I have a problem. My cosmos gui application crashes after trying to authorize with keystone.
Horizon application is running on https://192.168.4.33:443,
while cosmos-gui is running on http://192.168.4.180:81.
My gui config file looks like this:
"oauth2": {
"idmURL": "https://192.168.4.33",
"client_id": "***********************************",
"client_secret": "*********************************",
"callbackURL": "http://192.168.4.180:81/auth",
"response_type": "code"
},
and inside horizon i registered application Cosmos Big data
with parameters:
Description
Cosmos Big data
URL
https://192.168.4.33
Callback URL
http://192.168.4.180:81/auth
So afterwards i start cosmos-gui application and after clicking on login it redirects me to this url:
https://192.168.4.33/oauth2/authorize/?response_type=code&client_id=0434fdf60897479588c3c31cfc957b6d&state=xyz&redirect_uri=http://192.168.4.180:81/auth
And that is ok.But then, when i click on button authorize it leads me to this url:
http://192.168.4.180:81/auth?state=xyz&code=NVfyZUov1KuQ8yTw498oItHgYC2l9Z
and at that moment cosmos-gui application crashes and everything that i get from the log is this:
/home/cosmos-gui/fiware-cosmos/cosmos-gui/src/app.js:138
req.session.access_token = results.access_token;
^
TypeError: Cannot read property 'access_token' of undefined
at /home/cosmos-gui/fiware-cosmos/cosmos-gui/src/app.js:138:43
at /home/cosmos-gui/fiware-cosmos/cosmos-gui/src/oauth2.js:168:22
at ClientRequest.<anonymous> (/home/cosmos-gui/fiware-cosmos/cosmos- gui/src/oauth2.js:140:9)
at ClientRequest.emit (events.js:95:17)
at CleartextStream.socketErrorListener (http.js:1548:9)
at CleartextStream.emit (events.js:95:17)
at SecurePair.<anonymous> (tls.js:1400:19)
at SecurePair.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:980:10)
at CleartextStream.read [as _read] (tls.js:472:13)
On the side of keystone everything looks ok.This is from keystones log:
2015-08-24 16:34:02.604 27693 INFO keystone.contrib.oauth2.controllers [-] OAUTH2: Created Authorization Code to consumer 0434fdf60897479588c3c31cfc957b6d for user idm with scope [u'all_info']. Redirecting to http://192.168.4.180:81/auth?state=xyz&code=NVfyZUov1KuQ8yTw498oItHgYC2l9Z
2015-08-24 16:34:02.606 27693 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [24/Aug/2015 16:34:02] "POST /v3/OS-OAUTH2/authorize HTTP/1.1" 302 208 0.121336
When you authorize the Cosmos app in Keystone, the callback URL is called and this piece of software is executed:
// Handles requests from IDM with the access code
app.get('/auth', function(req, res) {
// Using the access code goes again to the IDM to obtain the access_token
oa.getOAuthAccessToken(req.query.code, function (e, results){
// Stores the access_token in a session cookie
req.session.access_token = results.access_token;
res.redirect('/');
});
});
I.e. Keystone calls the callback with an access code (a soft piece of security) that can be used to retrieve the final access token (a hard security element).
It seems your Keystone is generating the access code but it is not returning the access token when asked for it. Can you check the Keystone logs in order to find the access token request? May you print any error returned by this call?
oa.getOAuthAccessToken(req.query.code, function (e, results)
After a bit of debugging and printing arguments that were going into the app.get('/auth', function(req, res)
i found this Error: DEPTH_ZERO_SELF_SIGNED_CERT
It seems it doesn't recognize self signed certificates as valid.
Anyway as first line in file:
cosmos-gui/src/app.js
i added
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
and now it is working.
Related
I created a new feathersjs app with npm create feathers#pre vdb-b.
"feathers": {
"language": "ts",
"packager": "npm",
"database": "mssql",
"framework": "koa",
"transports": [
"rest"
],
"schema": "typebox"
},
After successful running the migration task, which created the users table in my MSSQL database, I received the following error message while trying to create a first user via CURL:
error: GeneralError: The "config.server" property is required and must be of type string.
at errorHandler (C:\Users\xyz\Workspaces\node\vdb\vdb-b\node_modules\#feathersjs\knex\src\error-handler.ts:91:21)
at processTicksAndRejections (node:internal/process/task_queues:95:5)
at async UserService._create (C:\Users\xyz\Workspaces\node\vdb\vdb-b\node_modules\#feathersjs\knex\src\adapter.ts:232:23)
at async UserService.logError (C:\Users\xyz\Workspaces\node\vdb\vdb-b\src\hooks\log-error.ts:7:5)
at async C:\Users\xyz\Workspaces\node\vdb\vdb-b\node_modules\#feathersjs\koa\src\rest.ts:36:21
at async bodyParser (C:\Users\xyz\Workspaces\node\vdb\vdb-b\node_modules\koa-bodyparser\index.js:95:5)
at async C:\Users\xyz\Workspaces\node\vdb\vdb-b\node_modules\#feathersjs\koa\src\handlers.ts:6:5
at async serve (C:\Users\xyz\Workspaces\node\vdb\vdb-b\node_modules\koa-static\index.js:53:9)
at async cors (C:\Users\xyz\Workspaces\node\vdb\vdb-b\node_modules\#koa\cors\index.js:108:16)
I tried to removed authentication for the users service, which gave a correct Not Authorized on GET /users before, but that resulted in receiving the above message for all service methods.
