I have a cakephp2.3 based project with table name "user_master".
I am using ejabberd chat application and ejabberd user table name is "user".
I am using convers.js client.
Now i am facing problem to use my existing project user with XMPP ejabberd to authenticate , send friend request , chat with friends.
I tried using external auth but it allowed me to login even if I add wrong credentials on ejabberd server using http://localhost:5280/admin link.
I am using Ubuntu and i have add all types of setting.It is working fine if i use it as stand alone application but when i want use it for my existing user it stopped working.
Ejabberd Server : http://localhost:5280/admin
External authentication configuration in "ejabberd.cfg" file.
{auth_method, external}.
{extauth_program, "/etc/ejabberd/auth.php"}.
External authentication file "auth.php".
<?php
require 'ejabberd_external_auth.php';
class Auth extends EjabberdExternalAuth {
protected function authenticate($user, $server, $password) {
$stmt = $this->db()->prepare("SELECT username FROM users WHERE username = ? AND password = ? ");
$stmt->execute(array($user, $password));
if($stmt->rowCount() >= 0 )
{
return true;
}
else
{
return false;
}
}
protected function exists($user, $server) {
$stmt = $this->db()->prepare("SELECT username FROM users WHERE username = ? ");
$stmt->execute(array($user));
if($stmt->rowCount() >= 0 )
{
return true;
}
else
{
return false;
}
}
}
$pdo = new PDO('mysql:dbname=ejabberd;host=localhost', 'root', 'root');
new Auth($pdo, 'auth.log');
Thanks in advance
Related
I'm using Keycloak version 20.0.2 with stock LDAP Federation Provider, unsynced. I need for roles to be loaded from an external database but not necessarily synced with Keycloak, roles can be synced with Keycloak but preferably I would like for the roles to be looked up from external database at login and when I view the user from admin console but roles not defined in keycloak.
I don't want roles synced when LDAP users are loaded from LDAP, I need for the roles to be dynamically looked up from the database.
I have tried to use AbstractLDAPStorageMapper with JTA datasource and I am able to retrieve a list of roles in a List format when I view my user in admin console but the roles aren't defined.
#Override
public Stream<RoleModel> getRoleMappingsStream() {
System.out.println("]--> getRoleMappingsStream");
Stream<RoleModel> roleMappings = super.getRoleMappingsStream();
String email = delegate.getEmail();
List<String> rolesDB = getRolesFromDB(email);
for (String roleDB : rolesDB){
System.out.println("]--> " + roleDB);
RoleModel roleModel = realm.getRole(roleDB);
if (roleModel == null){
roleModel = realm.addRole(roleDB);
logger.debugf("Adding role [%s] ", roleDB);
System.out.println("[--> Adding role " + roleDB);
}
logger.debugf(
"Granting role [%s] to user [%s] during user import from LDAP",
roleDB,
email
);
System.out.println("Granting role " + roleDB + " to user " + email + " during user import from LDAP");
delegate.grantRole(roleModel);
roleMappings = Stream.concat(roleMappings, Stream.of(roleModel));
}
RoleModel role = getRole(realm);
if (role != null) {
roleMappings = Stream.concat(roleMappings, Stream.of(role));
}
return roleMappings;
}
It turned out that my code worked, my function getRolesFromDB wasn't returning any values. After fixing the function the code started working.
I am trying to implement identityServer4 with Asp.netIdentity.Mongo with support for registration, 2fa and email confirmation. But i get “InvalidOperationException: Scheme already exists: Identity.Application” when I run the code.
services
.AddIdentityWithMongoStores(connection)
.AddDefaultMongoTokenProviders();
services.AddIdentityServer(
options =>
{
options.Events.RaiseSuccessEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseErrorEvents = true;
}
)
.AddMongoRepository()
.AddMongoDbForAspIdentity<ApplicationUser, Microsoft.AspNetCore.Identity.MongoDB.IdentityRole>(Configuration)
.AddClients()
.AddIdentityApiResources()
.AddPersistedGrants()
.AddProfileService<ProfileService>()
.AddDeveloperSigningCredential();
I am setting up a simple REST Service in ColdFusion 11. The web server is IIS 8.5 on Windows Server 2012R2.
This REST Service needs to be secured to prevent unauthorized users from accessing/writing data. For the time being, there will be only one authorized user, so I want to keep authentication/authorization as simple as possible. My initial thought is to use HTTP BASIC Authentication.
Here's the setup for the REST Service:
Source Directory: C:\web\site1\remoteapi\
REST path: inventory
To implement this, I configured the source directory of the REST Service in IIS to authorize only one user, disable Anonymous authentication, and enable Basic authentication.
When I call the source directory directly in a browser (i.e. http://site1/remoteapi/inventory.cfc?method=read), I am presented with the Basic authentication dialog.
However, when I attempt to request the REST path (http://site1/rest/inventory/), I am not challenged at all.
How can I implement HTTP BASIC authentication on the REST path?
