I have a bit of an odd problem that I need an elegant solution to. I am using a build tool that requires logging in to a service (AWS CodeArtifact specifically). When I login via CLI, it sets an environment variable - let's call this TOKEN. When I run any build, it requires presence of TOKEN to authenticate.
Now, after logging in, builds in the same shell work but obviously, builds in new shells (which aren't sub-shells) fail because TOKEN is of course not defined. I'm looking at ways to solve this; ideally a solution that does something like this:
Login shell: after logging in, save TOKEN in ~/.token
All shells: run something every minute which sets TOKEN to the value in ~/.token
I have 2 questions:
Is this the best way - or is there something more elegant?
If so, what's the best way to do (2) above?
The final catch is that this is something I'll be distributing to end users on their machines, so it would be great if its easily scriptable.
Thanks in advance - stay safe!
When question 2 is answered, the solution for question 1 is simple:
Start writing a function that will return the token.
TOKEN=$(get_token)
The first implementation will recalculate a fresh token without any caching or sharing.
How often do you need the token? When you don't build every minute, an extra job (cronjob) refreshing the token every minute is not needed. In such a case you can refresh the token before each api-call by calling the function. You do not need to store or share it.
When you do need the TOKEN very often, you can modify the function. Using a file is straight forward, but you can also use another solution like a server (when you want the token available on remote hosts for users who have been identified with some other token).
How to automate the manual process for getting a new token, is the next challenge.
Can you find a method, where you do not need to enter a password (something like using .aws/config or (better) assigning the right roles to your server)? Or do you need to script the call with expect?
The API call get-authorization-token requires the codeartifact:GetAuthorizationToken and sts:GetServiceBearerToken permissions.
Related
After I log in, the domain changes and it doesn't do anything else that my script tells it to do. Is it the case that you just can't do anything once the domain changes? I can't quite tell from the documentation. I know it says that it can't navigate to a second domain, but I haven't seen where it says it can't do anything on a second domain.
Additionally, did Cypress used to login to Salesforce with cy.request()? Because currently Salesforce doesn't allow for logging in by sending a request with parameters.
cy.visit('https://test.salesforce.com');
cy.get('.username').type(username)
cy.get('.password').type(password)
cy.get('#Login').click()
This is my code for logging in.
Hi you can use Session in cypress in order to Cache and restore cookies, localStorage, and sessionStorage
Just create a command in ./support/command.js
You can read the documentation here https://docs.cypress.io/api/commands/session#Syntax
I'm writing an app that's supposed to run with MVC5 and using parse as a backend.
I'm using the new Identity feature of the MVC5 to login an user. I also tried to use this solution but I couldn't make it work.
What is happening is that when I login with the user A and then login with the user B in a different session (a incognito windows or a new browser) whenever I try to insert something related with a ParseUser object using the first user that was logged in I get an exception: UserCannotBeAlteredWithoutSessionError.
I'm not sure if I'm doing the implementation in a wrong way, or if it is a limitation of the Parse (I think it was designed to run using one user per device).
If you have a workaround for this situation please help me.
There is a good answer which may help: Parse Database Authorization - Security For User Objects.
So, it's a kind of Parse SDK limitation, when you can work with only one user per device (as ParseUser is cached locally). The only workaround that I can see is to perform SignOut/Login explicitly, when you need to do something from other user's context. There is no way to have two users work simultaneously from the same device.
We have a CI application where we used Ion-Auth as Authentication Library. We have used database for storing sessions.
So far everything works fine. Now, by default Ion Auth allows simultaneous logins for same user from different location. I want to prevent this. As per our client, only one login should be allowed.
Is it possible to achieve this, considering abandoned sessions (without pressing logout and closing browser) ?
If the issue in (1) above is complex to achieve, can I make a simple check if user is currently logged in./session is active.
The existing logged_in method does not take any input parameters. So I cant use this method.
I am assuming solution might be possible with already available library and I don't need to add extra fields/code to achieve this.
Thanks.
We have merchants logged in to a system, from which we want to link them to our Magento instance with some kind of admin token that will log them in directly without them having to manually login.
