BuildBot close public access - buildbot

By default web interface of BuildBod is a public readable, so anyone can view my builds, etc. I want to close it from guests, so only registered developers will be able to view my BuildBot page.
How can I do it?
I use BuildBot 0.8.9.

I am using Buildbot 0.8.8 and not try to do this, but in Buildbot 0.8.9 documentation there seems a "view" options for authorization, probably this is what you want.
Basic implementation could be like this;
from buildbot.status.html import WebStatus
from buildbot.status.web.authz import Authz
from buildbot.status.web.auth import BasicAuth
users = [('bob', 'secret-pass'), ('jill', 'super-pass')]
authz = Authz(auth=BasicAuth(users),
view='auth' # only authenticated users
...
)
c['status'].append(WebStatus(http_port=8080, authz=authz))

You can also move your buildbot machine under vpn, and give access to developer. This way you can hide BuildBot UI completely from outside. This is how it is done in company I work.

Related

How to give write permission to a team for a repository using Octokit/GitHub API?

I'm using JavaScript and Octokit to dynamically create repositories in an organization and set a series of options.
Everything works, except adding write permissions to a team for the repository created.
Just to be clear, by write permission I mean the ones that can be set through the repository settings:
Settings > Collaborators and teams > Manage Acccess > Role: Write
What I've been trying to use so far, was the octokit.rest.teams.addOrUpdateRepoPermissionsInOrg function in Octokit, documented here, like this:
octokit.rest.teams.addOrUpdateRepoPermissionsInOrg({
org: "org-name",
team_slug: "team-name",
owner: "owner-name",
repo: "repo-name",
permission: "write",
}
When doing this, I receive a Validation Failed error.
Checking the relative documentation on the GitHub API docs, it effectively seems that the valid values for permission are: pull, push, admin, maintain, triage
So I guess that I'm simply using the wrong function.
But what's the correct one to change that kind of permission?
I managed to make it work: apparently, the push permission in the API corresponds to the write permission in the GitHub web interface.
FYI: this seems like a discrepancy, so I opened an issue.

JSON Request is not configure with zap Authentication.

I am using ZAP security testing tool.but at the point of Authentication by username and password of a JSON Request, I face problem to configure these. I checked all links and blogs too. but I can't get the proper step by step solution on it.
Request code:-
{"userName":"cwc_patna","password":"33a0d2e93e0ad396b7c9374bbbc83a58"}
Response code:-
{"userId":72,"userName":"cwc_patna","password":"33a0d2e93e0ad396b7c9374bbbc83a58","emilId":"pratyush#sdrc.co.in","userTypeId":1,"viewName":"cwc","isLive":null,"isActive":null,"isApproved":null,"sjpuAccess":null,"userUserTypeFeaturePermissionMapping":null,"area":null}
That functionality was only just added last week: https://github.com/zaproxy/zaproxy/pull/4624
If you want to use it, you'll either have to use a weekly: https://github.com/zaproxy/zaproxy/wiki/Downloads#zap-weekly
Or, wait for the next full release (likely 2.8.0).
The corresponding PR to update the help content for the new JSON Authentication functionality is here: https://github.com/zaproxy/zap-core-help/pull/188/files if you want to check it out.
You set it up the same way you would for form based authentication. Make sure you define a Logged-in or Logged-out Identifier (or both). Here's some screenshots to help you along:
Manually configure the Authentication for your Context:
Use the Site Tree Context menu(s) to set it up:
Here's an additional help link that might assist you in getting authentication setup: https://github.com/zaproxy/zaproxy/wiki/FAQformauth

Parse Signup Problems

So, I wanted to create a new social media app using Swift and Parse. When I go to the Parse site, and click on dashboard, it gives me a login screen. I don't have an account, so I click on the "I don't have a parse account" button. When I click on that, it just takes me back to the home page. I did manage to get the code and frameworks and stuff that I needed from the docs, but that didn't quite work. It gave me this for the initialize code:
let configuration = ParseClientConfiguration {
$0.applicationId = "YOUR_APP_ID"
$0.server = "http://YOUR_PARSE_SERVER:1337/parse"
}
In the tutorial I'm watching, rather than "YOUR_APP_ID" and "http://YOUR_PARSE_SERVER:1337/parse" it just had a bunch of letters and numbers, which I would assume are the app ID and Parse server. My guess is, that I need an account to get those. Would that be correct? And, does anyone know why I can't seem to get an account? Thanks.
Parse.com is shutting down, so that's why you are not allowed to create new accounts on the service. Check the blog post.
They open sourced a nodeJS implementation, which you should definitely check out at link, and here is an example to get you started. You can easily use the deploy buttons to host the server on services like Heroku, AWS, Azure, etc. You can also deploy a server locally, for testing purposes.
Although it's true that Parse is discontinuing early next year, you can still setup a new app if you want to use the service for a shorter term project. Replace your code with the following.
Parse.setApplicationId("YOUR-APP-ID", clientKey: "YOUR-CLIENT-ID")
You can find your App ID and Client ID in your app's settings > security & keys.
EDIT: You definitely need an account for this to work.

