MVS Toolkit | Rocket Forum

Hello,

We would like to use MVS Toolkit with either a web page or a Flutter app.
Specifically, I am looking for an example of user authentication. Did you write your own subroutine for tokens?
We would like to create a simple shopping cart application. Any suggestions will be appreciated.

Thank you,

Chris

------------------------------
Chris Wolcz
Senior Software Developer
Rocket Forum Shared Account
Clifton Park NY United States
------------------------------

Hey, Chris, I remembered that a friend of mine, @Michael Nicklas, also a member of this Forum, has solved the concept of user/password authentication with the Toolkit. I've reached out to him to discuss. Maybe he'll see this post and reply!

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------

Chris, Yes the MVS Toolkit using JSON is the way I was able to create a login page that passes data to D3 and then
I used a Subroutine to control how I handle that info as well as pass back response. What I used it for was to pass a
compliance issue by showing the ability to email a special code that was needed to finish the logon process.
So if you are good at making a web page then this is process for you.

l hope this helps.

------------------------------
Michael Nicklas
president
Mnm Software Services
Apple Valley CA United States
------------------------------

Michael,

Thank you for your response. If it is not a trade secret, would you mind sharing some code examples?

Do you recommend any extra security measures? E.g. generate a new token for every transaction, tracking IP or MAC address?

Any recommendation on token length?

------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------

Hello,

We would like to use MVS Toolkit with either a web page or a Flutter app.
Specifically, I am looking for an example of user authentication. Did you write your own subroutine for tokens?
We would like to create a simple shopping cart application. Any suggestions will be appreciated.

Thank you,

Chris

------------------------------
Chris Wolcz
Senior Software Developer
Rocket Forum Shared Account
Clifton Park NY United States
------------------------------

Hello Chris

I work with Rocketd3 and mvstoolkit and I have managed to make the connection type Basic Auth and Type Bear Token. I share my experience and code of the programs. I hope this information solves your question.

Type Basic Auth

In this case you only get the user and password data that are sent in the header from the api.

Example:

***********OBTENGO USUARIO DESDE LA CABECERA**************

INCLUDE CORS_Headers

CALL MVSP.GET.HTTP.REQUEST.HEADER(RESPONSE)

USR=TRIM(RESPONSE<2,1>[7,100])

long=LEN(USR)

***********DECODIFICO USER*******************************

IF USR # "WHATEVER" THEN

error = "2000" ;**2000 usuario incorrecto

RETURN

END

Type Bearer Token

If you need to generate a JWT, you could do it in the following way, I use Python to generate it and I execute it from a pick program I share the example code.

SUBROUTINE LOGIN(response)

******************************************************************

* Verifica si usuario Existe

* FPAREDES 31 AGOSTO 2020

******************************************************************

*

OPEN "D3PYTHON" TO FPYTHON ELSE

RESPONSE = "No se Encontro el Archivo D3PYTHON "

RETURN

END

***********Verifica que usuario y contrase¤a sean correctos**********

OPEN "USUARIOS" TO FUSUARIO ELSE

RESPONSE = "No se Encontro el Archivo USUARIOS "

RETURN

END

OPEN "TOKEN" TO FTOKEN ELSE

RESPONSE = "No se Encontro el Archivo TOKEN "

RETURN

END

***********OBTENGO USUARIO DESDE LA CABECERA**************

INCLUDE CORS_Headers

CALL MVSP.GET.HTTP.REQUEST.HEADER(RESPONSE)

USR=TRIM(RESPONSE<2,1>[7,100])

long=LEN(USR)

***********DECODIFICO USER*******************************

R1=''

READ R1 FROM FPYTHON,"decode64.py" THEN

R1<1>="import base64"

R1<2>="encoded = '":USR:"'"

R1<3>="data = base64.b64decode(encoded)"

R1<4>="print(data)"

WRITE R1 ON FPYTHON,"decode64.py"

END ELSE

R1<1>="import base64"

R1<2>="encoded = '":USR:"'"

R1<3>="data = base64.b64decode(encoded)"

R1<4>="print(data)"

WRITE R1 ON FPYTHON,"decode64.py"

END

SEL1 = "python C:\\D3PYTHON\\decode64.py"

