I was trying to incorporate IDM (Docker) latest, and pep-proxy (git example running with node server).
When I started pep-proxy, everything was working as intended.
I've got the following messages:
INFO: Server - Starting PEP proxy in port 80. IdM authentication...
Server - Success authenticating PEP proxy. Proxy Auth-token: d9badf48-16fa-423d-884c-a3e155578791
Now a problem happens. When I enter the wrong token I get this error.
ERROR: IDM-Client - Error validating token.
Proxy not authorized in keystone. Keystone authentication ...
ERROR: Server - Caught exception:
SyntaxError: Unexpected token u in JSON at position 0
As far as I understand I am expecting some return like invalid token, etc.. instead I get this error in pep-proxy and my curl command show->(52) Empty reply from server.
My config.json of pep-proxy:
var config = {};
// Used only if https is disabled
config.pep_port = 80;
// Set this var to undefined if you don't want the server to listen on HTTPS
config.https = {
enabled: false,
cert_file: 'cert/cert.crt',
key_file: 'cert/key.key',
port: 443
};
config.idm = {
host: 'localhost',
port: 3000,
ssl: false
}
config.app = {
host: 'www.google.es',
port: '80',
ssl: false // Use true if the app server listens in https
}
// Credentials obtained when registering PEP Proxy in app_id in Account Portal
config.pep = {
app_id: 'xxxxxx',
username: 'xxxxxx',
password: 'xxxxxx',
trusted_apps : []
}
// in seconds
config.cache_time = 300;
// if enabled PEP checks permissions with AuthZForce GE.
// only compatible with oauth2 tokens engine
//
// you can use custom policy checks by including programatic scripts
// in policies folder. An script template is included there
config.azf = {
enabled: true,
protocol: 'http',
host: 'localhost',
port: 8080,
custom_policy: undefined // use undefined to default policy checks (HTTP verb + path).
};
// list of paths that will not check authentication/authorization
// example: ['/public/*', '/static/css/']
config.public_paths = [];
config.magic_key = 'undefined';
module.exports = config;
IDM logs:
fiware-idm_1 | GET
/user?access_token=7cb25729577c2e01dc337314dcd912ec981dc49b 401 4.445 ms - 116
fiware-idm_1 | Executing (default): SELECT email, 'user' as Source FROM
user WHERE email='pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c'
fiware-idm_1 | UNION ALL
fiware-idm_1 | SELECT id, 'pep_proxy' as Source FROM
pep_proxy WHERE id='pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c';
fiware-idm_1 | Executing (default): SELECT `id`, `password`,
`oauth_client_id` FROM `pep_proxy` AS `PepProxy` WHERE `PepProxy`.`id` =
'pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c';
fiware-idm_1 | Executing (default): INSERT INTO `auth_token`
(`access_token`,`expires`,`valid`,`pep_proxy_id`) VALUES ('a0d54a6f-
8461-4000-bb80-5fb60193bcb4','2018-05-04
11:45:21',true,'pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c');
fiware-idm_1 | POST /v3/auth/tokens 201 13.733 ms - 74
The error "SyntaxError: Unexpected token u in JSON at position 0", as stated here, is probably due to some place at the code where JSON.parse is called with an undefined parameter. You are getting this message because the error was not properly treated and the exception is being thrown (exception not treated).
In the Wilma PEP Proxy github, we can see the latest changes at the code and we can guess/infer where this error comes from.
I think you can open an issue at github.
Related
I want to send my website mails by 3rd party mail server using Nodemailer.
When I send mails from my pc everything is ok but from my host No.
I set mail server MX records on Cpanel.
let transporter = nodemailer.createTransport({
host:'smtp.mailserver.com',
port: 587, //25
secure : false,
auth: {
user: username,
pass: password,
},
tls: {
rejectUnauthorized: false,
},
debug: true, // show debug output
logger: true // log information in console
});
this is my PC logs that send mails correctly.
and this is my nodejs Host logs.
250-nodejsHOSTadress.net Hello nodejsHOSTadress.net
I tried port 465 too.
let transporter = nodemailer.createTransport({
host:'smtp.mailserver.com',
port: 465,
secure : true,
auth: {
user: username,
pass: password,
},
debug: true, // show debug output
logger: true // log information in console
});
But I occurred this error.
I changed my mail server provider and I tried thereal.email too but same results.
I am using Yandex Connect (SMTP) as a method to send emails from my Rails 5 JSON API app.
Here's the setup:
Rails.application.configure do
config.action_mailer.delivery_method = :smtp
config.action_mailer.raise_delivery_errors = true
config.action_mailer.smtp_settings = {
address: 'smtp.yandex.com',
port: 25,
domain: ENV['MAIL_DOMAIN'],
user_name: ENV['MAIL_USER'],
password: ENV['MAIL_PASSWORD'],
authentication: 'plain',
enable_starttls_auto: true
}
end
I also have config.action_mailer.default_url_options = { host: ENV['MAIL_DOMAIN'] } set in my application.rb
On heroku with the right credentials it works just fine. But when I try to run the same config localy and send an email, I get ArgumentError - SMTP-AUTH requested but missing secret phrase.
