I tried to use angular form to validate user's input in a "ionic generated component" but error as mentioned in the title kept occurring.
Angular forms and validations used in "ionic generated pages" are working fine.
Any ideas?
Picture of :
HTML Component
Error
TypeScript Component
I managed to fix this by using the solution here https://stackoverflow.com/a/57251807/9516387
Which is:
You checking for the presence of an error where no error might exist.
You want something like this:
f.email.errors?.required
Or even:
f.email?.errors?.required
Do the same for the password field and anywhere else where the property might not exist when it is first called.
You should try to access it by f.controls.recipientName.errors
I am trying to enable PKCE with doorkeeper. I've followed the instructions here:
https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-PKCE-flow
Which is basically just run:
bundle exec rails generate doorkeeper:pkce
However, when I test out the flow I don't see anything getting saved to the new columns that were added to the database from the above command.
I am trying to authorize an app like so:
https://my.authserver.com/oauth/authorize?client_id=<client_id>&redirect_uri=<redirect_uri>&scope=<scope>&response_type=code&code_challenge=test&code_challenge_method=plain
After I authorize I expect the code_challenge and code_challenge_method to be saved in the db but it isn't.
What could I be missing?
Turns out we were overiding the new.html.erb and we weren't passing the code_challenge and code_challenge_method along as hidden form fields.
I copied create form code from view source when user use to logged in and then I created html file from copied code then I logged out and then logged in again. when i submited html file then system accept it witout any csrf checking. not sure where issue is. csrf is enabled also _csrf code also avaiable in view source too
<input type="hidden" name="_csrf" value="ttPy-NP-8FUCQxKczEWgkl66JQfb3JfJHwUOSsi9wjTxkp_LgKqxFFYBQu2iL8T2LIxpQ7Xuzo0ucEYfjPSUBg==">
It resolved reason being it happend becuase csrf validation via cookie so it not clear cookie properly when user logged out. so easy solution for this is do changes in main.php
'request' => [
'enableCsrfCookie' => false,
],
I am not 100% sure if this is as big an issue has I seem to think it is right now but I think I may of found an issue or at else an hole within the Inspect Element viewer within Chrome.
I was using (I have now changed my settings) hidden ID's to set a number of defaults, one was users levels, another was to make the user active by default.
However when I view these ID's within the inspect Element view and then changed the values, submitting the form would submit the NEW value to the server and not the value I had given it.
For Example:
I had something like the following within my code,
<input type="hidden" name="data[user][level][id]" value="1" id="MyID">
I then changed it within the Inspect view to,
<input type="hidden" name="data[user][level][id]" value="2" id="MyID">
Then I submitted the form and was surprised that the NEW value was submitted, I was always under the inpresion that hidden ID's where not changeable and the browser should only submit the default values held within.
I have now changed this to letting the database default to a basic user and then I can change the users setting has I want to. But in some cases this may not be an option, so I was hoping for an answer or some feedback about how to make this more safe.
Am I just a bit slow, are there better methods (different ones) to passing 'hidden' data from forms to the server?
I was thinking about maybe using JQuery to add the needed hidden fields to the forms once the user had selected / submitted the form, but i am not sure if this is 100% safe or even if its a good idea.
Any ideas / feedback are very welcome.....
Many Thanks,
Glenn.
I had the same problem passing the database data into a modal,the solution i know is to use jquery ajax to get the informations from the database requesting a file,adding them into variables and compare the variables
$.ajax({
url: "test.html",
context: document.body
}).done(function() {
$(this).addClass("done");
});
I used this code sample to do it.
Of course there are a few modifications to be done depending on your script
I found a better way of doing this, at lest in CakePHP. The CakePHP framework has inbuilt security calls. These in-built functions when added give you all sorts of stuff but the main reason I used them was to stop this sort of form tampering.
I am not 100% sure how it does this, but it adds a token to all forms and it checks to see if the form being submitted is right? Again not sure how the token works.
But here is the code I used ::
public function beforeFilter() {
$this->Auth->allow('index', 'SystemAccess');
$this->Security->blackHoleCallback = 'blackhole';
}
public function blackhole($type) {
$this->Auth->logout();
$this->Session->setFlash('Sorry a security issue has been detected, please try again or contact us for support.', 'default', array(), 'bad');
$this->redirect($this->Auth->redirect('/'));
}
Now I will add that the call the Auth logout I added to this for extra added security, as the user maybe have logged in on a system and it just not be them that is trying to do things that they should not.
Hope that helps others out!
But this is only a fix for when CakePHP is in use. I would take it that other frameworks would have their options but if your only using basic HTML? or a CMS like Drupal again there might be in built security.
Many Thanks
Glenn.
The only safe and best solution that I found for this issue is to check on the server side whether the user_id sent with the form is the same user_id logged in with or not.
Although using jquery is good idea, but, did not work with my case as am using data: $(this).serialize(),
However here's my code on the server side (Note, am using Laravel 5.4, but am sure it won't matter with your case)
if ($request->user_id != Auth::user()->id)
return json_encode("F**K YOU ! Don't Play Smart -_- !");
else
raw_material_category::create($request->all());
Hope this helped ;)
How can I build the rsa hash of the Typo3 login in php manually? I need to create a spider script which just goes to every site, and the problem is therefor I have to be logged in. So I thought I do the loggin via CURL. But then I saw this rsa hash of the password and now I don't know how to convert a password like "blablabla" into such a rsa hash.
Can anyone help me?
You might find some help out of auto login extension here: http://typo3.org/extensions/repository/?id=23&L=0&q=auto+login
Or debugging tx_rsaauth_sv1::authUser. An RSA-decrypt function is called there. However I don't have the time to really dive into it right now.
Another solution is to login once and save the cookies. Then send those cookies with your CURL request.
To make the cookies valid for a longer period, you could temporarily change the backend session time-out setting before logging in. Like so:
$TYPO3_CONF_VARS['BE']['sessionTimeout'] = strtotime('+1 year')-time();
You can add/change this line in typo3conf/localconf.php (Typo3 < 6) or typo3conf/AdditionalConfiguration.php (Typo3 6+).