EXECUTE SEL1 CAPTURING JJ

IDUSR=JJ<1>

USR=FIELD(IDUSR,':',1); **USR

PASS=FIELD(IDUSR,':',2); **PASS

USER=OCONV(USR,"G1'1")

PASSWORD=OCONV(PASS,"G0'1")

*********************************************************

R=''

READ R FROM FUSUARIO,USER THEN

IF PASSWORD # R<1> THEN

RESPONSE = "Password incorrecto"

RETURN

END ELSE

R1=''

READ R1 FROM FPYTHON,"login.py" THEN

R1<1>="import jwt"

R1<2>="from time import time"

R1<3>='secret_key = "clavemexico"'

R1<4>="token = jwt.encode({"

R1<5>="'user': '":user:"',"

R1<6>="'password': '":password:"',"

R1<7>="'exp': time() + 300"

R1<8>="}, secret_key, algorithm='HS256').decode('utf-8')"

R1<9>="print(token)"

WRITE R1 ON FPYTHON,"login.py"

END ELSE

R1<1>="import jwt"

R1<2>="from time import time"

R1<3>='secret_key = "clavemexico"'

R1<4>="token = jwt.encode({"

R1<5>="'user': '":user:"',"

R1<6>="'password': '":password:"',"

R1<7>="'exp': time() + 300"

R1<8>="}, secret_key, algorithm='HS256').decode('utf-8')"

R1<9>="print(token)"

WRITE R1 ON FPYTHON,"login.py"

END

SEL = "python C:\\D3PYTHON\\login.py"

EXECUTE SEL CAPTURING XX

RESPONSE=XX<1>

********GRABA ARCHIVO TOKEN***************

CLAVE=DATE():"*":TIME()

R2=''

READ R2 FROM FTOKEN,CLAVE THEN

R2<1>=RESPONSE

R2<2>=DATE()

R2<3>=TIME()

R2<4>=user

WRITE R2 ON FTOKEN,CLAVE

END ELSE

R2<1>=RESPONSE

R2<2>=DATE()

R2<3>=TIME()

R2<4>=user

WRITE R2 ON FTOKEN,CLAVE

END

END ELSE

RESPONSE = "Usuario ":USER:" no existe"

RETURN

END

RETURN

Python programs to get JWT.

login.py

import jwt

from time import time

secret_key = "clavemexico"

token = jwt.encode({

'user': 'mexico',

'password': 'TijFGWIZSSFD',

'exp': time() + 300

}, secret_key, algorithm='HS256').decode('utf-8')

print(token)

decode64.py

import base64

encoded = 'd29jY3U6VGlqRkdXSVo='

data = base64.b64decode(encoded)

print(data)

valida.py

import jwt

secret_key = "clavemexico"

token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoid29jY3UiLCJwYXNzd29yZCI6IlRpakZHV0laIiwiZXhwIjoxNTk5MTA1MjA3LjY1MjYwNDh9.iM0U8MlbqSn9GzeSIUM3v_GrBpzyGTYPLjFUKUMdWQ0'

payload = jwt.decode(token, secret_key, algorithms=['HS256'])

print(payload)"

Regards
Fausto Paredes

------------------------------
Fausto Paredes
GENERAL MANAGER
Admindysad Cia. Ltda.
Quito Ecuador
------------------------------

Hello Chris

I work with Rocketd3 and mvstoolkit and I have managed to make the connection type Basic Auth and Type Bear Token. I share my experience and code of the programs. I hope this information solves your question.

Type Basic Auth

In this case you only get the user and password data that are sent in the header from the api.

Example:

***********OBTENGO USUARIO DESDE LA CABECERA**************

INCLUDE CORS_Headers

CALL MVSP.GET.HTTP.REQUEST.HEADER(RESPONSE)

USR=TRIM(RESPONSE<2,1>[7,100])

long=LEN(USR)

***********DECODIFICO USER*******************************

IF USR # "WHATEVER" THEN

error = "2000" ;**2000 usuario incorrecto

RETURN

END

Type Bearer Token

If you need to generate a JWT, you could do it in the following way, I use Python to generate it and I execute it from a pick program I share the example code.