I searched in all generated files, but failed to identify, where config.server could be maintained directly or indirectly.
I am following a blockchain tutorial from dappuniversity.
When I create the task in the line
await App.todoList.createTask(content)
from line
https://github.com/dappuniversity/eth-todo-list/blob/e3ed9a2cefb581c09730250c56c9d30a19cc63c8/src/app.js#L115
I get the following error :
Uncaught (in promise) Error: The send transactions "from" field must be defined!
at Method.inputTransactionFormatter (truffle-contract.js:50747)
at truffle-contract.js:51228
at Array.map (<anonymous>)
at Method.formatInput (truffle-contract.js:51226)
at Method.toPayload (truffle-contract.js:51261)
at Eth.send [as sendTransaction] (truffle-contract.js:51551)
Do I need to define a 'from' field somewhere?
With the latest dependencies, none of the above answers were working for me.
I had to edit the loadAccount method:
loadAccount: async () => {
// Set the current blockchain account
const accounts = await web3.eth.getAccounts();
App.account = accounts[0];
},
then pass the App's account to the createTask method: await App.todoList.createTask(content, { from: App.account })
I was running into issues with the above answer which appears due to recent Metamask updates and that moving from web3.currentProvider to window.ethereum
I was able to make this work using
await App.todoList.createTask(content, {from: App.account})
I am using the latest truffle/contract. I needed to specify the from account in my createTask method like the following:
await App.todoList.createTask(content, { from: web3.eth.defaultAccount})
This worked.
Same happened to me on Remix while interacting with the contract deployed on Rinkeby. I chose injected web3 for the environment, But account field was empty.
It happended because I rejected the connection to metamask first and then did not get any other request to connect with metamask. So I refreshed remix, locked and unlocked metamask. It sent request to connect to metamask
I am using this code in Apps script
function getUserObjByEmail(email){
// Same as using AdminDirectory class.
var apiUrl = "https://www.googleapis.com/admin/directory/v1/users/"+email+"?fields=id";
var token = ScriptApp.getOAuthToken();
var header = {"Authorization":"Bearer " + token};
var options = {
"method": "GET",
"headers": header
};
var response = JSON.parse(UrlFetchApp.fetch(apiUrl, options));
return response;
}
which I run as a function from App Maker project. Things go smoothly when I use the app since I have an admin role( I guess, not sure ) but the problem arises when other normal users in our domain start using the deployed app maker app. I checked the server logs and its full of this message:
Exception: Request failed for
https://www.googleapis.com/admin/directory/v1/users/email#domain.com?fields=id
returned code 403.
Truncated server response: { "error": { "errors": [ { "domain": "global",
"reason": "forbidden", "message": "Not Authorized to access this
resource/api" ... (use muteHttpExceptions option to examine full response)
Any idea how to fix this? I have manually added the required scopes for the apps script library, I added the following:
"https://www.googleapis.com/auth/script.external_request",
"https://www.googleapis.com/auth/admin.directory.user"
The reason this happens is because YOU have admin rights, otherwise you'd be getting the same error message. The other users don't have admin rights hence they get the error. To solve this problem, you can either deploy the application running it as the developer or you can use a service account to impersonate an admin and do the process.
Regarding the first approach, you can find more info here https://developers.google.com/appmaker/security/identity.
Regarding the second approach, you can use the following app script library https://github.com/gsuitedevs/apps-script-oauth2#using-service-accounts
Moreover, if you do not require to get custom schemas information, then you can simply use a directory model and that should work for all users. Check the reference here: https://developers.google.com/appmaker/models/directory
I'm trying to create a cloud function listening to cloudbuilds topic and making an API call to trigger the build. I think I'm missing something in my index.js file (I'm new to Node.js). Can you provide a sample example of a Cloud Function making an API call to the Cloud Build API?
Here is my function:
const request = require('request')
const accessToken = '$(gcloud config config-helper --format='value(credential.access_token)')';
request({
url: 'https://cloudbuild.googleapis.com/v1/projects/[PROJECT_ID]/builds',
auth: {
'bearer': accessToken
},
method: 'POST',
json: {"steps": [{"name":"gcr.io/cloud-builders/gsutil", "args": ['cp','gs://adolfo-test-cloudbuilds/cloudbuild.yaml', 'gs://adolfo-test_cloudbuild/cloudbuild.yaml']}]},
},
module.exports.build = (err, res) => {
console.log(res.body);
});
I was executing the command gcloud config config-helper --format='value(credential.access_token)', copying the token, and putting it as a value to the variable accessToken. But this didn't work for me.
