I need to execute a realm-cli command (disable or delete a user) from a mobile application that uses RealmDB, i didn't find any part of the docs that was related to do it.
I thought that i can use mongoClient but i didn't find any methods that allows me to execute raw cli commands.
I need to execute commands like:
realm-cli users disable --app=<Your App ID> --user=<User ID>
Font:
https://docs.mongodb.com/realm/users/delete-or-revoke/
Is there any other way ?
You may need to host the realm-cli and write a HTTP interface middleware to make these call.
I don't believe you can run the application on a mobile application as you would need access to spawning libraries. realm-cli is available open source so it would be possible to port the application to something like C++ (from golang) to make it executable for something like Android or iOS - but it may be cheaper to just buy a VPS somewhere (or even host it locally for a spell) and just pass the arguments to a web route.
Related
Forms 12.2.1.4. Using web.show_document I see different behavior when running the Forms using Java Plugin (JPI) or using Java Webstart (JWS).
Same form, when run using JPI, web.show_document tries to open: http://server:port/forms/ + (uri you send in web.show_document ('uri').
That same form, when run using JWS, tries to open: http://server:port/forms/java/ + (uri you send in web.show_document('uri')
So:
1.- JWS uses as base url http://server:port/forms/java, while JPI http://server:port/forms/
Do you know the reason? I have a testcase and reproduce internally....I see no differences in configuration between JPI and JWS config.
2.- Another option to solve this could be use a different web.show_document call depending on wheter form is being run using JPI or JWS..... Is there a way to check at runtime if forms is being run using JWS or JPI?
I don't see it possible using get_application_property().
Thanks in advance.
Using below code solved my problem:
WEB.SHOW_DOCUMENT('/'||:block3.item4);
I have built the latest version of wso2 emm android agent (cdmf-agent-android v3.1.30) and got some initial tests working in BYOD mode with IoT server 3.1.0
When built for COSU it is waiting for provisioning with another device via NFC. But I want to provision devices without NFC. What options do I have? Could I trigger programmatically a custom provisioning option?
There are some options to do this, depending on your android version.
I will start with the simplest option. If you have Android 7+ you can use QR Code provisioning, this follows the exact same process as NFC provisioning. You can see some specifications from Google regarding this.
The second option is a bit trickier and requires some custom dev on your side. First thing to to make your device a Device Owner (Which is needed for COSU mode, read up about Device Owner here). Using the command: adb shell dpm set-device-owner org.wso2.iot.agent/org.wso2.iot.agent.services.AgentDeviceAdminReceiver
Note: Only one device owner can be set, to remove a device owner the device has to be factory reset.
Once this is done you can launch your app using adb shell am start -n "org.wso2.iot.agent/org.wso2.iot.agent.activities.SplashActivity".
The above will get your app to run correctly but now it has to authenticate itself to communicate to the server. When using NFC provisioning an Access Token is delivered in the Extra Bundle as 'android.app.extra.token', you can insert this extra in the launch intent as follows: adb shell am start -n "org.wso2.iot.agent/org.wso2.iot.agent.activities.SplashActivity" --es android.app.extra.token generated_access_token. You will have to edit the SpashActivity class to accept this token and follow the general authentication processes built into the app.
This may be a little bit late but I hope it is still helpful!
Some extra information you may appreciate, here is a string representation of the NFC message used, these are the specifications set in the NFC Provisioning App:
`
#Thu Apr 12 13:42:11 GMT+02:00 2018
android.app.extra.PROVISIONING_LOCAL_TIME=1523533331087
android.app.extra.PROVISIONING_TIME_ZONE=Asia/Colombo
android.app.extra.PROVISIONING_SKIP_ENCRYPTION=true
android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE=WPA
android.app.extra.PROVISIONING_WIFI_PASSWORD=PASSWORD
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION=LOCATION_OF_APK
android.app.extra.PROVISIONING_WIFI_SSID="WIFI_SSID_NAME"
android.app.extra.PROVISIONING_LOCALE=en_US
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM=E8PtiqUOcqKi5IXeRBF-5Br0zXg
android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE=\#admin extras bundle\n\#Thu Apr 12 13\:42\:11 GMT+02\:00 2018\nandroid.app.extra.token\=GENERATED_ACCESS_TOKEN\n
android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME=org.wso2.iot.agent
`
An example of a QR Code representation would be:
`
{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "org.wso2.iot.agent/org.wso2.iot.agent.services.AgentDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "CSGeivCEHdJrPT0qy4W67LZSy32Fus7GyUn0jE5o028",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "APK_DOWNLOAD_LOCATION",
"android.app.extra.PROVISIONING_SKIP_ENCRYPTION": false,
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME": "org.wso2.iot.agent",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"android.app.extra.token":"GENERATED_ACCESS_TOKEN"
}
}
`
I'm playing with chimp testing tool. At the moment I can easily run cucumber and mocha tests. The problem is that I don't know how to add DB fixtures. I'd like to have initial data before running some tests (e.g. add test user into system).
BTW that data can be added only by authenticated user and users can be create only by admin or from server level.
Can't find any docs about this for now. Any suggestions?
If you are using Meteor, you can pass the DDP parameter on the command line --DDP=http://localhost:3000 and then use server.execute to run code on the server. This code can then setup data.
