SQL to create .Net Membership Provider users - asp.net-membership

I have a SQL script that creates users in in my database.
It uses the .Net membership stored procs.
At this point it works fine.
The only issue is that the passwords are saved clear text. What should I change here to they are salted/encrypted (Not sure what term to use here)
GO
DECLARE #return_value int,
#UserId uniqueidentifier
EXEC #return_value = [dbo].[aspnet_Membership_CreateUser]
#ApplicationName = N'Theater',
#UserName = N'sam.sosa',
#Password = N'mypassword',
#PasswordSalt = N'eyhKDP858wdrYHbBmFoQ6DXzFE1FB+RDP4ULrpoZXt6f',
#Email = N'sam#Simple.com',
#PasswordQuestion = N'Whats your favorite color',
#PasswordAnswer = N'Fusia',
#IsApproved = 1,
#CurrentTimeUtc = '2010-03-03',
#CreateDate = '2010-03-03',
#UniqueEmail = 1,
#PasswordFormat = 0,
#UserId = #UserId OUTPUT
SELECT #UserId as N'#UserId'
SELECT 'Return Value' = #return_value
GO
thanks!


Under the hood it looks like for the "Hashed" password storage mode, it simply calculates:
SHA1(Salt + Password)
The Salt is stored Base64 encoded, so it must be decoded prior to being concatenated with the (Unicode) password. Finally, the result is Base64 encoded for storage.
The following (horrible) SQL will output a suitably encoded value which can be substituted in place of the "mypassword" that you currently have. You must also set #PasswordFormat to 1 to indicate that the password is stored hashed.
declare #salt nvarchar(128)
declare #password varbinary(256)
declare #input varbinary(512)
declare #hash varchar(64)
-- Change these values (#salt should be Base64 encoded)
set #salt = N'eyhKDP858wdrYHbBmFoQ6DXzFE1FB+RDP4ULrpoZXt6f'
set #password = convert(varbinary(256),N'mypassword')
set #input = hashbytes('sha1',cast('' as xml).value('xs:base64Binary(sql:variable(''#salt''))','varbinary(256)') + #password)
set #hash = cast('' as xml).value('xs:base64Binary(xs:hexBinary(sql:variable(''#input'')))','varchar(64)')
-- #hash now contains a suitable password hash
-- Now create the user using the value of #salt as the salt, and the value of #hash as the password (with the #PasswordFormat set to 1)
DECLARE #return_value int,
#UserId uniqueidentifier
EXEC #return_value = [dbo].[aspnet_Membership_CreateUser]
#ApplicationName = N'Theater',
#UserName = N'sam.sosa',
#Password = #hash,
#PasswordSalt = #salt,
#Email = N'sam#Simple.com',
#PasswordQuestion = N'Whats your favorite color',
#PasswordAnswer = N'Fusia',
#IsApproved = 1,
#CurrentTimeUtc = '2010-03-03',
#CreateDate = '2010-03-03',
#UniqueEmail = 1,
#PasswordFormat = 1,
#UserId = #UserId OUTPUT
SELECT #UserId as N'#UserId'
SELECT 'Return Value' = #return_value

Related

Surreal DB - Query from Sets

I have created an author user in surreal DB like this:
CREATE author:shivam SET
name.first = 'Shivam',
name.last = 'Sahil',
name.full = string::join(' ', name.first, name.last),
age = 23,
admin = true,
signup_at = time::now()
;
Now I want to query all the authors, but when I do:
SELECT * FROM author;
I get 0 results.
Is it supposed to be queried in some other way?

What you did should work well as you can see here
Don't forget to start your server with something like this for example
surreal start --log info --user root --pass root memory
and log-in as in my above screenshot with:
surreal sql --conn http://localhost:8000 --ns yoloswag --db compabie
Then, your create query and select should work well!
Alternatively, you can give a try to that video or documentation's quick start.
Creating another author like this is properly fetched afterwards.
CREATE author:123 SET
name.first = 'bob',
name.last = 'hoh',
name.full = string::join(' ', name.first, name.last),
age = 30,
admin = false,
signup_at = time::now()
;
Don't forget that 123 is supposed to be a unique ID (a string should be fine tho).