I see the rp_token field in the admin_user table but that appears to be related to a password reset, which probably isn't what we want.
Have done a bit of searching, found this thread which is related but is dealing with secret keys specifically (which will probably be my second challenge to resolve after resolving this one).
I'm guessing this isn't supported in core, but maybe there's a good extension out there to do it?
Or if not, what would be the best approach to implement? I'm guessing there is probably an event I could hook to look at a GET or POST param (which maybe could be a hash of the username and hashed password), then bypass the normal login() method which relies on username and plain text password.
That feels like it could be a little risky though? Any thoughts?
That feels like it could be a little risky though? Any thoughts?
This is extremely risky, but it can be done safely. I can speak on a similar issue I had in developing QuarkBar, an administration bar for Magento that is set to release this weekend.
So to show the bar, I need to verify the admin is logged in. Unfortunately that's hard to do on the frontend module, since there are two separate sessions. So to get around that I've created a quarkbar_session table. I use OpenSSL to store a secure crypt key once an admin is logged in, that I then check for on each request and match it to a cookie. If it matches, the admin is verified.
It's a little different from what you want of course, since I first set the key when the admin is logged in (it's an observer event). But it should get you started.
Source (NOT ready for production, use it for ideas): https://github.com/zschuessler/QuarkBar/tree/master/app/code/community/Zaclee/QuarkBar
Also, note that I'm storing the secure key so that I can access the admin backend. The solutions in your link say to disable it. You don't have to, check out QuarkBar for implementation.
Recently I was asked to add an XML API to one of the Symfony modules in my project. I did it, and it works well. For authentication, we use sfGuardPlugin. Symfony version is 1.3.11. Using Propel, not Doctrine.
The most recent request to me is this:
We will embed a Flash game into the website.
The Flash will do requests to the XML API.
The guy who is coding the Flash application says that it doesn't share cookies with the browser.
We want the Flash to be able to reuse the session of the currently logged in user (we won't allow to be even shown if no user is logged in).
I did try this would-be solution: (taken from other SO articles and various Google search results)
I was told that the Symfony session resides in the symfony cookie.
I was told that if I copy this value in another client (in my case, wget) and do session_id("stolen_session_id") I will be able to duplicate the session, have the same user logged in, etc.
This turned out to be wrong. Say my cookie symfony had the "blabla" value. I did this: wget --post-data='session_id=blabla' X.X.X.X:NN/api/bla.xml -O-. My server PHP code parses this POST parameter and feeds it to session_id function. It then reported in the logs that the session_id('blabla') was returning 1. However, calling $this->getUser()->getGuardUser() returns null.
I need a way to map a passed session_id to a valid sfGuardUser. Or find an alternative way of reusing a session which already exists.
Suppose I have full access to the cookies. I want to know which one of them (or all of them?) to duplicate in order to achieve this.
BTW, I am seeing in my Chrome dev tools that the symfony cookie is of a session type. So it's no wonder at all as to why my method doesn't work, but I am little lost as to how do I do this in Symfony, while using the sfGuardPlugin.
I do realize this is not one of the most informed questions, but ditto, I just need help.
Thanks for your time.
(Dimitar P.)
Oops, forgot to mention which cookies I see on my domain:
symfony
sfRemember
__utma
__utmb
__utmc
__utmz
I am guessing the last four are for Google Analytics, though.
I didn't want to do this, but I was unable to find other alternatives:
$ wget --header='Cookie: symfony=blabla' X.X.X.X:NN/api/bla.xml -O-
I wanted my XML API to be REST, but evidently, Symfony doesn't allow authenticated requests other way than using cookies (and to enable the session ID to be always included in the URL is not an option at all).
Still, if somebody shows up with a fully REST alternative, I will upvote his/her answer.
You will need some way of specifying which user is executing the (wget) request. And PHP sessions use a session ID by default.
A common way to do this is token-based authentication. The most common way to achieve this is OAuth, which has a lot of default libraries (both for Symfony and for your API consumers).
If you're the only one using this API, you can also create a custom token (random sha1 string) per user per session (you can store this somewhere in your database). Now you would create something like ` wget X.X.X.X:NN/api/bla.xml?token=asdfhdsfhf