How to use passport-local to authenticate in composer rest server - hyperledger-composer

I want to use passport-local to authenticate user to login into composer rest server like other passport strategies ( e.g passport-github,passport-google).
So first I try to set COMPOSER_PROVIDER variable like this
"local": {
"provider": "local",
"module": "passport-local",
"usernameField": "username",
"passwordField": "password",
"authPath": "/auth/local",
"successRedirect": "/",
"failureRedirect": "/"}
Then i run the server in docker (with mongo as persisted datasource) and add some user in database collection
The question is what's next step that i need to use this passport.Because i run this command and still get response with 401 Unauthorized
curl -H "Content-Type: application/json" -X POST -d
'{"username":"{USER_NAME}","password":"{USER_PASSWORD}"}'
http://localhost:3000/auth/local
Is it not enough to use this passport? Does i need to start another service to locally authenticate this login (e.g. GitHub oAuth Application )?

It is possible to customize your composer-rest-server, based on the loopback framework, according to your requirements.
I suggest to read this tutorial from the official documentation.
https://hyperledger.github.io/composer/latest/integrating/customizing-the-rest-server

I wanted to do that also initially, but then I just edit the server.js file on the composer rest server for basic auth at the end.
check where your composer-rest-server is stored
npm root -g
Open where server.js is located
cd /home/ubuntu/.nvm/versions/node/v8.10.0/lib/node_modules/composer-rest-server/server
Add this to the code
const basicauth = require('basicauth-middleware');
app.use(basicauth('username', 'password!');

Related

Spring oauth jwt browser works while curl fails

I have followed this blog for spring oauth jwt: https://medium.com/#nydiarra/secure-a-spring-boot-rest-api-with-json-web-token-reference-to-angular-integration-e57a25806c50
In a browser like Chrome or IE edge, when I go to https://infinite-tundra-6984.herokuapp.com/springjwt/cities, I am prompted to enter username and password.
For standard user:
username: john.doe
password: jwtpass
For Admin:
username: admin.admin
password: jwtpass
It works as expected.
However, when I use curl:
curl testjwtclientid:MaYzkSjmkzPC57L#infinite-tundra-6984.herokuapp.com/oauth/token -d grant_type=password -d username=admin.admin -d password=jwtpass
I get a token like:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsidGVzdGp3dHJlc291cmNlaWQiXSwidXNlcl9uYW1lIjoiYWRtaW4uYWRtaW4iLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiZXhwIjoxNTA4MTMxNzQwLCJhdXRob3JpdGllcyI6WyJTVEFOREFSRF9VU0VSIiwiQURNSU5fVVNFUiJdLCJqdGkiOiIyNjVmYmY5OS0wYWU3LTQ0MmQtOThjNy03ZTkxMmFhYWZlNWYiLCJjbGllbnRfaWQiOiJ0ZXN0and0Y2xpZW50aWQifQ.exXHqinGAfoPYLFYxhiWIsEg1FSSHxw34Snxdk0AqnU
Then I do:
curl https://infinite-tundra-6984.herokuapp.com/springjwt/cities -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsidGVzdGp3dHJlc291cmNlaWQiXSwidXNlcl9uYW1lIjoiYWRtaW4uYWRtaW4iLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiZXhwIjoxNTA4MTMxNzQwLCJhdXRob3JpdGllcyI6WyJTVEFOREFSRF9VU0VSIiwiQURNSU5fVVNFUiJdLCJqdGkiOiIyNjVmYmY5OS0wYWU3LTQ0MmQtOThjNy03ZTkxMmFhYWZlNWYiLCJjbGllbnRfaWQiOiJ0ZXN0and0Y2xpZW50aWQifQ.exXHqinGAfoPYLFYxhiWIsEg1FSSHxw34Snxdk0AqnU"
I get a 401
Can someone give me some hints on the differences between the two ways of accessing secured content?
It seems like, with the curl/token access, it can't figure out my role
I missed this step.
In application.properties, I need to add this line:
security.oauth2.resource.filter-order = 3
This has caused me so much time

