Joomla 2.5 how to detect failed front-end log-in attempt - plugins

I am developing a Joomla 2.5 system plug-in that needs to perform certain tasks when a front-end visitor has attempted a log-in but failed.
How can I detect in my system plug-in that a user authentication has failed?

There is an event onUserLoginFailure that you can catch.
onUserLoginFailure
Description: This event is triggered whenever a user authentication
request is failed by any plugin.
Parameters: Two parameters. The credentials array for the user (see
onAuthenticate), and the JAuthenticateResponse that caused the
failure.
Return Value: Unknown. The return value appears to be ignored in any
case.
Used in files: libraries/joomla/application/user/authentication.php
Reference: onUserLoginFailure

Related

Sugarcrm 8 XSRF

I've backup of ondemand instance for sugarcrm version 8.0.0 Enterprise Edition
It works normal for CRUD records and other stuff, but when I try to upload module via Zip it gives me following error
Cross Site Request Forgery (XSRF) Attack Detected
Form authentication failure (Administration -> UpgradeWizard). Contact your administrator.
I've tried following article
Troubleshooting Cross-Site Forgery Messages
But the problem still persists. The problem only occurs for BWC modules IMO.
EDIT: Before trying this work-around, check if you have the HTTP referer header disabled in your web browser, as that might be the reason for having the described problem in the first place.
If this is a local test/dev-instance you might want to add
['csrf']['soft_fail_form'] = true,
to your $sugar_config in config.php or config_override.php. That should cause the error to be logged only instead of aborting the action.
Note: This works on Sugar 7.9. I have yet to test it on 8.0.
Source: https://community.sugarcrm.com/community/developer/blog/2017/10/11/upcoming-security-changes-to-sugar
Add this lines in your config_override.php file
$sugar_config['http_referer']['list'][] = 'http://CHANGE_TO_YOUR_LOCAL_URL/';
$sugar_config['csrf']['soft_fail_form'] = true;

**mismatched input '\r\n' expecting RULE_AS_A** error thrown while editing in story file of Jbehave Editor

[Here is the attachment for the format that appears][1]
Currently I'm working on BDD framework using Jbehave. When started of with my story file writing it with Jbehave Editor. Following Errors occured
mismatched input '\r\n' expecting RULE_AS_A
mismatched input 'Scenario:' expecting RULE_I_WANT_TO
missing RULE_IN_ORDER_TO at 'Testing'
Here is my story file:
Narrative: Testing Connected Caseloads Module
Scenario: To verify the permission check for Connected Caseloads tab
Given User launch the application
When User provide valid user email id
And User Password
Then User should be logged in into Platform Application
Then Go to Configure tabs visibility
Then Check admin role is present by default
Then Add buyer role to Connected Caseload widget
And Logout of the application successfully
It would be helpful, If anyone assist me why the error occurs
Note: I'm able to run the script successfully, even though error is there in the story file

VSTS work item creation throttling issue with vsts-node-api

I’m developing a VSTS extension with a build task which should create up to 20,000 work items in a single build. Work items are created using WorkItemTrackingApi/createWorkItem function of vsts-node-api package. In current implementation, extension sends a request to create each work item, VSTS starts to throttle after creating about 100 work items.
Following are the errors logged in the build console.
• (2017-01-08T12:35:13.1385597Z Error: connect ETIMEDOUT 11.11.111:111:111)
• 2017-01-08T12:36:45.0090704Z Error: Failed Request: Internal Server Error(500) - TF246020: Microsoft SQL Server encountered an error while processing the results from one of the Team Foundation Server databases. The error may be caused by insufficient resources on the server. Wait a few minutes and try the operation again. If the problem persists, contact a SQL Server administrator.
2017-01-08T12:36:45.0090704Z ThrottlingMode = Unknown, MildResourceType = None, SignificantResourceType = None
Is there a way to create a bulk of work item with vsts-node-api?
Please advise how to resolve this.
There are the VSTS REST APIs for creating batches of work items, but the vsts-node-api does not wrap them up yet as of January 2017.
You may want to leverage directly the work item batch REST APIs of VSTS with your preferred JavaScript based library.
Please refer Create Large Amount of Work Items in TFS Using Javascript REST API
You can use below for authentication,
httpntlm.patch(options, function(err,res) {
console.log("patch complete");
console.log(res.body);
})

proget Failed to process request. 'There was an error processing the request: Invalid API key.'

I recently setup Proget to try its nuget and chocolatey servers. Now when I try to publish packages to nuget feed through a teamcity build, I keep on getting error "proget Failed to process request. 'There was an error processing the request: Invalid API key.'.". I've made 100% sure that the name and password are working fine and specified API key as per Proget doco (i.e. username:password ) . THat feed already has one package which I published on the day I installed Proget for trying out. What could have gone wrong?
I found a work around.
[1] I confirmed that my username:password combination is correct.
[2] Then I renamed that original feed to feed_old (or whatever you
want or even delete it if it doesn't have anything important in it) I
had created for trying out and which wasn't allowing publishing
through teamcity and giving the error message as per the question's
message.
[3] Created new feed with the name I wanted.
[4] Confirmed that the username I was using in API key had necessary
privileges to publish to this new feed I just created.
[5] Then tested the publishing to this feed through teamcity and
VOILA!! it worked.
I don't know why this happened in the first place though. It would be good to find out and be able to fix underlying reason rather than using the above mentioned workaround.

WSO2 Carbon 404 Error Redirection for Webapp Deployment?

We are using WSO2 Carbon 4.2.0 through the WSO2 Application Server (AS) package. In replacing an older, highly customized Carbon installation (provided by a company that no longer supports the product, has abandoned it and refuses to work on it, and left us no details on how/what they modified in Carbon), we have deployed a couple web applications in the webapps container as they were deployed before in the older instance. We have changed our WebContextRoot in the carbon.xml from the default "/" to a sub-URL of ex: "/stuff", as is also detailed in the self-answered SO question here. However the answer given there is not detailed in what the OP actually encountered when he modified his WSO2 instance.
In testing the above configuration we noticed that if a user were to go to a non-existent web address on the server, depending on the format of the URL they are either:
redirected to a blank page;
receive a "500 Internal server error" (I suspect this is the embedded Tomcat?);
get sent to the Carbon login page (which we definitely do not want to happen for security reasons); or
get an XML document stating:
<faultString> The service cannot be found for the endpoint reference (EPR) /stuff/services/nonexistantservicename </faultString>
At least in the case of missing content we wish the user to be sent to a standardized 404 error page, or at the least be sent an HTTP 404 error by the server. For services the XML error is palatable, we can deal with that.
The only option for us right now to circumvent this issue is to place a proxy in front of the WSO2 instance, which would be another layer to manage and tune, and possibly degrade performance. Please know that I am not a programmer but just an admin with DevOps experience. I would not know how to handle this with e.g. a Java solution or re-coding parts of WSO2. Customizing the core product would also hamper future upgrades of WSO2, a scenario we are trying to dig ourselves out of now as detailed above. Is there no internal WSO2 mechanism to handle non-existent content? Can we not redirect any errors to a standard canned response page?