If you are not using Meteor, you can use a HTTP call using request.get('http://localhost:8080/addUser').
Through HTTP / DDP you can access the server and create a testing backdoor to setup the data you need.
Is there a way to interact with Yii on the command line with a console like rails console? I'd like to test DB and ActiveRecord calls.
You can install yii-shell. It's made by the Yii team. It works like rails console
EDIT:
Sorry, I worked from the documentation of yii-shell which is - at the time of this writing - but a promise.
This is how you can get a proper REPL working in Yii 2.
First, we would need to get Psysh. You can install it globally to play with it, but I recommend adding the following line to your composer.json
require-dev: {
// ... some other packages ...
"psy/psysh": "0.7.2"
}
Run composer update to get this package installed.
Now we need to add this to a controller. The way to call up the break point from a controller is eval(\Psy\sh());.
Note that this would invoke the console for debugging. So if your app is served with Apache, Nginx, or any other server which is not tied to an interactive console, this is pointless
For this to work, I have served the application using PHP's inbuilt server and Yii's wrapper for it.
In Yii Basic App template...
cd /path/to/application
./yii serve localhost:12345
In any controller, ...say controllers/SiteController.php
public function actionIndex()
{
eval(\Psy\sh()); // <-- debugger point
return $this->render('index');
}
When you access this action via tha URL, it would hang on your browser. If you check back in the console, you would see an interactive shell which should work like rails c. Checkout the Psysh Documentation for more details. To exit this interactive console, type exit; this should return control back to PHP's inbuilt server. Do not exit the interactive console with Ctrl-C as this would close the PHP's inbuilt server also.
In Yii Advanced App template...
Serving the application does not work at the moment since it defaults to serving the contents of console/web which doesn't exist. I have raised an issue with Yii; you can follow along there if it interests you.
However, if you have console controllers, you can do the same thing we did for the basic app. When you run the console command, you should be presented with the same interactive debug console.
1) Install https://github.com/yiisoft/yii2-shell
composer require yiisoft/yii2-shell
2) ./yii shell
I'm trying to run a process with elevated privileges - specifically OpenVPN, which requires root privileges to add routes to the system.
Looking around for existing examples around leads me to AuthorizationExecuteWithPrivileges, which seems to be now deprecated.
I tried the new SMJobBless method but I have a few questions regarding its viability for this purpose. As I understand it, I can create a separate privileged tool and communicate with it via sockets to ask the tool to perform privileged commands. However, I can't seem to figure out how I can start the OpenVPN process and capture its standard output in real time doing it this way as the main application would not be starting the process itself.
Another option is to use setuid on the OpenVPN executable. Could I possibly use the helper installed by SMJobBless to set the file permissions and setuid on the executable, then run it normally via NSTask?
Edit:
Lastly is there some way to just run one single command with privileges without having to install anything permanently? Although this new method is more secure, it seems very heavy handed.
I managed to go the SMJobBless method by using a helper and communicating it with XPC (the method shown on Nathan de Vries's Blog). Using this helper I set the permissions on the external process to 04555 (setuid, rx). Then the SMJob is removed as it is no longer required. Essentially emulating an "one-off" privileged job.
Following that I was able to use NSTask to start the process and capture its output in my main application.
Additionally I have a check at the start to see if the permissions are set right on the executable, if not the SMJob helper is re-blessed and permissions set.
If anyone has a cleaner solution, feel free to share. Thanks!
I had the same problem as you, needed it for a OpenVPN Manager App for MacOs X. Your solution is far from optimum because you open the openvpn binary for everyone setting setuid root.
This is a security hole and should be avoided, as it is totally unnecessary when you are using smjobbless helper. This helper runs as root and could do everything you want for you and with administrative privileges, so you can launch openvpn via this helper without setting setuid root on openvpn binary.
Apple designed this process as only your App, the Main App, can communicate with this helper as your Main App and your helper are signed with your developer certificates.
Any malicious App can't use this helper.
When you look at Nathans code you see, that he managed it to send messages to this helper and to get answers from this helper.
In his example there is sth like "Hey there Helper App" and the answer is "Hey there Host App".
So to get sth useful out of this you only have to send commands to the helper app, extract these commands on helper side and launch them with elevated privileges as the helper App runs with elevated privileges.
Look at Nathans code, there is sty like (in smjobblessappcontroller.m):
xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0);
const char* request = "openvpn --config OpenvpnConnection.ovpn";
xpc_dictionary_set_string(message, "request", request);
[self appendLog:[NSString stringWithFormat:#"Sending request: %s", request]];
xpc_connection_send_message_with_reply(connection, message, dispatch_get_main_queue(), ^(xpc_object_t event) {
const char* response = xpc_dictionary_get_string(event, "reply");
[self appendLog:[NSString stringWithFormat:#"Received response: %s.", response]];
});
With this you send the openvpn command to your helper App. You only have to extract this command on helper side to launch the process with elevated privileges.
Look at smjobblesshelper.c and do sth like (in __XPC_Peer_Event_Handler else branch):
const char *response = xpc_dictionary_get_string(event, "request");
In string response you have your openvpn command, now simple launch it:
system(response);
Thats all, this goes with elevated privileges. Now you can use this in your App perhaps in an IBAction push button in your main app, to start openvpn connections as you want every time a user clicks this button.