Working from the Bugzilla API, I've written a quick Perl script to clone a Bugzilla Product (recreating all the Components under their new Product). The Bugzilla Perl API is quite easy to use from the command line. I could have just worked on the database directly, but I wanted a longer-term solution. Another option was the webservice, but I thought I'd try using the API directly this time.
The one problem I'm running into is authenticating as my Bz admin user so I can create the new components. Looking at Bugzilla's Bugzilla.pm file, I see that they just run login() from a Bugzilla::Auth object. I'm not sure how to get the username and password in there. I suppose I could just add the script to the Bugzilla admin interface...
Can any of you point me in the right direction?
Oh, I'm being rather ignorant today, I focused on "web services" and didn't understand what you really wanted.
If you're just using the API to communicate with the database (as opposed to manipulating the database directly), do you really need to authenticate as any user at all?
In the 3.2 source tree, look at merge-users.pl for instance, which uses Bugzilla::User objects. Couldn't you do the same with Bugzilla::Component?
You should also look at sanitycheck.pl, which uses Bugzilla->set_user.
There's been some significant upgrades in the web services capabilities since 3.2, can you upgrade?
In 3.6 at least, check out contrib/bz_webservice_demo.pl for how to use the User.login method.
http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla/WebService/User.html
The following code snippet might enter the question.
Here we check also that the user has the correct "editcomponents" credential.
my $user = new Bugzilla::User({ name => $login })
|| ThrowUserError('invalid_username', { name => $login });
# Authenticate using this user account.
Bugzilla->set_user($user);
$user->in_group('editcomponents')
|| ThrowUserError("auth_failure", {group => "editcomponents",
action => "add",
object => "products"});
Related
I am trying to learn integration of buji-pac4j. I already tried demo version which is provided on following URL https://github.com/pac4j/buji-pac4j-demo but it is seem to be working for me partially. (there is some issue from ops side to give me correct call back url).
So far I can notice handshake is happening using demo code.
I’m now trying other way as it is been provided in the documentation that is client.
As per documentation:
A Client represents an authentication mechanism. It performs the login process and returns (if successful) a user profile.
My class has now following details
OidcConfiguration oidcConfiguration = new OidcConfiguration();
oidcConfiguration.setClientId("someClientIDString");
oidcConfiguration.setSecret("someClientSecretString");
oidcConfiguration.setDiscoveryURI("https://development.domainName.com/projectName/idp/.well-known/openid-configuration");
oidcConfiguration.setScope("openid email hrauser hrainfo");
oidcConfiguration.setCallbackUrl("http://localhost:8080/callback");
OidcClient oidcClient = new OidcClient(oidcConfiguration);
Config config = new Config(oidcClient);
config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN"));
OidcAuthenticator OidcAuthenticator = new OidcAuthenticator(oidcConfiguration);
Above is mostly setting variable in the class,
What am not able to figure is out how above will actually go and talk to openID server.
What all part I am missing.
I am going through the documentation provided on https://github.com/bujiio/buji-pac4j but it is not clear to me on the flow.
Any kind of help or direction will be appreciated.
PS: I am quite new in this area so request to bear with me.
So, I wanted to create a new social media app using Swift and Parse. When I go to the Parse site, and click on dashboard, it gives me a login screen. I don't have an account, so I click on the "I don't have a parse account" button. When I click on that, it just takes me back to the home page. I did manage to get the code and frameworks and stuff that I needed from the docs, but that didn't quite work. It gave me this for the initialize code:
let configuration = ParseClientConfiguration {
$0.applicationId = "YOUR_APP_ID"
$0.server = "http://YOUR_PARSE_SERVER:1337/parse"
}
In the tutorial I'm watching, rather than "YOUR_APP_ID" and "http://YOUR_PARSE_SERVER:1337/parse" it just had a bunch of letters and numbers, which I would assume are the app ID and Parse server. My guess is, that I need an account to get those. Would that be correct? And, does anyone know why I can't seem to get an account? Thanks.
Parse.com is shutting down, so that's why you are not allowed to create new accounts on the service. Check the blog post.
They open sourced a nodeJS implementation, which you should definitely check out at link, and here is an example to get you started. You can easily use the deploy buttons to host the server on services like Heroku, AWS, Azure, etc. You can also deploy a server locally, for testing purposes.
Although it's true that Parse is discontinuing early next year, you can still setup a new app if you want to use the service for a shorter term project. Replace your code with the following.
Parse.setApplicationId("YOUR-APP-ID", clientKey: "YOUR-CLIENT-ID")
You can find your App ID and Client ID in your app's settings > security & keys.
EDIT: You definitely need an account for this to work.