So, due to the need to get this done without much delay, I went ahead and using some principles from Ben Nadel's website, I wrote my own authentication into the onRequestStart() method of the REST Service's Application.cfc. Here is the basic code, though it uses hard-coded values in the VARIABLES scope to validate the username and password and also does not include any actual "authorization" setting:
public boolean function onRequestStart(required string targetPage) {
LOCAL.Response = SUPER.onRequestStart(ARGUMENTS.targetpage);
if (!StructKeyExists(GetHTTPRequestData().Headers, "Authorization")) {
cfheader(
name="WWW-Authenticate",
value="Basic realm=""REST API Access"""
);
LOCAL.RESTResponse = {
status = 401,
content = {Message = "Unauthorized"}
};
restSetResponse(LOCAL.RESTResponse);
}
else {
LOCAL.IsAuthenticated = true;
LOCAL.EncodedCredentials =
GetToken( GetHTTPRequestData().Headers.Authorization, 2, " " );
// Credential string is not Base64
if ( !ArrayLen(
REMatch(
"^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)$",
LOCAL.EncodedCredentials
)
)
) {
LOCAL.IsAuthenticated = false;
}
else {
// Convert Base64 to String
LOCAL.Credentials =
ToString(ToBinary( LOCAL.EncodedCredentials ));
LOCAL.Username = GetToken( LOCAL.Credentials, 1, ":" );
LOCAL.Password = GetToken( LOCAL.Credentials, 2, ":" );
if ( LOCAL.Username != VARIABLES.CREDENTIALS.Username
|| LOCAL.Password != VARIABLES.CREDENTIALS.Password
) {
LOCAL.IsAuthenticated = false;
}
}
if (!LOCAL.IsAuthenticated) {
LOCAL.Response = {
status = 403,
content = {Message = "Forbidden"}
};
restSetResponse(LOCAL.Response);
}
}
return LOCAL.Response;
}
This is the issue what i am facing
Localhost
Test mail with SMTP settings work
New user creation mail using the above smtp settings work
Server
Test mail with SMTP settings work
New user creation mail using the above smtp settings doesn't work
I echoed the mail smtp settings in both the cases and they are exactly same. The error i am getting is
SMTP -> ERROR: Failed to connect to server: php_network_getaddresses:
getaddrinfo failed: Name or service not known (0)SMTP Connect()
failed.
Any suggestions would be helpful.
I further debug it. The behavior turns out to be wierd
if (isset($_POST['User']))
{
if (UserUtil::validateAndSaveUserData($model, $_POST))
{
$mailer = new UiMailer();
$mailer->setFrom('fromAddress', 'fromName');
$mailer->setTo('toaddress');
$mailer->setSubject('Test subject');
$mailer->setBody('Test Body');
$mailer->Mailer = 'smtp';
$mailer->Username = 'username';
$mailer->Password = 'password';
$mailer->Host = 'host';
$mailer->Port = 25;
$mailer->SMTPAuth = true;
$status = $mailer->send() ? true : false;
if($status == true)
{
print "Sucess";
}
else
{
print $mailer->ErrorInfo . "</br>";
print "Failuere";
}
exit;
}
}
If i comment the call if (UserUtil::validateAndSaveUserData($model, $_POST)), it works fine. In the function i am validating and saving models using Yii framework. I further debug the function. I have the following relation in the system
User has one person
User has one address
So in the above call, if i comment the address part which $model->address->attributes or $model->address->validate or $model->address->save(), it works fine. The save functionality for address works fine. There are no issues related to it.
I am trying to pre-bind an XMPP session via XMPHP and pass the rid/sid/jid to a strophe client to attach to the session.
connection code here:
$conn = new CIRCUIT_BOSH('server.com', 7070, $username, $pass, $resource, 'server.com', $printlog=true, $loglevel=XMPPHP_Log::LEVEL_VERBOSE);
$conn->autoSubscribe();
try{
$conn->connect('http://xmpp.server.com/http-bind', 1, true);
$log->lwrite('Connected!');
}catch(XMPPHP_Exception $e){
die($e->getMessage());
}
I am getting the rid and sid but the fulljid in the $conn object stays empty and I cant see a session started on my openfire admin console.
If I create the jid manually by using the given resource and passing jid/rid/sid to strophe to use in attach, I get the ATTACHED status and I see calls from the client to the BOSH ip but I still dont see a session and I cant use the connection.
Strophe Client Code:
Called on document ready:
var sid = $.cookie('sid');
var rid = $.cookie('rid');
var jid = $.cookie('jid');
$(document).trigger('attach', {
sid: sid,
rid: rid,
jid: jid,
});
$(document).bind('attach', function (ev, data) {
var conn = new Strophe.Connection(
"http://xmpp.server.com/http-bind");
conn.attach(data.jid, data.sid, data.rid, function (status) {
if (status === Strophe.Status.CONNECTED) {
$(document).trigger('connected');
} else if (status === Strophe.Status.DISCONNECTED) {
$(document).trigger('disconnected');
} else if (status === Strophe.Status.ATTACHED){
$(document).trigger('attached');
}
});
Object.connection = conn;
});
I think the problem starts on the XMPPHP side which is not creating the session properly.
'attached' is triggered but never 'connected', is status 'connected' supposed to be sent?
What am I missing?
Ok, solved, I saw that XMPPHP lib didn't create a session at all on the openfire server, so I wrote a simple test for the XMPP class which was good and created the session, and for the XMPP_BOSH class that didn't manage create one. Then I saw the issue report here: http://code.google.com/p/xmpphp/issues/detail?id=47 comment no.9 worked, it fixed the issue by copying the processUntil() function from the XMLStream.php to BOSH.php, still can't figure out why this is working. Then I found I had an overlapping bug also with some of the passwords set for users on the openfire server. These passwords contained these ! # % ^ characters, for some reason the XMPP_BOSH is sending the password corrupted or changed so I got Auth Failed exception. Changing the password fixed the issue and I can now attach to the session XMPPHP created with the Strophe.js library.