DocuSign Require Signing Document Twice with Different Tabs

I have a document that is using tabs to fill a document. The document is signed before and after completion of a task. Is it possible to modify tabs on an envelope - then re-generate an DocuSign_eSign::RecipientViewRequest (still having the initial signature / fields)?
Thus far I've been able to generate two DocuSign_eSign::RecipientViewRequest, but cannot figure out how to change the tabs in between signing:
PRE_SIGNER = 'pre_signer'
POST_SIGNER = 'post_signer'
PRIVATE_KEY = CREDENTIALS['private_key']
PUBLIC_KEY = CREDENTIALS['public_key']
USER_ID = CREDENTIALS['user_id']
CLIENT_ID = CREDENTIALS['client_id']
ACCOUNT_ID = CREDENTIALS['account_id']
BASE_URL = CREDENTIALS['base_url']
configuration = DocuSign_eSign::Configuration.new
configuration.host = "#{BASE_URL}/restapi"
configuration.debugging = true
api_client = DocuSign_eSign::ApiClient.new(configuration)
api_client.base_path = BASE_URL
envelope_api = DocuSign_eSign::EnvelopesApi.new(api_client)
pre_signer_text = DocuSign_eSign::Text.new
pre_signer_text.value = 'Alpha'
pre_signer_text.tab_label = 'pre_value'
pre_signer = DocuSign_eSign::Signer.new
pre_signer.role_name = PRE_SIGNER
pre_signer.client_user_id = PRE_SIGNER
pre_signer.recipient_id = 1
pre_signer.name = 'Kevin Sylvestre'
pre_signer.email = 'kevin#fake.com'
pre_signer.tabs = DocuSign_eSign::Tabs.new
pre_signer.tabs.text_tabs = [pre_signer_text]
post_signer = DocuSign_eSign::Signer.new
post_signer.role_name = POST_SIGNER
post_signer.client_user_id = POST_SIGNER
post_signer.recipient_id = 2
post_signer.name = 'Kevin Sylvestre'
post_signer.email = 'kevin#fake.com'
post_signer.tabs = DocuSign_eSign::Tabs.new
post_signer.tabs.text_tabs = []
server_template = DocuSign_eSign::ServerTemplate.new
server_template.sequence = 0
server_template.template_id = TEMPLATE_ID
inline_template = DocuSign_eSign::InlineTemplate.new
inline_template.sequence = 0
inline_template.recipients = DocuSign_eSign::Recipients.new
inline_template.recipients.signers = [
pre_signer,
post_signer,
]
composite_template = DocuSign_eSign::CompositeTemplate.new
composite_template.server_templates = [server_template]
composite_template.inline_templates = [inline_template]
envelope_event = DocuSign_eSign::EnvelopeEvent.new
envelope_event.envelope_event_status_code = 'completed'
envelope_definition = DocuSign_eSign::EnvelopeDefinition.new
envelope_definition.status = 'sent'
envelope_definition.composite_templates = [composite_template]
api_client.request_jwt_user_token(CLIENT_ID, USER_ID, PRIVATE_KEY)
envelope = envelope_api.create_envelope(ACCOUNT_ID, envelope_definition)
pre_signer_recipient_view_request = DocuSign_eSign::RecipientViewRequest.new
pre_signer_recipient_view_request.authentication_method = 'none'
pre_signer_recipient_view_request.client_user_id = PRE_SIGNER
pre_signer_recipient_view_request.user_name = 'Kevin Sylvestre'
pre_signer_recipient_view_request.email = 'kevin#fake.com'
pre_signer_recipient_view_request.return_url = 'https://ksylvest.com'
pre_recipient_view = envelope_api.create_recipient_view(ACCOUNT_ID, envelope.envelope_id, pre_signer_recipient_view_request)
url = pre_recipient_view.url
`open #{url}`
puts "Continue?"
gets
# at this point I'd like to enter values for tabs...
post_signer_text = DocuSign_eSign::Text.new
post_signer_text.value = 'Omega'
post_signer_text.tab_label = 'post_value'
post_signer_recipient_view_request = DocuSign_eSign::RecipientViewRequest.new
post_signer_recipient_view_request.authentication_method = 'none'
post_signer_recipient_view_request.client_user_id = POST_SIGNER
post_signer_recipient_view_request.user_name = 'Kevin Sylvestre'
post_signer_recipient_view_request.email = 'kevin#fake.com'
post_signer_recipient_view_request.return_url = 'https://ksylvest.com'
post_recipient_view = envelope_api.create_recipient_view(ACCOUNT_ID, envelope.envelope_id, post_signer_recipient_view_request)
url = post_recipient_view.url
`open #{url}`

You could add the same person to sign twice, as two separate recipients that are the same person. You can generate different recipient views. You can set the routing order to be different. Only reason I didn't post this as an answer is that you may mean that you need to pause the envelope?
you can add tabs using your code where you have post_signer.tabs, but if you want to modify existing tabs that came from the template then you have to create the envelope in draft mode ("created") and then make a different API call to modify the tabs and then a final API call to send it. Another option is to pause the envelope and "correct" it.
Pause envelope workflow code examples
https://github.com/docusign/docusign-esign-ruby-client/blob/c477b07c2f578214fdf7d0c5a33355f01e9a0b4e/lib/docusign_esign/api/envelopes_api.rb#L6132 update_recipients() method should do the trick...

