I have a fully functioning Loopback application on localhost, Relations, ACLs, Access management... everything works like a charm.
Deployed my application to Heroku, suddenly ACLs are no longer functional.
Here is an example of a model's ACL:
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
yet when I write the endpoint url
...herokuapp.com/api/<modelname>
I get all the informations
PS: changing datasource to localhost and querying
localhost:3000/api/<modelname>
won't allow any information unless logged in as an authorized User.
EDIT: the problem actually concerns only the predefined loopback models, as the relations added between the User model and others were erased (User model went back to its default build I am guessing)
When editing the core models of the framework, I forgot to mark down the changes and apply them again after deploying. In deployment, the framework copies the core models from the main library and not the files I edited
Related
Before anyone tells me to Google it - I did and followed the instructions on this link:
https://medium.com/#zsolt.gyure96/how-to-share-sessions-between-two-laravel-applications-4b9d061fa599
Below is my setup: I have a group of sites that are all under the same domain hosted under different directories. I use virtual host aliasing to point them. For example, alias blog points to example.com/blog. Now, I would like to share the users and sessions among my apps. I followed the instructions in the above article and created a common_database that manages all the user data and sessions. My apps can read the sessions table. I also have the same session set up as my domain.
By adding
protected $connection = 'common_database';
in the following files I can login and register from example.com/blog/login or register routes.
vendor/laravel/ui/auth-backend/RegistersUsers.php
vendor/laravel/ui/auth-backend/AuthenticatesUsers.php Instead added
The only problem I have now is that there is no session sharing. For example if i login example.com/blog/login then I cannot use the same session for example.com or example.com/news. I have to re-login. What am I missing here?
SESSION_DRIVER was not set to the database in the main site's .env.
I don't know if it will work for you but what I did was instead of using SESSSION_DRIVER=database I used SESSSION_DRIVER=cookie on .env file make sure your APP_KEY is the same for both projects.
We are developing an application to open and edit protected PDF files using the MIP SDK (we're currently using version 1.6.103).
So far, we were able to open files protected with different versions of Microsoft protection, including MicrosoftIRMServices version 1.
We are now hitting a problem with one of our customers. They keep their files on a SharePoint 2016 directory, which is configured to automatically add protection to all files uploaded. All their environment is on-premise and AD RMS Service is used for protection. They do not have Azure IP on server side.
When we download the resulting file and try to open, we create a mipns::FileEngine and then invoke CreateFileHandlerAsync() to create a mipns::FileHandler. This call fails with the following mipns::NetworkError:
NetworkError : Content protected by on prem servers is unsupported., NetworkError.Category=FailureResponseCode, HttpRequest.SanitizedUrl=https://api.aadrm.com/my/v2/enduserlicenses,
As the error suggests, I suspect the issue is with the usage of an on-premise protection.
I thought it might be resolved following the instructions at
https://learn.microsoft.com/en-us/information-protection/develop/quick-app-adrms#configuring-protection-api-in-c-to-use-ad-rms
so, following those instructions, I created the FileEngine with
ProtectionEngine::Settings engineSettings("", authDelegate, "");
engineSettings.SetProtectionCloudEndpointBaseUrl("http://<my server>/_wmcs/licensing");
but so far no success, although the error has changed and is now
NetworkError : The protection service is unavailable., NetworkError.Category=FailureResponseCode, HttpRequest.SanitizedUrl=https://<my server>/my/v1/enduserlicenses,
(where of course <my server> is replaced with a local service)
Am I going in the wrong direction? If not, perhaps I am using the wrong endpoint? How can I find the endpoint URL to be passed to SetProtectionCloudEndpointBaseUrl as suggested in the linked page?
Thanks
This is likely caused by a missing MDE install or MDE SRV record. You'll need to validate that mobile device extensions for AD RMS has been deployed and configured. If it has, you'll also need to validate that the SRV record is in place for any mail suffixes your customer is using. For example, if the RMS service is at RMS.FABRIKAM.COM, but your customer email addresses are #Contoso.com, you'd need an SRV record that looks like _rmsdisco._http._tcp.contoso.com which would then point to the server at RMS.FABRIKAM.COM.
The base URL isn't used in consumption scenarios. It's only for publishing. That said, looks like you've set the _wmcs endpoint, but we expect only the base for AD RMS:
ProtectionCloudEndpointBaseUrl = "https://rms.contoso.com"
That's only required when you don't provide a mip::Identity object when creating the file engine. If you do provide the identity, we'll use the domain suffix to look up the DNS record and chase that referral.
I am not a superb developer, so I guess the problem I did run into is just to big for me.
I have a project where I have different subdomains for the current language. When I login a user it is logged only for the current subdomain. So when I login at "en.Aproject.com", and then go to "de.Aproject.com", the user will not be logged in. They don't share the session. I already tried to modify the 'domain' => null, in app/sessions.php. But when I change the value here the Login doesn't work at all. Then everytime a new Session-row is created in the DB and Laravel seems not to recognize them.
Is the current domain saved somehow in the session identifier? Is it possible to use one session for different domains? I found some stuff about OAuth and Single sign-on but I can not handle it by myself.