SUBROUTINE LOGIN(response)

******************************************************************

* Verifica si usuario Existe

* FPAREDES 31 AGOSTO 2020

******************************************************************

*

OPEN "D3PYTHON" TO FPYTHON ELSE

RESPONSE = "No se Encontro el Archivo D3PYTHON "

RETURN

END

***********Verifica que usuario y contrase¤a sean correctos**********

OPEN "USUARIOS" TO FUSUARIO ELSE

RESPONSE = "No se Encontro el Archivo USUARIOS "

RETURN

END

OPEN "TOKEN" TO FTOKEN ELSE

RESPONSE = "No se Encontro el Archivo TOKEN "

RETURN

END

***********OBTENGO USUARIO DESDE LA CABECERA**************

INCLUDE CORS_Headers

CALL MVSP.GET.HTTP.REQUEST.HEADER(RESPONSE)

USR=TRIM(RESPONSE<2,1>[7,100])

long=LEN(USR)

***********DECODIFICO USER*******************************

R1=''

READ R1 FROM FPYTHON,"decode64.py" THEN

R1<1>="import base64"

R1<2>="encoded = '":USR:"'"

R1<3>="data = base64.b64decode(encoded)"

R1<4>="print(data)"

WRITE R1 ON FPYTHON,"decode64.py"

END ELSE

R1<1>="import base64"

R1<2>="encoded = '":USR:"'"

R1<3>="data = base64.b64decode(encoded)"

R1<4>="print(data)"

WRITE R1 ON FPYTHON,"decode64.py"

END

SEL1 = "python C:\\D3PYTHON\\decode64.py"

EXECUTE SEL1 CAPTURING JJ

IDUSR=JJ<1>

USR=FIELD(IDUSR,':',1); **USR

PASS=FIELD(IDUSR,':',2); **PASS

USER=OCONV(USR,"G1'1")

PASSWORD=OCONV(PASS,"G0'1")

*********************************************************

R=''

READ R FROM FUSUARIO,USER THEN

IF PASSWORD # R<1> THEN

RESPONSE = "Password incorrecto"

RETURN

END ELSE

R1=''

READ R1 FROM FPYTHON,"login.py" THEN

R1<1>="import jwt"

R1<2>="from time import time"

R1<3>='secret_key = "clavemexico"'

R1<4>="token = jwt.encode({"

R1<5>="'user': '":user:"',"

R1<6>="'password': '":password:"',"

R1<7>="'exp': time() + 300"

R1<8>="}, secret_key, algorithm='HS256').decode('utf-8')"

R1<9>="print(token)"

WRITE R1 ON FPYTHON,"login.py"

END ELSE

R1<1>="import jwt"

R1<2>="from time import time"

R1<3>='secret_key = "clavemexico"'

R1<4>="token = jwt.encode({"

R1<5>="'user': '":user:"',"

R1<6>="'password': '":password:"',"

R1<7>="'exp': time() + 300"

R1<8>="}, secret_key, algorithm='HS256').decode('utf-8')"

R1<9>="print(token)"

WRITE R1 ON FPYTHON,"login.py"

END

SEL = "python C:\\D3PYTHON\\login.py"

EXECUTE SEL CAPTURING XX

RESPONSE=XX<1>

********GRABA ARCHIVO TOKEN***************

CLAVE=DATE():"*":TIME()

R2=''

READ R2 FROM FTOKEN,CLAVE THEN

R2<1>=RESPONSE

R2<2>=DATE()

R2<3>=TIME()

R2<4>=user

WRITE R2 ON FTOKEN,CLAVE

END ELSE

R2<1>=RESPONSE

R2<2>=DATE()

R2<3>=TIME()

R2<4>=user

WRITE R2 ON FTOKEN,CLAVE

END

END ELSE

RESPONSE = "Usuario ":USER:" no existe"

RETURN

END

RETURN

Python programs to get JWT.

