HTTP access is forbidden error when unlocking account over HTTPS - express

I am building an Express Application that tries to deploy a Smart Contract in a Quorum Blockchain running in Openshift.
When I run the Application it tries to unlock an account to deploy the contract with.
At this step I get the following error:
# UNLOCKED FAILED.
Error: Returned error: account unlock with HTTP access is forbidden
[0] at Object.ErrorResponse (/.../my-project/node_modules/web3-core-helpers/src/errors.js:29:16)
[0] at /.../my-project/node_modules/web3-core-requestmanager/src/index.js:140:36
[0] at XMLHttpRequest.request.onreadystatechange (/.../my-project/node_modules/web3-providers-http/src/index.js:96:13)
[0] at XMLHttpRequestEventTarget.dispatchEvent (/.../my-project/node_modules/xhr2-cookies/dist/xml-http-request-event-target.js:34:22)
[0] at XMLHttpRequest._setReadyState (/.../my-project/node_modules/xhr2-cookies/dist/xml-http-request.js:208:14)
[0] at XMLHttpRequest._onHttpResponseEnd (/.../my-project/node_modules/xhr2-cookies/dist/xml-http-request.js:318:14)
[0] at IncomingMessage.<anonymous> (/.../my-project/node_modules/xhr2-cookies/dist/xml-http-request.js:289:61)
[0] at IncomingMessage.emit (events.js:327:22)
[0] at endReadableNT (_stream_readable.js:1224:12)
[0] at processTicksAndRejections (internal/process/task_queues.js:84:21)
However, the endpoint of my Quorum node is https.
Here is the code causing the error:
const web3 = new Web3(HTTPS_QUORUM_ENDPOINT);
const account = (await web3.eth.getAccounts())[0];
await web3.eth.personal
.unlockAccount(account, ACCOUNT_PASSWORD)
.then((response) => {
console.log("# UNLOCKED. OKAY.");
})
.catch((error) => {
console.log("# UNLOCKED FAILED.");
console.error(error);
});
Am I doing something wrong? Can it be that the openshift gateway to the Quorum pod is not secured, even though the Route is?

the latest quorum release inherits upstream behaviour whereby it disallows unlock via HTTP-RPC for security reasons. There is a command line flag --allow-insecure-unlock which can be passed when starting geth which will re-allow this.
This is described in the upstream geth command line options here: https://github.com/ethereum/go-ethereum/wiki/Command-Line-Options
(Note that geth doesn't actually support HTTPS, so that HTTPS_QUORUM_ENDPOINT must actually be using HTTP, or I'm guessing it uses HTTPS to connect to a reverse proxy which then attaches to geth over the HTTP-RPC port.)

Related

Cro run throwing connection reset by peer

I am trying to implement the Cro Service from the Cro getting started documentation. It compiled fine but when I tried to access the link using browser, it shows cannot reach the site and throws "Connection reset by peer" error with no other details. The code is below:
use Cro::HTTP::Log::File;
use Cro::HTTP::Server;
use Routes;
my Cro::Service $http = Cro::HTTP::Server.new(
http => <1.1>,
host => '0.0.0.0',
port => 3001,
application => routes(),
after => [
Cro::HTTP::Log::File.new( logs => $*OUT, errors => $*ERR)
]
);
$http.start;
say "Listening at http://server:3001";
react {
whenever signal(SIGINT) {
say "Shutting down...";
$http.stop;
done;
}
}
Is there a way to troubleshot this so that I can identify what the actual error is?

Soap client with Node and strong-soap returning error with cerficate

I am using strong-soap (but with node-soap is the same result) node module to connect with soap services.
In the first step I am creating the client and trying to connect one method in this case "doLogin" method.
My code is:
soap.createClient(url, clientOptions, (err, client) => {
var loginApi = { UserName: "xxxx", Password: "xxxxxx" };
var loginUser = {
userName: "comercial#xxxxx.com"
};
client.addSoapHeader(header);
//client.setSecurity(new soap.BasicAuthSecurity(loginApi));
// we now have a soapClient - we also need to make sure there's no `err` here.
client.doLogin(loginUser, (err, result) => {
//'result' is the response body
console.error(err);
console.log("Result: \n" + JSON.stringify(result));
});
But the variable err is returning this error in the console:
{ Error: unable to verify the first certificate
at TLSSocket.<anonymous> (_tls_wrap.js:1105:38)
at emitNone (events.js:106:13)
at TLSSocket.emit (events.js:208:7)
at TLSSocket._finishInit (_tls_wrap.js:639:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:469:38) code:
'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }
and result is undefined.
why is happening this error?
result is undefined by the error?
I have faced same error, unable to verify the first certificate.
This is because of SSL cerficate isnt verified.
Your nodejs script calls your server, it is going to carry out the full TLS check process (as you would hope). This will check the certificates for validity etc.
To work around this issue, you can run the following Steps:
npm config set strict-ssl false
As a best practice, it is wise to set it back to true afterwords so you do not accidentally install an untrusted module that you actually do not trust.
After this,
npm cache clean --force
Add the following environment variable:
NODE_TLS_REJECT_UNAUTHORIZED=0
For Linux:
export NODE_TLS_REJECT_UNAUTHORIZED=0
For Nginx
NODE_TLS_REJECT_UNAUTHORIZED=0
For Window:
this will set for only current command prompt screen,
set NODE_TLS_REJECT_UNAUTHORIZED=0
This has solved issue for me. Please try
Note: Make sure you do not leave this option on in production. Please don't disable TLS checks at all.
FIXED:
I have added correct certificates and rejectUnauthorized: false to create client and added "envelope" directive to the headers and now it is working.
I don´t like the instruction rejectUnauthorized: false by security topics and I would like to know how to remove this in production environment.
Thank you!!