Configuring the Hyperledger Composer REST server with a persistent data store

I am following this tutorial
https://hyperledger.github.io/composer/integrating/deploying-the-rest-server.html
I have done all the steps. But when I run rest-server through github, it prints following stack trace.
Error
404 Cannot GET /auth/github
status: 404
Error: Cannot GET /auth/github
at raiseUrlNotFoundError (/home/praval/.nvm/versions/node/v6.11.1/lib/node_modules/composer-rest-server/node_modules/loopback/server/middleware/url-not-found.js:21:17)
I presume you installed the Github strategy via npm install -g passport-github?
If so did it create a folder /auth/github?
You are required to go to this Folder per documentation: "Authenticate to the REST server by navigating to the value of the authPath property specified in the environment variable COMPOSER_PROVIDERS. In the example above, this is http://localhost:3000/auth/github"
In my case that folder was not created. I read on Github website: https://github.com/cfsghost/passport-github
"The author of Passport-Github has not maintained the original module for a long time. Features in his module don't work since Github upgraded their API to version 3.0. We forked it and re-published it to NPM with a new name passport-github2"
I'm looking for guidance on this.
Before create private api just execute this command in your terminal.
export COMPOSER_PROVIDERS='{
"github": {
"provider": "github",
"module": "passport-github",
"clientID": "<your id>",
"clientSecret": "<your secret>",
"authPath": "/auth/github",
"callbackURL": "/auth/github/callback",
"successRedirect": "http://localhost(domain of angular app):4200(port)/home(page to redirect)",
"failureRedirect": "http://localhost(domain of angular app):4200(port)/login-github(page to redirect)""
}
}'
To check if all is fine - run command
echo $COMPOSER_PROVIDERS
After this you will see your COMPOSER_PROVIDERS value.
And after in github profile app (https://github.com/settings/applications/) you must configure "Homepage URL" (ex. http://APIdomain:3000/) and "Authorization callback URL" (ex. http://APIdomain:3000/auth/github/callback)

How to set twitter app consumer credentials in amazon cognito via CLI

Trying out this from the CLI
aws cognito-identity update-identity-pool \
--identity-pool-id MyIdentityPoolId \
--identity-pool-name MyIdentityPoolName \
--allow-unauthenticated-identities \
--supported-login-providers graph.facebook.com=MyFacebookAppId,api.twitter.com=MyTwitterConsumerKey;MyTwitterConsumerSecret \
--region $MyRegion
The CLI response says:
{
"SupportedLoginProviders": {
"api.twitter.com": "MyTwitterConsumerKey",
"graph.facebook.com": "MyFacebookAppId"
},
"AllowUnauthenticatedIdentities": true,
"IdentityPoolName": "MyIdentityPoolName",
"IdentityPoolId": "MyIdentityPoolId"
}
MyTwitterConsumerSecret: command not found
Unlike configuring facebook (which requires only one credential (the FacebookAppId), configuring twitter requires 2 credentials (ConsumerKey and ConsumerSecret).
If i am delimiting the 2 credentials by a semi-colon, looks like only the first part is getting set in the twitter configuration for amazon cognito. Screenshot attached.
What is the format to pass BOTH ConsumerKey and ConsumerSecret for configuring twitter?
I referred to these AWS docs:
Update Identity Pool via CLI
Create Identity Pool via CLI
Configuring Twitter/Digits with Amazon Cognito
Ok. How silly. Simply needed to scope the credentials for --supported-login-providers within double-quotes.
--supported-login-providers graph.facebook.com="MyFacebookAppId",api.twitter.com="MyTwitterConsumerKey;MyTwitterConsumerSecret"
Then it worked.
{
"SupportedLoginProviders": {
"api.twitter.com": "MyTwitterConsumerKey;MyTwitterConsumerSecret",
"graph.facebook.com": "MyFacebookAppId"
},
"AllowUnauthenticatedIdentities": true,
"IdentityPoolName": "MyIdentityPoolName",
"IdentityPoolId": "MyIdentityPoolId"
}
Screenshot attached.

