D3 and mvBase

 View Only
  • 1.  MVS Toolkit

    PARTNER
    Posted 08-30-2021 14:15
    Hello,

    We would like to use MVS Toolkit with either a web page or a Flutter app.
    Specifically, I am looking for an example of user authentication. Did you write your own subroutine for tokens?
    We would like to create a simple shopping cart application. Any suggestions will be appreciated.

    Thank you,

    Chris

    ------------------------------
    Chris Wolcz
    Senior Software Developer
    Rocket Forum Shared Account
    Clifton Park NY United States
    ------------------------------


  • 2.  RE: MVS Toolkit

    ROCKETEER
    Posted 08-31-2021 10:59
    Edited by David Andrews 08-31-2021 15:57
    Hey, Chris, I remembered that a friend of mine, @Mike Nicklas, also a member of this Forum, has solved the concept of user/password authentication with the Toolkit. I've reached out to him to discuss. Maybe he'll see this post and reply!

    ------------------------------
    Brian S. Cram
    Principal Technical Support Engineer
    Rocket Software
    ------------------------------



  • 3.  RE: MVS Toolkit

    PARTNER
    Posted 08-31-2021 15:55
    Chris,  Yes the  MVS Toolkit  using JSON is the way I was able to create a login page that  passes data to D3 and then
    I used a Subroutine to control how I handle that info as well as pass back  response. What I used it for was to  pass a
    compliance issue by showing  the ability to email  a special code that was  needed to finish the logon process.
    So if you are good at making a web page then this is process for you.

    l hope this helps.



    ------------------------------
    Michael Nicklas
    president
    Mnm Software Services
    Apple Valley CA United States
    ------------------------------



  • 4.  RE: MVS Toolkit

    PARTNER
    Posted 09-01-2021 08:45

    Michael,

     

    Thank you for your response. If it is not a trade secret, would you mind sharing some code examples?

    Do you recommend any extra security measures? E.g.  generate a new token for every transaction, tracking IP or MAC address?

    Any recommendation on token length?



    ------------------------------
    Chris Wolcz
    Senior Software Developer
    Execontrol Global Solutions
    Clifton Park NY United States
    ------------------------------



  • 5.  RE: MVS Toolkit

    PARTNER
    Posted 09-03-2021 22:14

    Hello Chris

    I work with Rocketd3 and mvstoolkit and I have managed to make the connection type Basic Auth and Type Bear Token. I share my experience and code of the programs. I hope this information solves your question.

    Type  Basic Auth

    In this case you only get the user and password data that are sent in the header from the api.

    Example:

     ***********OBTENGO  USUARIO DESDE LA CABECERA**************  

     INCLUDE CORS_Headers                                         

     CALL MVSP.GET.HTTP.REQUEST.HEADER(RESPONSE)                  

     USR=TRIM(RESPONSE<2,1>[7,100])                               

     long=LEN(USR)                                                

     ***********DECODIFICO USER*******************************    

     IF USR # "WHATEVER" THEN                     

      error = "2000"   ;**2000 usuario incorrecto                 

      RETURN                                                       

     END  

     

    Type Bearer Token

    If you need to generate a JWT, you could do it in the following way, I use Python to generate it and I execute it from a pick program I share the example code.

     

    SUBROUTINE LOGIN(response)

           ******************************************************************

           *   Verifica si usuario Existe

           *   FPAREDES 31 AGOSTO 2020

           ******************************************************************

           *

           *

           OPEN "D3PYTHON" TO FPYTHON ELSE

              RESPONSE = "No se Encontro el Archivo D3PYTHON "

              RETURN

           END

          

           ***********Verifica que usuario y contrase¤a sean correctos**********

           OPEN "USUARIOS" TO FUSUARIO ELSE

              RESPONSE = "No se Encontro el Archivo USUARIOS "

              RETURN

           END

     

           OPEN "TOKEN" TO FTOKEN ELSE

              RESPONSE = "No se Encontro el Archivo TOKEN "

              RETURN

           END

           ***********OBTENGO  USUARIO DESDE LA CABECERA**************

           INCLUDE CORS_Headers

           CALL MVSP.GET.HTTP.REQUEST.HEADER(RESPONSE)

           USR=TRIM(RESPONSE<2,1>[7,100])

           long=LEN(USR)

           ***********DECODIFICO USER*******************************

           R1=''

           READ R1 FROM FPYTHON,"decode64.py" THEN

            R1<1>="import base64"

