ miscutil/lib/web_api_key.py#L177 Cheers! Samuele -- Samuele Kaplun INSPIRE Service Manager ** <http://inspirehep.net/>
Re: RobotUpload - API Key
Dear Samuel, I have followed your instruction but when I disabled the IP authentication I cannot perform any batchupload. The message I get is: [ERROR] Sorry, client IP 193.206.208.201 cannot use the service. Analysing the code it seems that the method responsible for the upload, cli_upload, (https://github.com/inveniosoftware/invenio/blob/v1.2.1/modules/bibupload/lib/batchuploader_engine.py#L94) will always perform the IP check. Is this correct? Are there other approaches for the batchuploader which bypass the IP security control using the APIs? Thanks in advance, Rita - Messaggio originale - Da: "Samuele Kaplun" A: "Ricceri Rita" Cc: "project-invenio-devel (Invenio developers )" , "Tibor Simko" Inviato: Lunedì, 9 maggio 2016 9:55:47 Oggetto: Re: RobotUpload - API Key Dear Rita, In data vendredi 6 mai 2016 17:26:32 CEST, Ricceri Rita ha scritto: > Now, I would like to use the Authorization based on API key. (API key a la > Twitter (in 1.1 and newer)) > Can you please point me to some documentations > I can use to configure this Authorization method ? The API key works across a whole installation. Your client needs a normal account in the system, to which an API key is generated in the "API keys" form within <.../youraccount/edit> You authorize the account of the client using regular WebAccess (e.g. you can grant it "runbatchuploader" action with a given collection. Then the client need to issue requests via robotupload as usual but adding some parameters: 1. Prepare your query (be sure to URL-encode it). 2. Add “apikey” with your public key to the list of parameters. 3. Sort (alphabetically) parameters of your query. 4. Create a HMAC-SHA1 signature of the full query (starting with http:// example.org/…) using your private key as the key. 5. Append the hexadecimal-encoded signature to your query string as “signature” parameter. See also: https://github.com/inveniosoftware/invenio/blob/maint-1.2/modules/ miscutil/lib/web_api_key.py#L177 Cheers! Samuele -- Samuele Kaplun INSPIRE Service Manager ** <http://inspirehep.net/>