Heroku Parse Server & Mailgun with templates

Ive been trying to get Mailgun with templates working on my parse server currently running on Heroku.
At the moment I am running fine with parse-server-simple-mailgun-adapter
which comes preinstalled in parse server.
However i am unsure on how to install parse-server-mailgun-adapter-template
or parse-server-mailgun which allow you to use HTML templates for emails...
On Heroku my files are sync'd from Dropbox and deployed. Could someone please give me a step by step guide on how to install and go about this.
Thanks in advance
leveraging custom email adapter is done when you initialise ParseServer .
so in order to use parse-server-mailgun-adapter-template (for example) you need to do the following steps:
Open index.js file of your parse server project
Go to the line where ParseServer is being initialised. It should look like the following:
var api = new ParseServer({
databaseURI: databaseUri || 'mongodb://localhost:27017/db',
cloud: process.env.CLOUD_CODE_MAIN || __dirname + '/cloud/main.js',
...
In terminal go to the folder where your parse server is installed and run the following command:
npm install parse-server-mailgun-adapter-template --save
this will install the parse-server-mailgun-adapter-template module to your parse server app (by adding it to package.json and execute npm install)
Add a new object inside the constructor with the name of emailAdapter, specify the adapter that you want to use under module and then add all the relevant properties that this custom adapter expect to receive so for parse-server-mailgun-adapter-template it will be
emailAdapter: {
module: 'parse-server-mailgun-adapter-template',
options: {
// The address that your emails come from
fromAddress: 'no-reply#yourdomain.com',
// Your domain from mailgun.com
domain: 'mg.yourdomain.com',
// Your API key from mailgun.com
apiKey: 'key-0123456789abcdefghijklmnopqrstuv',
// Verification email subject
verificationSubject: 'Please verify your e-mail for %appname%',
// Verification email body
verificationBody: 'Hi,\n\nYou are being asked to confirm the e-mail address %email% with %appname%\n\nClick here to confirm it:\n%link%',
//OPTIONAL (will send HTML version of email):
verificationBodyHTML: fs.readFileSync("./verificationBody.html", "utf8") || null,
// Password reset email subject
passwordResetSubject: 'Password Reset Request for %appname%',
// Password reset email body
passwordResetBody: 'Hi,\n\nYou requested a password reset for %appname%.\n\nClick here to reset it:\n%link%',
//OPTIONAL (will send HTML version of email):
passwordResetBodyHTML: "<!DOCTYPE html><html xmlns=http://www.w3.org/1999/xhtml>........"
}
}
That's it. Now you can add your custom templates for email verification and password reset and sending emails .

create project for sonarqube with the rest-api / web-api

we try to automate the creation of projects (including user/group Management) in sonarqube and I already found the Web-API-documentation in our sonarqube 5.6-Installation. But if I try to create a project with the following settings
JSON-File create-project.json:
{"key": "test1", "name": "Testprojekt1"}
curl-request
curl --noproxy '*' -D -X POST -k -u admin:admin -H 'content-type: application/json' -d create_project.json http://localhost:9000/api/projects/create
I get the Error:
{"err_code":400,"err_msg":"Missing parameter: key"}
It's a bit strange because if I try e.g. the URL:
http://localhost:9000/api/projects/index
I get the list of the projects I created manuelly and if I try a request like
curl -u admin:admin -X POST 'http://localhost:9000/api/projects/create?key=myKey&name=myProject'
it works too, but I would like to use the new api because it looks like it support much more function that the 4.X API of sonarqube.
Maybe someone here can help me with this problem, if would very thanksful for every useful hint.
best regards
Dan
I found this question because I got the same "parameter missing" error message.
So what we both did not understand: The SQ API expects the parameters as plain URL parameters and not as json formatted parameters as most REST APIs do today.
PS: Would be nice if this could be added to the SQ documentation.

Resources