HPP Incorrect hash - realex-payments-api

I send a request to the sandbox to "Pay By Link".
URL: https://pay.sandbox.realexpayments.com/pay
I get an error in response.
{"errors":[{"resultCode":508,"internalErrorCode":61000,"errorMessage":"Incorrect hash. Please check your code and the Developers Documentation."}]}
The hash is calculated correctly (the values obtained through the SDK and calculated manually are the same).
This is possible with the wrong shared secret.
I use the values of the MerchantId and the SharedSecret in my account on the https://developer.globalpay.com/gp_api_credentials/
(My Account->Ecomm API Credentials->Sandbox Credentials)
How to fix the error?
Can i change the "Ecomm API Credentials->Sandbox Credentials" ?

The server reply is often completely wrong, so don't believe the error message it tells you. Remove all optional config field values (such as CardStorageEnabled) and try again. Then it should work, and after that you can re-enable the optional fields one by one to see which one causes the error.

Related

Remove Additional Parameter from post logout URL

When the user clicked on the logout button after successful logout user redirects back to callbackurl with additional query parameters.
You can see below the URL return
https://localhost:9443/?sp={spname}&tenantDomain=carbon.super
Can anyone please help me with how we can remove these two sp and tenantDomain parameters?
I found the below article, also there are these two additional parameters.
https://piraveenaparalogarajah.medium.com/rp-initiated-logout-with-wso2-identity-server-b1fde28c4d80
Can search the below text in the article for reference.
Redirect to post_logout_redirect_uri
This seems to be introduced with the fix done for https://github.com/wso2/product-is/issues/3266. It has added the service provider name and tenant domain as query parameters for the success flow as well in addition to the failure flows.
Unfortunately, there is no way to configure this. But you may report this at https://github.com/wso2/product-is/issues and the team will decide whether this needs to be fixed.
This issue is reported for IS 5.10.0:https://github.com/wso2/product-is/issues/12723

Blockstack-Radiks: Missing signing keys

I am adding Radiks to my blockstack project. When saving the first model I receive the following error:
Unhandled promise rejection TypeError: "First argument must be a string, Buffer, ArrayBuffer, Array, or array-like object."
fromObject index.js:311
from index.js:137
from index.js:149
getPublicKeyFromPrivate keys.js:25
signECDSA ec.js:139
sign model.js:249
save model.js:157
It looks like that a userGroupKey is missing. Where do I need to specify it? The configuration is just a fake radiks server url. Does that matter?
You need to have at least a local radiks server running.
The issue for me was that I didn't call User.createWithCurrentUser on each page. I did on the login page when handlingPendingSignIn but I didn't on pages when the user was already signed in (after isUserSignedIn). Adding User.createWithCurrentUser on these pages solved the problem.

External authentication doesn't work in Datazen

I set the authentication in control panel as below:
and i call the viewer by this code:
$.ajax({url: 'http://192.168.17.31/viewer',
headers: {'thisistheheadername':'thisistheheadername'},
type : 'GET'
});
but still request redirects to login page:
http://192.168.17.31/viewer/login
I'm not totally sure what you're trying to do. I've never seen AJAX used with Datazen like this, although I suppose I can understand how it might work. Of course, it won't be secure, because the browser could always indicate who the user should be--there's no checking.
The top chart in this answer might help you. But beyond that, what tells you it's sending to the login page? Where are you trying to display the results?
The two things I would check on outside of those, though, are:
Your header is not correct, unless you've got a user named "thisistheheadername" as well. You should be passing a username through that value. I don't recall specifically, but it could send you to the login page if it doesn't recognize the username.
Are you sure external authentication is enabled? I would check in the "Configuration" section on the server to ensure it isn't still "default." The core service must be stopped before changes are persisted.

$_GET values being stripped by returnUrl (on an authentication server not under my control)

Issue:
An authentication server (not under my control) is stripping get values after the first from the returnUrl. Is there any way to work around this? (Or around the larger problem as a whole?)
e.g. http://authentication.corporate.com?returnUrl=http://localserver/addcomment.php?FirstName=Sally&SecondName=Sparrow redirects as http://authentication.corporate.com?returnUrl=http://localserver/addcomment.php?FirstName=Sally, stripping any subsequent $_GET values.
(I am led to believe through my research that the stripping of the $_GET values may be an issue with what the authentication server is doing, but I have no way of getting access to it. If this is the case, is there a workaround? If this is not the case, what am I doing wrong?)
Context:
I am writing part of a web application which is to allow users to add comments to documents. The web application must retrieve the user's (correct) corporate username, first name and last name.
I am updating a previous version of this web application which allowed users to add comments in a two-step process.
Step 1 After clicking an 'Add Comment' hyperlink, the user is authenticated and a returnUrl value directs them to a page where they may add their comment. http://authentication.corporate.com?returnUrl=http://localserver/addcomment.php
Step 2 In addcomment.php $_POST values have been retrieved (and confirmed as correct) from the authentication server. The user may then enter their comments in a textarea and submit them via action=post to a final page which inserts the comment and user information into a database.
I would like to reduce this to a one-step process where the user may type in a comment on the main page. The way I am attempting to do this is by passing the comment as a $_GET value to be returned via the authentication server. e.g. http://authentication.corporate.com?returnUrl=http://localserver/addcomment.php?FirstName=Sally&SecondName=Sparrow along with the $_POST values.

Box API v2 Create a Shared Link for a File with permissions.download config return 500 Internal Server Error

Here is the params that I sent along with create shared link and got "Internal Server Error"
{"shared_link":{"access":"Collaborators","permissions":{"download": true}}}
This is a case of (1) bad documentation and (2) a bad error response.
You're seeing an error because the permissions parameter can only be used with the Open and Company access types*.
On (1) we should have this documented (I just updated our documentation to reflect this). On (2) we should be returning a more descriptive error (e.g. a 400 Bad Request and a message of " doesn't work with this access type. This is also in our development pipeline) "
*If you're really curious, it doesn't work with the Collaborators type because it's expected that the permissions set by the collaboration for each user will define their shared link access. Not the most straightforward thing, I understand.