Bypass ACL to run update using itemsService - directus

I'm trying to run a public endpoint that update a collection item. I'm using itemsService->update() but I'm getting a ForbiddenCollectionUpdateException error.
{
"error": {
"code": 302,
"message": "Updating item from \"products\" collection was denied",
"class": "Directus\\Permissions\\Exception\\ForbiddenCollectionUpdateException",
"file": "/var/www/app/src/core/Directus/Permissions/Acl.php",
"line": 1044
}
}
I tried setting the user as admin using this snippet:
$this->_acl->setPublic(false);
$this->_acl->setUserId(1);
$this->_acl->setCollectionPermission('products', $this->_acl::PERMISSION_FULL);
When I dump the value of $this->_acl, I can see that globalPermissions for product is added BUT when I tried the endpoint the exception still persist.
Any idea on how I could accomplish this?
TIA

Are you running this in an endpoint?
Try using the following syntax (setting ACL to null for me seems to bypass ACL authentication but still use the access_token for Directus activity and revisions purposes):
$container = \Directus\Application\Application::getInstance()->getContainer();
$dbConnection = $container->get('database');
$acl = $container->get('acl');
$tableGateway = Directus\Database\TableGatewayFactory::create('COLLECTION_NAME', [
'connection' => $dbConnection,
'acl' => null (false)
]);
Documentation: https://docs.directus.io/advanced/api/data.html#fetching-data-within-hooks-and-endpoints

Related

Strapi API register returning a 400 error

I’ve been creating a web app with a login and a registration function and so far everything has been going great. I managed to connect the app to the api/auth/local api endpoint and send some nice post requests.
Now, I’ve been trying to send requests to the http://localhost:1337/api/auth/local/register endpoint and without any success. I’ve been doing this according to:
https://docs.strapi.io/developer-docs/latest/plugins/users-permissions.html#registration
I keep getting a 400 error:
{
"data": null,
"error": {
"status": 400,
"name": "ApplicationError",
"message": "An error occurred during account creation",
"details": {
}
}
}
If I try to send a request with an email that’s already registered in strapi, the response will give me the correct error:
{
"data": null,
"error": {
"status": 400,
"name": "ApplicationError",
"message": "Email is already taken",
"details": {
}
}
}
In the public and authenticated user roles, I’ve allowed every single one of them, for now.
Enable confirmation emails are set to false.
Email confirmation
Public user permission
For the headers, I’m using Content-type : application/json
the raw json body I'm posting:
{
"email": "manager1#strapi.io",
"password": "testtest1",
"username": "manager1"
}
This is my first project with strapi and so far it went pretty well. I’m not sure if I’m missing out on something or if I’m doing something else wrong.
Any help is appreciated!
I figured it out, it wasn’t as complicated as I expected.
In the user I had different fields, like firstName, lastName etc. All of these fields were required.
I made the fields not required, and now it works.

AWS S3 getBucketLogging fails when called from lambda function

I am trying in an AWS lambda to get the bucket logging settings for my buckets. For this I enumerate the buckets with S3.listBuckets() - which works just fine. I then iterate over the bucket names like this (Typescript):
const bucketNames = await getBucketNames() // <- works without problems
for (const bucketName of bucketNames) {
try {
console.log(`get logging for bucket ${bucketName}`) // <-- getting to this log
const bucketLogging: GetBucketLoggingOutput = await s3.getBucketLogging({
Bucket: bucketName,
ExpectedBucketOwner: accountId
}).promise()
// check logging setup and adjust if necessary
} catch (error) {
console.log(JSON.stringify(error))
}
}
The call to getBucketLogging() fails
{
"message": "Access Denied",
"code": "AccessDenied",
"region": null,
"time": "2022-07-19T11:16:26.671Z",
"requestId": "****",
"extendedRequestId": "****",
"statusCode": 403,
"retryable": false,
"retryDelay": 70.19937788683632
}
The accountId that is passed in is definitely right (it's optional anyway); the lambda is in the same account as the bucket owner (which is the sole condition described in the docs at https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#getBucketLogging-property).
When doing this call from a terminal CLI I have no problems to get results, only when running from a lambda.
What am I missing or overseeing?
You should make sure to attach the respective IAM permissions to your lambda function. Just because you have the s3:ListBuckets role doesn't mean that it is also permitted to perform the same for the BucketLogging information. Please refer to the following docs for more details on S3 IAM actions: https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html