            R1<2>="encoded = '":USR:"'"

            R1<3>="data = base64.b64decode(encoded)"

            R1<4>="print(data)"

            WRITE R1 ON FPYTHON,"decode64.py"

           END ELSE

            R1<1>="import base64"

            R1<2>="encoded = '":USR:"'"

            R1<3>="data = base64.b64decode(encoded)"

            R1<4>="print(data)"

            WRITE R1 ON FPYTHON,"decode64.py"

           END

           SEL1 = "python C:\D3PYTHON\decode64.py"

           EXECUTE SEL1 CAPTURING JJ

           IDUSR=JJ<1>

           USR=FIELD(IDUSR,':',1); **USR

           PASS=FIELD(IDUSR,':',2); **PASS

           USER=OCONV(USR,"G1'1")

           PASSWORD=OCONV(PASS,"G0'1")

           *********************************************************

           R=''

           READ R FROM FUSUARIO,USER THEN

              IF PASSWORD # R<1> THEN

                 RESPONSE = "Password incorrecto"

                 RETURN

              END ELSE

                 R1=''

                 READ R1 FROM FPYTHON,"login.py" THEN

                    R1<1>="import jwt"

                    R1<2>="from time import time"

                    R1<3>='secret_key = "clavemexico"'

                    R1<4>="token = jwt.encode({"

                    R1<5>="'user': '":user:"',"

                    R1<6>="'password': '":password:"',"

                    R1<7>="'exp': time() + 300"

                    R1<8>="}, secret_key, algorithm='HS256').decode('utf-8')"

                    R1<9>="print(token)"

                    WRITE R1 ON FPYTHON,"login.py"

                 END ELSE

                    R1<1>="import jwt"

                    R1<2>="from time import time"

                    R1<3>='secret_key = "clavemexico"'

                    R1<4>="token = jwt.encode({"

                    R1<5>="'user': '":user:"',"

                    R1<6>="'password': '":password:"',"

                    R1<7>="'exp': time() + 300"

                    R1<8>="}, secret_key, algorithm='HS256').decode('utf-8')"

                    R1<9>="print(token)"

                    WRITE R1 ON FPYTHON,"login.py"

                 END

                 SEL = "python C:\D3PYTHON\login.py"

                 EXECUTE SEL CAPTURING XX

                 RESPONSE=XX<1>

                 ********GRABA ARCHIVO TOKEN***************

                 CLAVE=DATE():"*":TIME()

                 R2=''

                 READ R2 FROM FTOKEN,CLAVE THEN

                   R2<1>=RESPONSE

                   R2<2>=DATE()

                   R2<3>=TIME()

                   R2<4>=user

                   WRITE R2 ON FTOKEN,CLAVE

                 END ELSE

                   R2<1>=RESPONSE

                   R2<2>=DATE()

                   R2<3>=TIME()

                   R2<4>=user

                   WRITE R2 ON FTOKEN,CLAVE

                 END

              END

           END ELSE

              RESPONSE = "Usuario ":USER:" no existe"

              RETURN

           END      

           RETURN

     
    Python programs to get JWT.

    login.py                                                 

    import jwt

    from time import time

    secret_key = "clavemexico"

    token = jwt.encode({

    'user': 'mexico',

    'password': 'TijFGWIZSSFD',

    'exp': time() + 300

    }, secret_key, algorithm='HS256').decode('utf-8')

    print(token)

     

     

    decode64.py

    import base64

    encoded = 'd29jY3U6VGlqRkdXSVo='

    data = base64.b64decode(encoded)

    print(data)

     

    valida.py

    import jwt

    secret_key = "clavemexico"

    token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoid29jY3UiLCJwYXNzd29yZCI6IlRpakZHV0laIiwiZXhwIjoxNTk5MTA1MjA3LjY1MjYwNDh9.iM0U8MlbqSn9GzeSIUM3v_GrBpzyGTYPLjFUKUMdWQ0'

    payload = jwt.decode(token, secret_key, algorithms=['HS256'])

    print(payload)"

    Regards
    Fausto Paredes



    ------------------------------
    Fausto Paredes
    GENERAL MANAGER
    Admindysad Cia. Ltda.
    Quito Ecuador
    ------------------------------



  • 6.  RE: MVS Toolkit

    PARTNER
    Posted 09-07-2021 08:52
    Fausto,

    Thank you for your response. It is very helpful.
    We haven't use Python much but it seems like the easiest option. I think that D3 does not accept ASCII 255 characters in variables. Did you ever run into a problem with "ASCII 255" characters when capturing output from Python?

