Multi Factor Authentication with YII2-mfa plugin - yii2

Is there an example somewhere how to implement yii2-mfa in the yii user login?
I have implemented the plugin, but it not works. The Problem is, it looks like the script is skipping the login entirely. There is no login, but no view appears with the entry of the otp. The script tries to access the dashboard without logging in. However, this generates errors because the Yii::$app->user->identity is empty.

Related

Chrome Extension - send post request at certain time using external server

I am currently building a Chrome extension that lets users auto-register for courses on a particular website once registration opens. The registration process is just a simple fetch POST request with an authentication header.
Now, this already works using the chrome.alarms API while the browser is open, but for obvious reasons I would want this to also work once the user closes the browser. Do you have any ideas how to do this? I really want to avoid to externally save user data..
If this is impossible, my idea would be to send the registration fetch to an external server (maybe even one hosted on a Raspberry Pi? Other ideas?) and then execute it once the registration opens.

Some users get an error and weird URL when trying to access my Google Script. Debug Tips Welcome

I wrote two small Google Scripts that present simple forms to fill in. Most of my user community has no trouble using them. A small minority of users can never open the forms, instead they get "Sorry, unable to open the file at this time" error page for both forms. I can't find any common thread for why only some users fail. I've tested on multiple browsers on multiple machines, even on android devices, it never fails for me.
A couple of things I've noted:
when it fails for them the URL is re-written. The proper url starts with https://script.google.com/macros/s/... but for broken users when they paste that in they instead get https://script.google.com/macros/u/3/s/... (notice the "u/3" at the end)
There is no execution log created when they try to access the site, so I have no way to debug what's going on.
The app is permissioned so "Anyone" can access it, and it runs as my account
Sorry, I realize this problem description is impossibly vague. Any debug suggestions would be extremely welcome. I'm not a regular Google App Script developer, so I'm kinda stumbling in the dark with this one. Thanks in advance.
/u/3 means that the user have signed-in into multiple Google accounts, the number correspond to the zero-based index of the account in the order that the user followed to sign-in, 0 is for the default account, 1 is to de second account, 2 is for the thirds account and so on.
So, on your test include this use case, a user signed-in into multiple Google accounts.
NOTE: It's known that the HTML Service do not handle as expected this use case.
Related
AuthMode gets confused w/ multiple logged in users
We're sorry, a server error occurred while reading from storage. Error code PERMISSION_DENIED
Why is my script pushing an incorrect URL? [/u/2 inserted into script URL] (possible duplicate)

CakeDC/Users permissions for not-logged in visitors

I'm playing around with the CakeDC/Users plugin and I can't for the life of me figure out how to give permission for non-logged in visitors (lets call them 'guests') to access things like my /pages/home, or if I was to do a Blog plugin, allow guests to see posts etc (but not edit).
Is this possible using the 'permissions.php' file? Seems to only work for user groups (admin and user) rather than guests? Or do I have to play around with $this->Auth->allow() and $this->Auth->deny() as in this post which seems to make the permissions.php file kinda pointless...
RBAC permissions defined in CakeDC/Users are checked in the authorization step, which means you have a user already logged in (authenticated) requesting access to a specific controller/action.
All these checks happen in the core CakePHP AuthComponent per the plugin configuration.
You want to exclude specific pages from Auth, which is something managed outside of the plugin (for now). The right way to do that is using
$this->Auth->allow('yourAction');
In the controller's beforeFilter function.

Implementing the "sign in with slack" button for a drupal site

Slack offers a simple oauth method (sign in with slack) for existing slack users to cross-authenticate to "my platform," whatever that may be. I've been able to do everything on the slack side, including getting a real name and email address from slack's identity scope and finding my user in the drupal mysql database users table.
But how can I actually log this user in and create/regenerate a session programmatically? Is there a way to do this from command line using drush or something, without having to edit the php, because that's not my preference. I thought I could just modify the timestamps in the database, but it looks like the session object requires more than that.
So given a drupal uid, and access to the drupal DB, what do I do?
You can use Masquerade module to generate session for any Drupal user no matter what was his creation source
It sounds like you're looking for Selenium. It's a command line browser interface used to create test scenarios and web scraping tools. You can build code which implements selenium with java, python, and I think a few other languages. The tool has been such a life saver for me! I hope this helps.
Since both systems are on the same server, I wrote a python script to modify the drupal7 mysql database and "log them in" without using any drupal environment tricks. By updating the access timestamp for the user, the system treats as logged in. I also added code to run drush -user-create from the command line if the slack user's email doesn't match the drupal users table in the database.
This was definitely not my preferred route, but it seems drupal's own tricks are more along the line of a bot impersonating a user anyway.
I did not figure out how to create a session cookie and provide it to the user during login, so if you know how to do that, I'd love to know!

Google App Engine - SQL Access Control - Could not complete the operation

I've created my app and SQL container on Google App Engine. All is ready to go, I just need to grant network access to the SQL server from the application. When clicking the Add Item button, then entering the Application ID (I verified through what appears to be an ancient deprecated interface) then clicking save I get the following error:
Could not complete the operation. Dismiss
I've read the instructions and as far as I can tell this is the correct method. It's the same region as the App. Tried us-east and us-west.
I created another SQL instance just in case with the same results.
I checked the dns records of the provided application URL and added the 4 IPv4 and IPv6 addresses that were returned just in case I could do it that way. The app still can't connect to the database.
I'm not sure what to try next, does anybody have an idea how to allow access in this situation?
I created my Project in US-east1 originally, had the same problem as above. Went back and created another project in US-central. This problem "Could not complete the operation. Dismiss" went away. Easy way to tell that it is working, the "Preferred location" will auto populate with "Follow App Engine app", the "App Engine application id" will auto populate with your project app id, the "Authorized App Engine applications" will auto populate with the project app id as well.