Modifying a specific part of the name of a DT in R

I have the following DT
structure(list(HKU47_PSG_1_HW_0.txt = 66611.1718226969, HKU47_PSG_1_HW_1.txt = 66254.5524579138,
HKU47_PSG_1_HW_2.txt = 66972.3593176305, HKU47_PSG_1_HW_3.txt = 68419.8681965619,
HKU47_PSG_1_HW_4.txt = 66841.3761239946, HKU47_PSG_1_HW_5.txt = 66196.5383069813), .Names = c("HKU47_PSG_1_HW_0.txt",
"HKU47_PSG_1_HW_1.txt", "HKU47_PSG_1_HW_2.txt", "HKU47_PSG_1_HW_3.txt",
"HKU47_PSG_1_HW_4.txt", "HKU47_PSG_1_HW_5.txt"), row.names = c(NA,
-1L), class = c("data.table", "data.frame"), .internal.selfref = <pointer: 0x0000000000100788>)
and I would like to have a clone of this DT cancelling from each column name this part of text HW_ and .txt. I would need something like names(data) <- c("new_name", "another_new_name") which works automatically for several DT I have. I do not have actually a clear idea how to do that.

You can use sub to replace HW_ with empty string, and replace .txt with empty string, effectively removing those parts from the names:
names(data) <- sub('HW_', '', sub('\\.txt', '', names(data)))

"Not all variables are bound" Error when passing parameters

I'm using PL/SQL and I get the "Not all variables are bound" when I execute the sql expression. I'm selecting data by passing values into 3 parameters. Therefore "host variables" do not help me in here.
SELECT SomeApi1_Api.Get_Part_No(t.or_no, t.l_no, t.rel_no, t.item_no),
t.description,
c.serial_no,
c.lot_batch_no,
t.order_no,
t.line_no,
t.release_no,
SomeApi1_Api.Get_State(t.or_no, t.l_no, t.rel_no, t.item_no)
FROM TableView1 c,
TableView2 t
WHERE c.or_no = t.or_no
AND c.l_no = t.l_no
AND c.rel_no = t.rel_no
AND c.item_no = t.item_no
AND deliv_no IN (SELECT deliv_no
FROM TableView3 a
WHERE a.del_no IN (SELECT DISTINCT dele_no
FROM TableView3 cod,
TableView4 cdi
WHERE cod.deliv_no = cdi.deliv_no
AND cdi.i_id = t.i_id
AND cdi.item_id = t.item_id
AND cdi.co = t.co
AND a.or_no = t.or_no
AND a.l_no = l_no
AND a.rel_no = rel_no
AND a.item_no = item_no))
AND t.i_id = '&A'
AND t.item_id = '&B'
AND t.co = '&C'

Passing huge XML from C#/.Net to Oracle Stored Procedure via CLOB parameter - ORA-01008: not all variables bound