login.py

import jwt

from time import time

secret_key = "clavemexico"

token = jwt.encode({

'user': 'mexico',

'password': 'TijFGWIZSSFD',

'exp': time() + 300

}, secret_key, algorithm='HS256').decode('utf-8')

print(token)

decode64.py

import base64

encoded = 'd29jY3U6VGlqRkdXSVo='

data = base64.b64decode(encoded)

print(data)

valida.py

import jwt

secret_key = "clavemexico"

token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoid29jY3UiLCJwYXNzd29yZCI6IlRpakZHV0laIiwiZXhwIjoxNTk5MTA1MjA3LjY1MjYwNDh9.iM0U8MlbqSn9GzeSIUM3v_GrBpzyGTYPLjFUKUMdWQ0'

payload = jwt.decode(token, secret_key, algorithms=['HS256'])

print(payload)"

Regards
Fausto Paredes

------------------------------
Fausto Paredes
GENERAL MANAGER
Admindysad Cia. Ltda.
Quito Ecuador
------------------------------

Fausto,

Thank you for your response. It is very helpful.
We haven't use Python much but it seems like the easiest option. I think that D3 does not accept ASCII 255 characters in variables. Did you ever run into a problem with "ASCII 255" characters when capturing output from Python?

Thanks,

Chris

------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------

Hello Chris

If you refer to special characters like Ñ or tildes (á,é,í,ó,ú), I convert them with a subroutine.

I attach an example that could help you.

SUBROUTINE CONVUTF8(TXT)
**FORMATO PARA TILDES Y N EN ESPANOL
**FPAREDES 24-AGO-2020
TXT = SWAP(TXT, CHAR(195):CHAR(145), CHAR(165)); * Ñ
TXT = SWAP(TXT, CHAR(195):CHAR(177), CHAR(164)); * ñ
TXT = SWAP(TXT, CHAR(195):CHAR(129), CHAR(65)); * A
TXT = SWAP(TXT, CHAR(195):CHAR(161), CHAR(160)); * á
TXT = SWAP(TXT, CHAR(193), CHAR(65)); * A
TXT = SWAP(TXT, CHAR(225), CHAR(160)); * a
TXT = SWAP(TXT, CHAR(195):CHAR(137), CHAR(69)); * E
TXT = SWAP(TXT, CHAR(195):CHAR(169), CHAR(130)); * é
TXT = SWAP(TXT, CHAR(233), CHAR(130)); * e
TXT = SWAP(TXT, CHAR(195):CHAR(141), CHAR(73)); * I
TXT = SWAP(TXT, CHAR(195):CHAR(173), CHAR(161)); * i
TXT = SWAP(TXT, CHAR(237), CHAR(161)); * i
TXT = SWAP(TXT, CHAR(195):CHAR(147), CHAR(79)); * O
TXT = SWAP(TXT, CHAR(195):CHAR(179), CHAR(162)); * ó
TXT = SWAP(TXT, CHAR(243), CHAR(162)); * a
TXT = SWAP(TXT, CHAR(195):CHAR(154), CHAR(85)); * U
TXT = SWAP(TXT, CHAR(195):CHAR(186), CHAR(163)); * ú
TXT = SWAP(TXT, CHAR(250), CHAR(163)); * u
RETURN

------------------------------
Fausto Paredes
GENERAL MANAGER
Admindysad Cia. Ltda.
Quito Ecuador
------------------------------

Fausto,

MR. Cram said: "ASCII 255 ( xFF ) is a Pick ( D3 and everybody else ) reserved character called a "segment" mark. It signifies the end of a string or the end of an item."

I remember having a problem with it, when handled an encrypted string. :)

Regards,

Chris

------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------

Still researching about whether xFF ( char(255) ) is the string termination character. In trying to test that theory, we tried concatenating some normal characters fore and aft of a segment mark ( var = "aaa":char(255):"bbb". I figured that the char(255) would truncate the string after "aaa", but I was wrong. I'm guessing that there's something in BASIC that rejects insertion of a char(255) into a string ( would make senses ). I'm still researching.

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------

Hy i ussualy use this subroutine to clean up strings

you just need to ajust or remove the precision statement...

and call the subroutine, it will clean up all the "non-printable" chars, fix others unicodes from differents charsets, and convert special chars to normal char

------------------------------
Alberto Leal
System Analist
Millano Distribuidora de Auto Pecas Ltda
Varzea Grande MT Brazil
------------------------------

Sign up

Please log in or register:

Welcome to the Rocket Forum!

Please log in or register:

Scanning file for viruses.

This file cannot be downloaded