Unable to connect Ganache with Truffle/Npm Dev server

I am able to work with Truffle and Ganache-cli. Have deployed the contract and can play with that using truffle console
truffle(development)>
Voting.deployed().then(function(contractInstance)
{contractInstance.voteForCandidate('Rama').then(function(v)
{console.log(v)})})
undefined
truffle(development)> { tx:
'0xe4f8d00f7732c09df9e832bba0be9f37c3e2f594d3fbb8aba93fcb7faa0f441d',
receipt:
{ transactionHash:
'0xe4f8d00f7732c09df9e832bba0be9f37c3e2f594d3fbb8aba93fcb7faa0f441d',
transactionIndex: 0,
blockHash:
'0x639482c03dba071973c162668903ab98fb6ba4dbd8878e15ec7539b83f0e888f',
blockNumber: 10,
gasUsed: 28387,
cumulativeGasUsed: 28387,
contractAddress: null,
logs: [],
status: '0x01',
logsBloom: ... }
Now when i started a server using "npm run dev". Server started fine but is not connecting with the Blockchain
i am getting the error
Uncaught (in promise) Error: Contract has not been deployed to detected network (network/artifact mismatch)
This is my truffle.js
// Allows us to use ES6 in our migrations and tests.
require('babel-register')
module.exports = {
networks: {
development: {
host: '127.0.0.1',
port: 8545,
network_id: '*', // Match any network id
gas: 1470000
}
}
}
Can you please guide me how i can connect ?
Solve the issue.
issue was at currentProvider, i gave the url of ganache blockchain provider and it worked.
if (typeof web3 !== 'undefined') {
console.warn("Using web3 detected from external source like Metamask")
// Use Mist/MetaMask's provider
// window.web3 = new Web3(web3.currentProvider);
window.web3 = new Web3(new Web3.providers.HttpProvider("http://localhost:7545"));
} else {
console.warn("No web3 detected. Falling back to http://localhost:8545. You should remove this fallback when you deploy live, as it's inherently insecure. Consider switching to Metamask for development. More info here: http://truffleframework.com/tutorials/truffle-and-metamask");
// fallback - use your fallback strategy (local node / hosted node + in-dapp id mgmt / fail)
window.web3 = new Web3(new Web3.providers.HttpProvider("http://localhost:8545"));
}
In your truffle.js, change 8545 to 7545.
Or, in Ganache (GUI), click the gear in the upper right corner and change the port number from 7545 to 8545, then restart. With ganache-cli use -p 8545 option on startup to set 8545 as the port to listen on.
Either way, the mismatch seems to be the issue; these numbers should match. This is a common issue.
Also feel free to check out ethereum.stackexchange.com. If you want your question moved there, you can flag it and leave a message for a moderator to do that.

tokbox : Subscriber time out error on Safari

Using opentok.js v2,  the video channel works fine with Chrome and Firefox . The opentok version used is from this link: https://static.opentok.com/v2/js/opentok.min.js
But it doesn't work with safari 11.0.3.
On session's stream created event, it generates following error message "The stream was unable to connect due to a network error. Make sure your connection isnt blocked by a firewall"
The publisher is published successfully i.e session.publish(..) works fine.
The code below is used to make a video call:
this.session=OT.initSession(this.apiKey, this.sessionId);
this.session.on({
streamCreated: (event) => {
 
this.session.subscribe(event.stream, 'subscriber');
},
streamDestroyed: (event) => {
console.log(`Stream ${event.stream.name} ended because ${event.reason}`);
}
});
this.session.connect(this.token, () => {
this.publisher=OT.initPublisher('publisher');
this.session.publish(this.publisher);
});
}
 