I was trying out the new enhanced revocable sessions in Parse on my Android app. It works well when logging in or signing up via email password or facebook but doesn't work well for custom authentication, e.g. google+.
I'm currently logging in the user using the cloud code which also creates the new user when signing up. This does not create a new Session object, that means the new enhanced sessions are not used and it still uses the legacy sessions.
I pass the session token back to client where using the become method the user logs in but it's the legacy sessions.
This feels like the feature is not complete but I would really like to move to the new enhanced sessions with my app. Has anyone worked with them yet? Are there any workarounds using the REST API or by creating the sessions manually and handling them manually? I looked into the JS API but it says it's only read only.
Here's the Blog post on Enhanced Sessions.
Where should I go next?
Yes, I found a solution but it's a workaround, works for my case because I don't support signing up with user/password.
Basically, the solution (cloud code) in semi pseudo-code is:
Fetch the user with master key
Check if user.getSessionToken() has value
if it has, return the session token and do a user.become() in the client as usual
if it's not, here the workaround, do the following:
yourPreviousPromiseInOrderToChainThem.then(function(user)
password = new Buffer(24);
_.times(24, function(i) {
password.set(i, _.random(0, 255));
});
password = password.toString('base64')
user.setPassword(password);
return user.save();
}).then(function(user) {
return Parse.User.logIn(user.get('username'), password)
}).then(function(user) {
var sessionToken = user.getSessionToken();
// Return the session token to the client as you've been doing with legacy sessions
})
That means, I'm changing the user password each time in order to make a remote login and, of course, I know thist can't be applied to all cases, it's enough for app because I don't support login with user/password (only third party logins) but I understand that maybe it's not for all cases.
I got the idea from this official Parse example.
I don't like this solution because I think is not a workaround, it's a mega hack but I think there is no other way to do it currently (either Parse.com or Parse-Server)
If you find other workaround, please, share it :)
We are trying to get this working in JBoss EAP 6.2 but for the moment we haven't been able to find the reason why it is failing.
In our application, super users are able to decide which role they want to use after login in the application. So first the user will have a role and then we want to change it. For this we are doing the following:
Subject sub = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
for (Principal p : sub.getPrincipals()) {
if ("Roles".equals(p.getName())) {
SimpleGroup group = (SimpleGroup) p;
group.removeMember(new SimplePrincipal(CONSTANT_SUPER_USER));
group.addMember(new SimplePrincipal(authorizationRole));
}
}
This is actually changing the role in the Subject. But afterwards when the authorization is being checked we get the following in the server's log:
[org.apache.catalina.authenticator] (http-/0.0.0.0:8080-11) We have cached auth type LOGIN for principal GenericPrincipal[userName(superuser,)]
As you can see, it is still getting the old value after modifying it.
We are using our own class extending SimplePrincipal. Checking the content of Faces.getRequest() we have seen that the request contains an userPrincipal of type JBossGenericPrincipal and inside it, it contains our extended SimplePrincipal. Checking both of them we have seen that:
JBossGenericPrincipal.roles contains superuser
JBossGenericPrincipal.subject.principals contains the modified SimpleGroup with the new authorization role
Just for your information, we had this working on Wildfly first and it worked perfectly, but we had to change to JBoss and found that this wasn't working properly. So we think it has to be something related to this specific JBoss version.
Has someone faced this problem? Any idea why this might be failing? I guess we need to put the correct role in JBossGenericPrincipal.roles somehow, but... how?
Any help is appreciated. Thanks!
Seems Red Hat doesn't recommend changing the roles after the authentication has been done. So the only solution was to logout and re-login the user with the new role.
I am using HttpServletRequest.login() method provided by servlet 3.0 in a Java EE-container (jdbc-realm) and all works fine.
According to this [Java EE 6: How to implement "Stay Logged In" when user login in to the web application, I have implemented a remember-me-method.
However I stuck with the following in the filter-class:
if (user != null) {
request.login(user.getUsername(), user.getPassword());
request.getSession().setAttribute("user", user); // Login.
addCookie(response, COOKIE_NAME, uuid, COOKIE_AGE); // Extends age.
}.
I have a jdbc-realm with encrypted pw, how can I make the container-managed-authentication via rememberMe? user.getPassword() needs the clear (unhashed) pw which I cannot know! I do not want to store clear passwords in the db.
If the ready-use login module that you use only accepts the clear (unhashed) password, then you probably would need to modify it, and then install that modified version.
Your existing JDBC-realm most likely has a vendor specific login module, but Java EE 6 does have a standardized dedicated API for building login modules (auth modules), which is called JASPIC. See this article for some background.
Incidentally for a OmniFaces sub-project called OmniSecurity we have been prototyping a JASPIC auth module which also supports remember me. It's open source so you could use it for inspiration.