Mimecast API authentication issue

trying to connect to endpoint with all needed headers defined:
https://us-api.mimecast.com/api/login/login.
Error message receieved : 0018 Client update required
Did anyone encounter/solve this issue?
{
"meta": {
"status": 401
},
"data": [],
"fail": [
{
"key": {
"username": "datadash#itprosusa.com",
"tokenType": "key",
"verifyOnly": false
},
"errors": [
{
"code": "err_xdk_client_update_required",
"message": "0018 Client update required",
"retryable": false
}
]
}
]
}
I came across the same error message when trying to get Access key and Secret Key. You can actually get these in the Mimecast portal UI by going to: Administration | Services | API Applications, then Add API Application fill in the details and wait 30 minutes. After 30 minutes click on your newly created API application and select Create Keys, fill in the required information and it will provide you with your Access key and Secret key used for API calls.
If this doesn't answer your question or help you I would suggest getting in contact with Mimecast Support, they are usually pretty good!

Getting 400 Bad Request Error for MSGraph's create subscription api [Error Code - ExtensionError]

Trying to create a subscription to get a channel for msgraph one drive notifications for file creation/upload.
I am hitting the URL -
https://graph.microsoft.com/v1.0/subscriptions
with proper headers and the following body -
{
"changeType": "updated",
"notificationUrl": "https://xxxxx.xxxxxxxxx.com/zzzz/qwertqwert",
"resource": "/users/{user-id}/drive/root",
"expirationDateTime": "2017-02-18T19:49:40.000Z",
"clientState": "justsomerandomstring"
}
I am getting the following response :
400 Bad Request Error
{
"error": {
"code": "ExtensionError",
"message": "Operation: Create; Exception: [Status Code: BadRequest; Reason: Bad Request]",
"innerError": {
"request-id": "2862896286-5415-4921-gbn5-8741288985",
"date": "2017-02-17T17:30:22"
}
}
}
I was making the same request 30-32 hrs back. Was getting the subscription-id as well as the file notifications on my redirection servlet.
Not able to figure out what changed. Couldn't find any helping documentation either
Got the same error here and it took me a while to find out what is the problem so I share this with you here.
Here's the working code:
$subscription = new Subscription([
'resource' => "me/mailFolders('Inbox')/messages?filter=id eq %27" . $draftEmail->getId() . '%27',
'notificationUrl' => 'https://my.domain.fr',
'changeType' => 'updated',
'expirationDateTime' => date(DATE_ISO8601, strtotime('+48 hours'))
]);
The line which was wrong for me is:
'resource' => 'me/messages/' . $draftEmail->getParentFolderId(),
And i replace it with
'resource' => "me/mailFolders('Inbox')/messages?filter=id eq %27" . $draftEmail->getId() . '%27',
I found my answer in this link: https://msdn.microsoft.com/en-us/office/office365/api/notify-rest-operations#subscribe-to-changes-in-my-mail-calendar-contacts-or-tasks
But in my opinion the "resource" parameter should be more documented on graph api documentation and the error message return must specify WHY this is a BadRequest.
Using beta api version solved my problem,
https://graph.microsoft.com/beta/subscriptions

Pushwoosh can not delete message created by API

EDIT: as noted in the answer below, this was a problem on the pushwoosh side, it has been fixed!
When I create a push message through the pushwoosh API (using /createTargetedMessage) I'm not able to delete the message through the API. Messages made with the pushwoosh interface can be deleted through the API, no prob...
These are the steps I took to produce this error:
1. Create push message with the following params
{
"request":{
"auth":"AUTH TOKEN",
"send_date":"2015-09-22 15:07",
"content":{
"nl":"teststsdfgh",
"en":"teststsdfgh"
},
"devices_filter":"A(\"8A1EB-4E875\") * T(\"inholidaypark\", BETWEEN, [\"2015-09-22 00:00\",\"2015-09-22 23:59\"]) * T(\"Language\", IN, [\"nl\", \"en\"])"
}
}
2. This returns the following response; the messageCode is stored in our local DB for later use
{
"status":200,
"response":{
"status_code":200,
"status_message":"OK",
"response":
"messageCode":"D3F6-60769243-68B30EA8"
}
}
}
3. Call /deleteMessage with following data
{
"request":{
"auth":"AUTH TOKEN",
"message": "D3F6-60769243-68B30EA8"
}
}
4. API keeps returning:
{
"status_code": 210,
"status_message": "Message not found",
"response": null
}
But when I look at the push history the message is there (with the same messageCode and all). And it can be deleted through the pushwoosh interface, but not through the API.
On a side note: when the message is sent, we can obviously no longer delete it, then the API returns a more or less correct error:
{
"status_code": 210,
"status_message": "Forbidden",
"response": null
}
Just FYI for the rest of the readers, this issue has been identified and fixed on Pushwoosh side.
Move Along, Nothing to See Here. :)