Environment:
Server: Oracle 11.2g server on a 64-bit windows 2008
Client: Oracle 11g client on Windows XP SP3, ASP.Net 4.0, Visual Studio 2010, C#
Input size of XML ~ 1,206,500 characters (Calculated based on the maximum data that I would have).
Scenario:
The web application generates the XML that the oracle stored procedure uses to update a table in the database. Since the XML size is pretty large, the Stored Procedure Parameter type chosen is CLOB instead of LONG as LONG has a limitation of 32760 characters.
Problem:
Using CLOB as the parameter type throws up the error "ORA-01008: not all variables bound" for the same stored procedure code which works perfectly for the parameter type as LONG (and XML length < 32760)
C# Code for invoking stored procedure:
OracleCommand DbUpdateCommand = null;
OracleLob tempLOB = null;
DbUpdateCommand.CommandText = "declare xx clob; begin dbms_lob.createtemporary(xx, false, 0); :tempclob := xx; end;";
DbUpdateCommand.Parameters.Add(new OracleParameter("tempclob", OracleType.Clob)).Direction = ParameterDirection.Output;
DbUpdateCommand.ExecuteNonQuery();
//Assign the value to the LOB
tempLOB = (OracleLob)DbUpdateCommand.Parameters[0].Value;
tempLOB.BeginBatch(OracleLobOpenMode.ReadWrite);
//Convert the string to byte array to write to LOB
UnicodeEncoding encoding = new UnicodeEncoding();
byte[] renewalDetailXMLBytes = encoding.GetBytes(renewalDetailXML);
tempLOB.Write(renewalDetailXMLBytes, 0, renewalDetailXMLBytes.Length);
tempLOB.EndBatch();
DbUpdateCommand.CommandText = "P_WEB_PRDCR_RNEW_UPDT";
DbUpdateCommand.CommandType = System.Data.CommandType.StoredProcedure;
DbUpdateCommand.Parameters.Add("PN_KEY_AGNT_RNEW_HDR",
System.Data.OracleClient.OracleType.Number, 12).Value = agentRenewalHeader;
DbUpdateCommand.Parameters.Add("PN_KEY_CO",
System.Data.OracleClient.OracleType.Number, 12).Value = companyCode;
DbUpdateCommand.Parameters.Add("PC_RNWL_DETL_XML",
System.Data.OracleClient.OracleType.Clob).Value = tempLOB;
DbUpdateCommand.Parameters.Add("PS_USR_NM",
System.Data.OracleClient.OracleType.VarChar,255).Value = userName;
DbUpdateCommand.ExecuteNonQuery();
Oracle Stored Procedure Code:
CREATE OR REPLACE PROCEDURE DOIADMIN.P_WEB_PRDCR_RNEW_UPDT (
PN_KEY_AGNT_RNEW_HDR IN NUMBER,
PN_KEY_CO IN NUMBER,
PC_RNWL_DETL_XML IN CLOB,
PS_USR_NM IN VARCHAR2
)
AS
lx_rnew_detl_xml XMLTYPE;
lct_rnew_detl_cntx DBMS_XMLSAVE.ctxtype;
--Construct the complete xml for financial data
lx_rnew_detl_xml := XMLTYPE(PC_RNWL_DETL_XML);
--table to be updated with the xml
lct_rnew_detl_cntx := DBMS_XMLSAVE.newcontext('IL_AGNT_RNEW_DETL');
--Set the key column list
DBMS_XMLSAVE.SETKEYCOLUMN(lct_rnew_detl_cntx, 'KEY_AGNT_RNEW_HDR');
DBMS_XMLSAVE.SETKEYCOLUMN(lct_rnew_detl_cntx, 'KEY_CO');
DBMS_XMLSAVE.SETKEYCOLUMN(lct_rnew_detl_cntx, 'KEY_INDVDL_LIC');
--Set the udpate column
DBMS_XMLSAVE.SETUPDATECOLUMN(lct_rnew_detl_cntx, 'FLG_MARKED_FOR_CANCEL');
--update the table from the rows
ln_cntr := DBMS_XMLSAVE.UPDATEXML(lct_rnew_detl_cntx, lx_rnew_detl_xml.getCLOBVal());
DBMS_XMLSAVE.closecontext(lct_rnew_detl_cntx);
END p_web_prdcr_rnew_updt;
Anyone who has worked with passing large XML via CLOB parameter and converted that CLOB to XML in the stored procedure can please help? Any alternate approach to this problem would also be highly appreciated.
Thanks in advance.

Here is the C# code that fixed the issue. I was missing to clear the parameters before reusing the same command object.
C# Code
OracleCommand DbUpdateCommand = null;
OracleLob tempLOB = null;
DbUpdateCommand.CommandText = "declare xx clob; begin dbms_lob.createtemporary(xx, false, 0); :tempclob := xx; end;";
DbUpdateCommand.Parameters.Add(new OracleParameter("tempclob", OracleType.Clob)).Direction = ParameterDirection.Output;
DbUpdateCommand.ExecuteNonQuery();
//Assign the value to the LOB
tempLOB = (OracleLob)DbUpdateCommand.Parameters[0].Value;
tempLOB.BeginBatch(OracleLobOpenMode.ReadWrite);
//Convert the string to byte array to write to LOB
UnicodeEncoding encoding = new UnicodeEncoding();
byte[] renewalDetailXMLBytes = encoding.GetBytes(renewalDetailXML);
tempLOB.Write(renewalDetailXMLBytes, 0, renewalDetailXMLBytes.Length);
tempLOB.EndBatch();
DbUpdateCommand.CommandText = "P_WEB_PRDCR_RNEW_UPDT";
DbUpdateCommand.CommandType = System.Data.CommandType.StoredProcedure;
//Missing line - start
DbUpdateCommand.Parameters.Clear();
//Missing line - end
DbUpdateCommand.Parameters.Add("PN_KEY_AGNT_RNEW_HDR",
System.Data.OracleClient.OracleType.Number, 12).Value =
agentRenewalHeader;
DbUpdateCommand.Parameters.Add("PN_KEY_CO",
System.Data.OracleClient.OracleType.Number, 12).Value =
companyCode;
DbUpdateCommand.Parameters.Add("PC_RNWL_DETL_XML",
System.Data.OracleClient.OracleType.Clob).Value =
tempLOB;
DbUpdateCommand.Parameters.Add("PS_USR_NM",
System.Data.OracleClient.OracleType.VarChar,255).Value =
userName;
DbUpdateCommand.ExecuteNonQuery();

Resources