I was thinking about (when logging in and the credentials are correct) calling a script via Ajax, which should log in the user for all needed domains. But I would have to do the same for logging out.. And I will probably have a lot of domains. The project will have one base page and several subprojects (all with the different languages). Like this
mainproject.com
en.mainproject.com
de.mainproject.com
...
Aproject.com
en.Aproject.com
de.Aproject.com
...
Bproject.com
en.Bproject.com
de.Bproject.com
...
So it would just feel wrong to log in the user to like 20 different pages and create 20 sessions... It would feel better to just use one session for all of them.
Okay, I hope you understand the problem and someone already had the same problem and found a solution. Thanks!!!!!!!! greets. gerti
Background info.. I am using Laravel 4.2
Now I just tried something, maybe it helps someone. Actually point 2 is weird to me (see below)
I display these 3 things:
Session::getId()
Auth::getName()
var_dump(Session::all())
I display them on "de.Aproject.com". Here I am logged in.
And i display them on "en.Aproject.com"... Where I am still logged out (which I want to fix :D )
The value of Session::getId() is different on both sides. Thats the problem I guess, they should share the same.
The value of Auth::getName() is the same on both sides (login_82e5d2c56bdd0811318f0cf078b78bfc). Which I don't understand. Why does the second page have this value when i am not logged in?
The value of Session::all() is ["login_82e5d2c56bdd0811318f0cf078b78bfc"] => string(17) "test#test.de" on the first site, on the second its empty. Thats correct.
Since the default Laravel authentication system uses cookies to manage the session, you actually need to login the user on each subdomain you're going to use. To avoid that, you can use another session driver like database.
I have resigned myself to the fact that many of the features that EC2 users are accustomed to (in particular, tagging) do not exist in OpenStack. There is, however, one piece of functionality whose absence is driving me crazy.
Although OpenStack doesn't have full support for instance tags (like EC2 does), it does have the notion of an instance name. This name is exposed by the Web UI, which even allows you to set it:
This name is also exposed through the nova list command line utility.
However (and this is my problem) this field is not exposed through the nova-ec2 API layer. The cleanest way for them to integrate this with existing EC2 platform tools would be to simulate an instance Tag with name "Name", but they don't do this. What's more, I can't figure out which Nova API endpoint I can use to read and write the name (it doesn't seem to be documented on the API reference); but of course it must be somehow possible since the web client and nova-client can both somehow do it.
At the moment, I'm forced to change it manually from the website every time I launch a new instance. (I can't do it during instance creation because I use the nova-ec2 API, not the nova command line client).
My question is:
Is there a way to read/write the instance name through the EC2 API layer?
Failing that, what is the REST endpoint to set it programmatically?
(BONUS): What is Nova's progress on supporting general instance tagging?
The Python novaclient.v1_1 package has a method on the server object:
def update(self, server, name=None):
"""
Update the name or the password for a server.
:param server: The :class:`Server` (or its ID) to update.
:param name: Update the server's name.
"""
if name is None:
return
body = {
"server": {
"name": name,
},
}
self._update("/servers/%s" % base.getid(server), body)
This indicates that you can update the name of a server by POST-ing
the following JSON to http://nova-api:port/v2.0/servers/{server-id}:
{
"server": {
"name": "new_name"
}
}
Of course, all of the usual authentication headers (namely X-Auth-Token
from your Keystone server) are still required, so it is probably easier to
use a client library for whatever language you prefer to manage all that.
I have a website set on a specific domain which is completely separated from my couchdb url through rewrites and virtual hosts, and I got to a point where I need to add some user authentication using _sessions API but I'm afraid I can't do it with rewrites:
{
"from": "auth",
"to": "../../../_session"
}
gives me:
{"error":"insecure_rewrite_rule","reason":"too many ../.. segments"}
which is acceptable, but now I'm wondering how would I get the session authentication to work from my domain without exposing couchdb url, and also, the session seems to be related to the domain so if I login through couchdb.example.com it won't work when using mywebsite.com as the public interface?
Thanks
PS. I've just found this post where there's an alternative by disabling secure_rewrites on the httpd config file, which seems to work, although, I was wondering that perhaps might be not a good approach and if is there something else which is ideal for this kind of problem.
I recommend to set secure_rewrites=false and don't worry about it.
We had a great discussion about CouchDB rewrites and security in the Iris Couch forum. Also see my post later about using Audit CouchDB. These are the highlights:
The secure_rewrites option is not the ultimate source of security for your data. At best, it is one layer in a multi-layer solution
The ultimate source of security is the _security object in the database. So that is where you should focus your attention
The Audit CouchDB tool scans every detail about your couch and it will tell you if any red-flags are present. It is implemented in Javascript so if you have NodeJS, you can run it; or simply reading the source code gives you an idea of what it is looking for.
If you are using vhost, than /_session handler is available at the vhost root without any rewrite rules (by default).
See the section [httpd] of default.ini:
vhost_global_handlers = _utils, _uuids, _session, _oauth, _users