Automating Facebook Login with Selenium Webdriver

I am looking to introduce Facebook login/sign up tests into a Webdriver suite for a C# application.
Facebook Developers has an article on manual verification, but does not seem to reference any procedure for automating these tests. I could simply write the steps indicated but I would like to avoid running scripts on the Facebook UI, especially when it involves creating test users.
Looking through a few previous answers, it appears that Facebook had an automation solution a few years ago, but I can no longer find any reference to it anywhere.
Has anyone had any experience automating Facebook Connect login or sign up? Any tips or strategies you can share would be greatly appreciated.
The first thing you probably want to do is create test users.
The Facebook API lets you do this easily;
https://developers.facebook.com/docs/graph-api/reference/v2.0/app/accounts/test-users
This will give you a login url which should result in automatic login and as result drop a cookie which should help you avoid manual login within your application.
The api also allows you to create relationships and publish events
You can connect to Facebook by logging in automatically using Selenium, I wrote it in Java.
It roughly looks like this:
void login()
{
if(isElementFound(EMAIL_FIELD))
driver.findElement(EMAIL_FIELD).sendKeys(username);
if(isElementFound(PWD_FIELD))
driver.findElement(PWD_FIELD).sendKeys(password);
if(isElementFound(LOGIN_BUTTON))
driver.findElement(LOGIN_BUTTON).click();
if(waitForElement(MENU, 30))
System.out.println("login Successful");
else
System.out.println("login un-successful");
}
#Test
public void facebookLogin() throws Exception {
WebDriver driver = getDriver();
driver.get("http://www.facebook.com");
WebElement email = driver.findElement(By.name("email"));
email.clear();
email.sendKeys("myuser");
WebElement password = driver.findElement(By.name("pass"));
password.clear();
password.sendKeys("mypass");
WebElement loginbutton = driver.findElement(By.id("loginbutton"));
loginbutton.click();
System.out.println("done!");
}
When I needed to do this, the option of creating test users was not sufficient - they were too short lived and we needed time to populate them with a particular set of attributes.
We ended up setting up servers that mocked the parts of the Facebook APIs that were exercised in our tests. We then redirected the test environment to resolve the facebook domain names to our those servers. It was not easy, but this approach had several advantages
We could populate the users as we pleased without worrying about them disappearing
We could have as many as we wanted
We could control the performance of the FB APIs - and capture metrics on that performance during the test. If something was slow, we could be sure it wasn't a FB hiccup. If we wanted to test what happened to the target app if FB got slow, we could do that, too.

Jenkins embeddable build status icon not shown

I want to use the Embeddable Build Status Plugin for Jenkins. I am using Cloudbees. I granted Job/ViewStatus permissions to the anonymous user. When I add the Markdown to the README.md no icon is shown. I tried both the protected and the unprotected link.
# protected
[![Build Status](https://johnjohndoe.ci.cloudbees.com/job/TypedPreferences/badge/icon)](https://johnjohndoe.ci.cloudbees.com/job/TypedPreferences/)
# unprotected
[![Build Status](https://johnjohndoe.ci.cloudbees.com/buildStatus/icon?job=TypedPreferences)](https://johnjohndoe.ci.cloudbees.com/job/TypedPreferences/)
By default DEV#cloud Jenkins instances are not visible, at all, to anonymous users. If you have configured role-based security and want anonymous users to have the selected roles, configure your system and check the box Enable read-only access for anonymous users.
Well, the question has been asked some time ago, but for others reaching it here, having the problem, that the image is still not shown within the Readme.md on GitHub/GitHub-Enterprise after performing the above mentioned configuration:
Make sure that both services are using the same protocol. In my case, we had GitHub-Enterprise running under HTTPS and Jenkins was running on HTTP.
The badge will not be shown in this case because of the possible security breach introduced by mixed content. You will find an appropriate error message in the console output of your browser (i.e. F12 in Chrome):
Mixed Content: The page at 'https://.../README.md' was loaded over HTTPS,
but requested an insecure image 'http://.../job/master/badge/icon'.
This request has been blocked; the content must be served over HTTPS.
It's of course quite obvious but something that can also be easily missed when searching on the wrong track.
I had an issue with space in the project name, so do not forget to replace spaces with %20
example:
[![Build Status](../Long%20Project%20Name/...)](.../Long%20Project%20Name/...)