    Thanks,

    Chris

    ------------------------------
    Chris Wolcz
    Senior Software Developer
    Execontrol Global Solutions
    Clifton Park NY United States
    ------------------------------



  • 7.  RE: MVS Toolkit

    PARTNER
    Posted 09-07-2021 13:38
    Hello Chris

    If you refer to special characters like Ñ or tildes (á,é,í,ó,ú), I convert them with a subroutine.

    I attach an example that could help you.

    SUBROUTINE CONVUTF8(TXT)
        **FORMATO PARA TILDES Y N EN ESPANOL
        **FPAREDES 24-AGO-2020
        TXT = SWAP(TXT, CHAR(195):CHAR(145), CHAR(165)); * Ñ
        TXT = SWAP(TXT, CHAR(195):CHAR(177), CHAR(164)); * ñ    
        TXT = SWAP(TXT, CHAR(195):CHAR(129), CHAR(65)); * A
        TXT = SWAP(TXT, CHAR(195):CHAR(161), CHAR(160)); * á
        TXT = SWAP(TXT, CHAR(193), CHAR(65)); * A
        TXT = SWAP(TXT, CHAR(225), CHAR(160)); * a
        TXT = SWAP(TXT, CHAR(195):CHAR(137), CHAR(69)); * E
        TXT = SWAP(TXT, CHAR(195):CHAR(169), CHAR(130)); * é
        TXT = SWAP(TXT, CHAR(233), CHAR(130)); * e
        TXT = SWAP(TXT, CHAR(195):CHAR(141), CHAR(73)); * I
        TXT = SWAP(TXT, CHAR(195):CHAR(173), CHAR(161)); * i
        TXT = SWAP(TXT, CHAR(237), CHAR(161)); * i
        TXT = SWAP(TXT, CHAR(195):CHAR(147), CHAR(79)); * O
        TXT = SWAP(TXT, CHAR(195):CHAR(179), CHAR(162)); * ó
        TXT = SWAP(TXT, CHAR(243), CHAR(162)); * a
        TXT = SWAP(TXT, CHAR(195):CHAR(154), CHAR(85)); * U
        TXT = SWAP(TXT, CHAR(195):CHAR(186), CHAR(163)); * ú
        TXT = SWAP(TXT, CHAR(250), CHAR(163)); * u
    RETURN

    ------------------------------
    Fausto Paredes
    GENERAL MANAGER
    Admindysad Cia. Ltda.
    Quito Ecuador
    ------------------------------



  • 8.  RE: MVS Toolkit

    PARTNER
    Posted 09-07-2021 14:39
    Fausto,

    MR. Cram said: "ASCII 255 ( xFF ) is a Pick ( D3 and everybody else ) reserved character called a "segment" mark. It signifies the end of a string or the end of an item."

    I remember having a problem with it, when handled an encrypted string. :)

    Regards,

    Chris

    ------------------------------
    Chris Wolcz
    Senior Software Developer
    Execontrol Global Solutions
    Clifton Park NY United States
    ------------------------------



  • 9.  RE: MVS Toolkit

    ROCKETEER
    Posted 09-07-2021 15:10
    Still researching about whether xFF ( char(255) ) is the string termination character. In trying to test that theory, we tried concatenating some normal characters fore and aft of a segment mark ( var = "aaa":char(255):"bbb". I figured that the char(255) would truncate the string after "aaa", but I was wrong. I'm guessing that there's something in BASIC that rejects insertion of a char(255) into a string ( would make senses ). I'm still researching.

    ------------------------------
    Brian S. Cram
    Principal Technical Support Engineer
    Rocket Software
    ------------------------------



  • 10.  RE: MVS Toolkit

    Posted 09-07-2021 19:09
      |   view attached

    Hy i ussualy use this subroutine to clean up strings

    you just need to ajust or remove the precision statement... 

    and call the subroutine, it will clean up all the "non-printable" chars, fix others unicodes from differents charsets, and convert special chars to normal char



    ------------------------------
    Alberto Leal
    System Analist
    Millano Distribuidora de Auto Pecas Ltda
    Varzea Grande MT Brazil
    ------------------------------

    Attachment(s)

    txt
    LIMPAUNICODE.txt   4 KB 1 version