Other exceptions in console generated by opentok.js are as follows: 
[Error] OT.exception :: title: undefined (1554) msg: OT.Subscriber PeerConnection Error: OT.Subscriber failed to subscribe to a stream in a reasonable amount of time
error
_exceptionHandler (vendor.js:150924)
handleJsException (vendor.js:151002)
onPeerConnectionFailure (vendor.js:162673)
(anonymous function) (vendor.js:162414)
onInvokeTask (vendor.js:4239)
runTask (polyfills.js:3:10225)
invokeTask (polyfills.js:3:16182)
n (polyfills.js:2:31400)
[Error] OT_ICE_WORKFLOW_FAILED: ICEWorkflow: Subscriber PeerConnection with connection (not found) failed: OT.Subscriber failed to subscribe to a stream in a reasonable amount of time
error
dispatchOTError (vendor.js:159161)
(anonymous function) (vendor.js:160080)
handleThisOnce (vendor.js:137437)
(anonymous function) (vendor.js:137675)
onInvokeTask (vendor.js:4239)
runTask (polyfills.js:3:10225)
invokeTask (polyfills.js:3:16182)
n (polyfills.js:2:31400)
[Error] OT.exception :: title: undefined (1554) msg: ICEWorkflow: Subscriber PeerConnection with connection (not found) failed: OT.Subscriber failed to subscribe to a stream in a reasonable amount of time
error
_exceptionHandler (vendor.js:150924)
handleJsException (vendor.js:151002)
dispatchOTError (vendor.js:159163)
(anonymous function) (vendor.js:160080)
handleThisOnce (vendor.js:137437)
(anonymous function) (vendor.js:137675)
onInvokeTask (vendor.js:4239)
runTask (polyfills.js:3:10225)
invokeTask (polyfills.js:3:16182)
n (polyfills.js:2:31400)
 
 
All the above errors  are generated only on Safari browser. 
You need to make sure you have created a Safari Project in your OpenTok Account Portal. More details at https://tokbox.com/developer/sdks/js/safari/
It looks like you're using a polyfills.js file. If that is the polyfill from Angular that includes zone.js then you will need to include the fix for RTCPeerConnections 'zone.js/dist/webapis-rtc-peer-connection' in your polyfills.js file.
import 'zone.js/dist/webapis-rtc-peer-connection';
You will also probably want to include the polyfill for getUserMedia. More details at https://github.com/angular/zone.js/issues/948#issuecomment-357558384

Express server crashing due to MongoDB connection loss

I am having issues with an HTTP Node.js server built with:
Ubuntu 14.04
MongoDB 3.0.4
iojs v2.3.3
express=4.10.*
mongodb=1.4.34
The following middleware are being used:
app.use(response_time());
app.use(body_parser.urlencoded({extended: true}));
app.use(body_parser.json());
var MongoClient = require('mongodb').MongoClient;
app.use(function (req, res, next) {
var connection_options = {auto_reconnect: false};
MongoClient.connect(config.server.db, connection_options, function (err, db) {
if (err) {
log.error(err); // Logging error.
return next(err);
}
req.db = db;
next();
});
});
The server started running at 20:40:10 and successfully handled multiple requests.
At 02:59:02, the following error started to get logged on every request:
02:59:02.114Z ERROR CrowdStudy: failed to connect to [127.0.0.1:27017]
Error: failed to connect to [127.0.0.1:27017]
at null.<anonymous> (/home/ncphillips/Projects/crowdstudy/node_modules/mongodb/lib/mongodb/connection/server.js:555:74)
at emitThree (events.js:97:13)
at emit (events.js:175:7)
at null.<anonymous> (/home/ncphillips/Projects/crowdstudy/node_modules/mongodb/lib/mongodb/connection/connection_pool.js:156:15)
at emitTwo (events.js:87:13)
at emit (events.js:172:7)
at Socket.<anonymous> (/home/ncphillips/Projects/crowdstudy/node_modules/mongodb/lib/mongodb/connection/connection.js:534:10)
at emitOne (events.js:77:13)
at Socket.emit (events.js:169:7)
at emitErrorNT (net.js:1237:8)
My initial suspicion was that I was that the connection pool was filling up because I don't have anything to handle calling req.db.close(). I thought that passing in the options {auto_reconnect: false} would fix this issue by automatically closing the connection after some time, but it seems I was wrong.
Note that restarting the server fixes the issue, so I believe the problem has to do with Node rather than Mongo.
If this has to do with the connection pool, is there some setting I can pass to fix this, or can I have an end-ware that makes sure the connection always gets closed?
Thanks a lot to anyone who can help me out!
autoReconnect is an option that should be passed to the server configuration:
MongoClient.connect(config.server.db, {
server : { autoReconnect : false }
}, ...);
The documentation contains some errors: it states that the default setting is false (which it isn't), and it also states that autoReconnect should be set in an object called socketOptions (which it shouldn't).
You can add various event listeners to the db object that gets passed back, to detect when the connection to the database got closed/reconnected/...:
db.on('close', function(reason) { ... });
db.on('reconnect', function(db) { ... });
More events here.