Here is the error: { error: { code: 403, message: 'The caller does not have permission', status: 'PERMISSION_DENIED' } }
I had the same exact problem and I have solved it by writing a small package, you can use it or read the source code.
https://github.com/MatteoGioioso/google-cloud-build-trigger
With this package you can run a pre-configured trigger from cloud build.
You can also extend to call other cloud build API endpoints.
As my understanding cloud build API requires either OAuth2 or a service account. Make sure you gave the right permission to cloud build in the gcp console under IAM. After that you should be able to download the service-account.json file.
I am writing a iOS client using XMPPFramework. I am not able to redister an user. I have configured ejabberd server and it is up and running. I dont have any issues with it. I am able to register an user from the web portal of Ejabberd. But the issue arises when I try registering an user from the iOS client. The server log is below
=INFO REPORT==== 2014-04-26 12:06:43 ===
I(<0.380.0>:ejabberd_listener:281) : (#Port<0.3865>) Accepted connection {{211,28,44,250},49742} -> {{172,31,0,235},5222}
=INFO REPORT==== 2014-04-26 12:06:44 ===
I(<0.424.0>:ejabberd_c2s:802) : ({socket_state,gen_tcp,#Port<0.3865>,<0.423.0>}) Failed authentication for xcc#localhost
The authmethod is odbc. Since I use mysql for data and message storage.
The log which I capture from the client is below
2014-04-25 20:46:49:384 iPhoneXMPP[1971:90b] SEND: <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="DIGEST-MD5"/>
2014-04-25 20:46:49:620 iPhoneXMPP[1971:650b] RECV: <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">bm9uY2U9IjMzNzkzODUwOTEiLHFvcD0iYXV0aCIsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=</challenge>
2014-04-25 20:46:49:621 iPhoneXMPP[1971:650b] SEND: <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dXNlcm5hbWU9ImlvYzEiLHJlYWxtPSJsb2NhbGhvc3QiLG5vbmNlPSIzMzc5Mzg1MDkxIixjbm9uY2U9IkMzN0U0NjlBLTg0RUUtNEY3RS1CNTEzLTM5RUJFREU0NzQ3NCIsbmM9MDAwMDAwMDEscW9wPWF1dGgsZGlnZXN0LXVyaT0ieG1wcC9sb2NhbGhvc3QiLHJlc3BvbnNlPTQzYTY5OTVlZmY2Y2UwNzA0YmJkNWM4OWZiNGU5ZDQ1LGNoYXJzZXQ9dXRmLTg=</response>
2014-04-25 20:46:49:865 iPhoneXMPP[1971:4953] RECV: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>
2014-04-25 20:46:49:865 iPhoneXMPP[1971:90b] iPhoneXMPPAppDelegate: xmppStream:didNotAuthenticate:
2014-04-25 20:46:49.865 iPhoneXMPP[1971:90b] num--680
2014-04-25 20:46:49.866 iPhoneXMPP[1971:90b] elements--(
"<username>ioc1#localhost</username>",
"<password>ioc</password>",
"<name>ioc1#localhost</name>",
"<accounttype>1</accounttype>",
"<devicetoken>680</devicetoken>",
"<email>ioc1#localhost</email>"
)
The important line to not is below
2014-04-25 20:46:49:865 iPhoneXMPP[1971:4953] RECV:
I am using registerwithpassword method and I am really confused why I am not able to register. I believe auth_method will come into play only when trying to login as it need some authentication mechanism to login. But here I am just registering. Why I am not able to register. I believe it is not an issue with the hostname since I am getting a log line that "Failed authentication for #localhost"
It means I am hitting the server. Is there something I am missing in the ejabberd.cfg file which is blocking me.
Please note: Also, I tried authmethod as internal (though in help it is mentioned it is related to mnesia - the built in DB and I am using mysql) and still got the same issue and I believe the client is not able to register a user due to some connection settings.
Is the issue is on the client end or server end. Please guide me. Thanks for your time.
In order for registration to work, you would need to ensure that the stream is connected. I have shown below a sample of how to register a user.
- (IBAction)signUpButtonPressed:(UIButton *)sender {
// when the sign up button is pressed, set the JID for the xmpp stream
[self.xmppStream setMyJID:[XMPPJID jidWithString:jid]];
// check that the stream is not disconnected
if([self.xmppStream isDisconnected]){
// stream is not connected, attempt to connect
if (![self.xmppStream connectWithTimeout:XMPPStreamTimeoutNone error:&error]) {
NSlog(#"Error connecting: %#", error);
}
// after stream connects, call [self beginRegistration] in xmppStreamDidConnect delegate method
} else {
[self beginRegistration];
}
}
-(void) beginRegistration {
// check if inband registration is supported
if (self.xmppStream.supportsInBandRegistration) {
if (![self.xmppStream registerWithPassword:password error:&error]) {
NSlog(#"Registration error: %#", error);
}
} else {
NSlog(#"Inband registration is not supported");
}
}
To check that registration was successful, use xmppStreamDidRegister:(XMPPStream *)sender and xmppStream:(XMPPStream *)sender didNotRegister:(NSXMLElement *)error delegate methods.
Let me know if this helps.