What could be wrong
1) Make sure the environment variables are really there, e.g. bundle exec rails console, puts ENV.inspect
2) Make sure the credentials are correct
3) Restart your development server after you've modified your environment. This includes spring stop.
I want to configure Rundeck to allow e-mail notifications.
My rundeck-config.properties is:
grails.mail.host = "smtp.gmail.com"
grails.mail.username = "name#domain.com"
grails.mail.port = 465
grails.mail.password = "******"
grails.mail.props = ["mail.smtp.starttls.enable":"true","mail.smtp.auth":"true","mail.smtp.socketFactory.port":"465","mail.smtp.socketFactory.fallback":"false"]
When I run the Job, the error I get is:
2016-05-05 14:49:30,557 ERROR NotificationService - Error sending notification email to me#gmail.com for Execution 11: Mail ser
ver connection failed; nested exception is com.sun.mail.util.MailConnectException: Couldn't connect to host, port: "smtp.gmail.com", 465; ti
meout -1;
nested exception is:
java.net.UnknownHostException: "smtp.gmail.com". Failed messages: com.sun.mail.util.MailConnectException: Couldn't connect to host,
port: "smtp.gmail.com", 465; timeout -1;
nested exception is:
java.net.UnknownHostException: "smtp.gmail.com"
I tried everything I could find on Google but the error keeps the same.
I also tried to telnet smtp.gmail.com 465 and it works
Could someone help me?
You Must need to use .groovy file as props is not supported in .properties file
below is my rundeck-config.groovy file which is working fine
loglevel.default="INFO"
rdeck.base="/var/lib/rundeck"
rss.enabled=false
dataSource.dbCreate = "update"
dataSource.url = "jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true;TRACE_LEVEL_FILE=4"
grails {
mail {
host = "smtp.gmail.com"
username = "************"
port = 587
password = "*********"
props = ["mail.smtp.starttls.enable":"true","mail.smtp.auth":"true","mail.smtp.socketFactory.port":"587","mail.smtp.socketFactory.fallback":"false"]
}
}
grails.serverURL="http://***.***.***.***:4440"
Reference: https://github.com/rundeck/rundeck/issues/1607
https://github.com/rundeck/rundeck/wiki/Faq#how-do-i-configure-a-smtp-server-for-email-notifications
https://github.com/rundeck/rundeck/wiki/Faq#how-do-i-convert-my-rundeck-config-file-to-groovy
https://github.com/rundeck/rundeck/wiki/Faq#how-do-i-specify-a-new-config-file-location
I created user and gave him only one role.(Member)
Currently this role doesn't have any permission with any Http verb nor path.
This is my user:
{
organizations: [1]
0: {
website: ""
description: "AREAS"
roles: [1]
0: {
name: "Member"
id: "09dc1bdba42c48de9e15e88816284cbc"
}-
-
enabled: true
id: "363ac390cfc94aa293e02547afa78256"
domain_id: "default"
name: "AREAS"
}-
-
displayName: "root"
roles: [0]
app_id: "aea8f4a70b87422cb48068db9f0c6aea"
email: "root"
id: "root"
}
Now, when i try to do GET request on address: http://localhost/parameters/search_tables/
for which this user don't have permission,
it allows me access and redirects me nonetheless.
This is log from pep proxy:
2015-11-13 14:55:53.446 - INFO: IDM-Client - Checking token with IDM...
2015-11-13 14:55:53.484 - INFO: AZF-Client - Checking auth with AZF...
2015-11-13 14:55:53.484 - INFO: AZF-Client - Checking authorization
to roles [ '09dc1bdba42c48de9e15e88816284cbc' ] to do GET
on parameters/search_tables/ and app aea8f4a70b87422cb48068db9f0c6aea
2015-11-13 14:55:53.508 - INFO: Root - Access-token OK. Redirecting to app...
Refused to set unsafe header "accept-encoding"
Refused to set unsafe header "cookie"
My config file regarding authorization is:
config.azf = {
enabled: true,
host: '192.168.4.180',
port: 8080,
path: '/authzforce/domains/afb096b2-8951-11e5-980f-6bf3c4dac98a/pdp'
};
config.public_paths = [];
config.tokens_engine = 'oauth2';
My Pap policy is:
<PolicySet PolicySetId="default" Version="1.0"
PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.1:policy-combining-
algorithm:ordered-permit-overrides">
<Target />
<Policy PolicyId="permit-all" Version="1.0"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.1:rule-combining-
algorithm:ordered-permit-overrides">
<Target />
<Rule RuleId="permit-all" Effect="Permit" />
</Policy>
</PolicySet>
How should i formulate my PAP policy to enable authorization level2, to use only http verb and resource path for authorization?
By default, Authzforce PAP permits all when no policy is added. Check if your PAP has the right information:
GET
/domains/{domainId}/pap/policySet
Edit 1:
In order to be able to connect with Authzforce, you need to configure some Authzforce parameters into your IdM instance:
ACCESS_CONTROL_URL at fiware-idm/horizon/openstack_dashboard/local/local_settings.py
and
ACCESS_CONTROL_MAGIC_KEY at fiware-idm/horizon/openstack_dashboard/local/local_settings.py
Then, just go to IdM, and check that the permissions and roles are well configured. Sometimes, you have to 'trigger' the policy generation in IdM by going to your application -> manage roles and just click 'save' to trigger the XACML generation.
I have no trouble connecting to the live database locally using port forwarding, but when we go to connect from the openshift gear, we get errors. Let me begin with the code:
Here is the connection variable
var connectionpool = mysql.createPool({
host : process.env.OPENSHIFT_MYSQL_DB_HOST,
port : process.env.OPENSHIFT_MYSQL_DB_PORT,
user : process.env.OPENSHIFT_MYSQL_DB_USERNAME,
password : process.env.OPENSHIFT_MYSQL_DB_PASSWORD,
database : 'stembuds',
socket : process.env.OPENSHIFT_MYSQL_DB_SOCKET
});
Here is an example of a query:
app.get('/answerDB/:course?/:answerID?', function(req, res){
var course = req.param('course');
var answerID = req.param('answerID');
connectionpool.getConnection(function(err, connection){
if(err){
console.error('CONNECTION error: ',err);
res.statusCode = 503;
res.send({
result: 'error',
err: err.code
});
}
if (course === undefined && answerID === undefined) {
connection.query('SELECT * FROM questions WHERE counter = 0', function(err, rows, fields){
if (err) {
console.error(err);
res.statusCode = 500;
res.send({
result: 'error',
err: err.code
});
}
for(var i in rows){
var newCourse = rows[i].course;
newCourse = courses[newCourse];
rows[i].course = newCourse;
}
res.send(rows);
connection.release();
});
}
Here are some errors we receive.
First is an error in the console of Chrome:
GET http://**.rhcloud.com/answerDB 503 (Service Temporarily Unavailable)
But sometimes we get a proxy error:
GET http://**.rhcloud.com/exploreDB 502 (Proxy Error)
Additionally, I have been running the command rhc tail -a nodejs and here is the error I am receiving
CONNECTION error: { [Error: ER_ACCESS_DENIED_ERROR: Access denied for user 'adminMYXaSuf'#'127.11.28.130' (using password: YES)]
code: 'ER_ACCESS_DENIED_ERROR',
errno: 1045,
sqlState: '28000',
fatal: true }
TypeError: Cannot call method 'query' of undefined
at /var/lib/openshift/5303aee55973ca4092000084/app-root/runtime/repo/routes/site.js:172:15
at Pool.<anonymous> (/var/lib/openshift/5303aee55973ca4092000084/app- root/runtime/repo/node_modules/mysql/lib/Pool.js:49:16)
at Handshake.Sequence.end (/var/lib/openshift/5303aee55973ca4092000084/app-root/runtime/repo/node_modules/mysql/lib/protocol/sequences/Sequence.js:78:24)
at Handshake.ErrorPacket (/var/lib/openshift/5303aee55973ca4092000084/app-root/runtime/repo/node_modules/mysql/lib/protocol/sequences/Handshake.js:93:8)
at Protocol._parsePacket (/var/lib/openshift/5303aee55973ca4092000084/app-root/runtime/repo/node_modules/mysql/lib/protocol/Protocol.js:202:24)
at Parser.write (/var/lib/openshift/5303aee55973ca4092000084/app-root/runtime/repo/node_modules/mysql/lib/protocol/Parser.js:62:12)
at Protocol.write (/var/lib/openshift/5303aee55973ca4092000084/app-root/runtime/repo/node_modules/mysql/lib/protocol/Protocol.js:37:16)
at Socket.<anonymous> (/var/lib/openshift/5303aee55973ca4092000084/app-root/runtime/repo/node_modules/mysql/lib/Connection.js:72:28)
at Socket.EventEmitter.emit (events.js:95:17)
at Socket.<anonymous> (_stream_readable.js:720:14)
Now it says cannot call method query of undefined. We thought that was strange, so we changed 'connection.query' to 'connectionpool.query' and it then told us that it cannot call method release of undefined. So we changed 'connection.release()' to 'connectionpool.release()' and it told us that the object # has no method release. So I am taking that part of the error with a grain of salt.
We have no idea why it wont connect. Any information would be greatly appreciated - Thanks.
If your application code works locally while connecting to your remote OpenShift-hosted DB (using rhc port-forward), then I would suspect that your app may have some undocumented dependencies.
It could be that you've installed something locally (or globally) in your dev environment, without including that dep in your app's package.json file.
Make sure that everything your app needs in order to run in a fresh environment is included in your app's package.json file before pushing it to OpenShift.
npm install my_dependency --save
I've written up some additional notes that might be useful for testing locally with a port-forwarded connection to an OpenShift-hosted DB: https://www.openshift.com/blogs/set-up-local-access-to-openshift-hosted-services-with-port-forwarding
Did you create that database name? It should be the name of your application. You can use the OPENSHIFT_APP_NAME environment variable for your database name. Can you ssh into your gear and connect to mysql without any issues? Also, are you trying to connect to the database on your openshift gear from your local machine or from your openshift gear?