My problem is that on my development system, I flushed all my users, and now I don't have the hyperwallet user's id. I could retrieve it from hyperwallet API and put in back in place. But what if I want to recreate the user's hyperwallet account?
The error is "DUPLICATE_EMAIL_REGISTRATION" and I couldn't find a single way of removing the user from hyperwallet.
This is the same for the transfer method which state "DUPLICATE_EXTERNAL_ACCOUNT_CREATION" but I do not have, nor in the API, nor in the sandbox interface, the possibility to remove transfer method.
How do you achieve this ? I'd like to not create a new sandbox account just to start from scratch because once in production, I won't be able to resolve this problem.
EDIT :
The whole documentation doesn't contain a single mention of the possibility to delete an account nor to create a new account with the same email.
Also users contains an attribute "Status" but the "Update user" section doesn't mention possibility to update the said status, and the "status transition" chapter only allow to change the "status" for bank accounts/prepaid card account/paypal account etc. But it doesn't seem possible to change de status of the user itself.
Sorry for the issue, we're actually in the process of rolling out this documentation.
There are 2 ways of solving this:
1) we can close existing accounts for you, so you are able to recreate them
2) we can provide you with a report of existing accounts, so you can backfill your system. Accounts in our system have your reference id (clientUserId) as well as ours (token).
Please contact our Developer Support (devsupport#hyperwallet.com) and please reference to me and add a reference to your question here. We'll be happy to assist you.
Thank you,
Willem
Related
I am trying to use the google classroom API to change the ownership of a class from one ownerId to another in my organisation. What is the code for the update Maskfield in order to only change the ownerId and nothing else?
To achieve your goal. You must utilize the Method: courses.patch endpoint. You can even practice by using the Try this API.
id refers to the course id.
updateMask refers to the attribute you want to modify.
Request body refers to the data you are going to pass to change it. Ex:
{
"ownerId": "email#domain"
}
Then only click EXECUTE and sign in into your account to be able to interact with the API.
Notice
For listing your courses and get their ids. You could use the Method: courses.list endpoint.
You can only transfer course ownership if the other user is a co-teacher.
EDIT
"error": { "code": 400, "message": "#UserInIllegalDomain Invitation
cannot be created for user in this domain", "status":
"FAILED_PRECONDITION"
Sorry, the error you are having after deleting a user in your organization who was a course's owner and then tried to change ownership to someone else it's a well-known bug as you can see in these two pages:
Failure when adding a teacher to an active course
Deletion of primary teacher from the domain orphans classrooms. You can hit the ☆ next to the issue number in the top left on this page as it lets Google know more people are encountering this and so it is more likely to be seen to faster.
If the original teacher's account is no longer active as it has been deleted from the domain then there is no way to change the ownership. The only way to change ownership of class is by logging in as the original teacher and changing ownership in Google classroom UI.
Follow this documentation-
https://support.google.com/edu/classroom/answer/7449476?hl=en
From the APIs you can do it by calling the API with the original teacher's token. But if the original teacher is no longer active then that token will also cease to work. There is a bug logged with Google for a similar issue (not exact same issue) where the original teacher is deleted from the domain-
https://issuetracker.google.com/issues/146050145
In the mean time the workaround for this scenario is to ask the school domain admin to rejuvenate the original teacher's account from the Google classroom Admin console User Mgmt area. Then impersonate that user by logging in with the account and temp password and carry out the steps as per the documentation to change ownership to new teacher. For workaround steps refer to this comment from google issue tracker for the related bug- https://issuetracker.google.com/issues/146050145#comment2
The background
I added an employee to a Google Project in Developer Console a while back. For reasons unclear to me now, I added him as an Owner.
I was then relegated to Editor role. He left the company and his GSuite account was deleted.
We have used the service credentials for the project throughout many client accounts so recreating the project isn't an option
We have recreated his email account, but there seems to be no way of resending an invite from the Google Project.
The project belongs to no organisation (again, my mistake!)
The problem
I need to become the owner of the project again so I can remove him. How can I achieve this?
Thanks in advance for your help!
Your best bet it to restore the GSuite account and assign it a new password and then use it directly. Outside of recovering the account there are no alternatives other than contacting GCP Support. To speed up the process provide as much documentation as possible to show that the previous owner no longer exists.
Not being in your organization may be a real hassle. Do they use the same associated billing accounts?
Imagine how this looks for GCP, a member on a project wants to be owner and they can't contact the original owner to get confirmation. If they make you the owner they are then responsible if you remove the original owner who did not actually want to make you an owner. They will likely link you to the account recover page, with a statement that they're not able to do it. Best of luck!
I am new to REST APIs, I am actually not looking for any workarounds, I just need to clear my concept because I know I am missing some very important information which can easily solve my problem.
For E.g I made a small website, let's say using angular.js, where I will list some information or some items.
Consider it as an open website for now, everyone is getting same list. Anyone can come to the page and see the list of items. Simple.
Lets say the URL to this list is
https://www.example.com/api/list/v1
Result returned
1. abc
2. cde
3. efg
4. hij
Perfect!
Now my site got traffic, and I decided to implement user thing on my website, so that every user can only see his own information.
So I changed the rest api url to this:
https://www.example.com/api/list/v1/12345
where 12345 is userid.
The user with the user id came on the website, logged in, and browsed the list, by chance he went to the source of the page, and he found the url to list information.
He copied the url and started to use different user id's, he might get lucky any time.
I am not talking about implementing any type of security up til now, there must be several ways to secure it.
My main concern is that isn't it a large security hole, or we can call it an invitation, for injections?
So I just want to clear my understanding, where I am wrong?
Thanks
This is not some security loophole. This is the way it is supposed to work.
Let's put aside the case of APIs. Consider the simple example::
I have a url: www.example.com/jobs/
This will list all the jobs on my website. No authentication or permission of any sort is required to access this data. I am providing it to every user that visits my website. Now I need a way to figure out if the user visiting my website wants to filter the jobs available on my website. So I provide this option in url kwargs. This will look something like::
www.example.com/jobs/java/
So, now the list will contain the data only for Java jobs. Plain and simple.
Now some day I decide that I will let only the registered users to view Java Jobs. So, I introduce a new check in my View that lets you access the java jobs only if you are logged into my website. Otherwise it redirects you to the login page. Depending on the requirement, you put restrictions on the data being sent to the user.
Same is the case with APIs. If you allow the data to be available to any user that uses the API, there is a flaw with your design and not with the concept of APIs. APIs are just the implementation of your logic.
If you don't want a user with id 12345 to access the data of a user with id 123, you have got to restrict the permissions on the API code. You have got to handle themselves. The API will respond to your code.
Hope this clears out everything.
I have a website in progress where users create posts in a feed, and may have many feeds. Their profile will display a default feed of their choosing.
The 3 tables in this paradox are "accounts", "profiles", and "feeds".
An entry in profiles contains additional information about a user. This is in a separate table because it may be modified more often, and many queries use the accounts table without needing this information.
A field in accounts (profile) must reference a profile. I've done this, instead of having profiles reference accounts, because otherwise an account could exist without a profile. A profile existing without an account would be the result of a deactivated account (provided the user explicitly chose not to have their profile removed from the site).
A field in profiles (default_feed) must reference a feed. This may be changed often, and isn't needed by most queries, so this seems a sensible place for this data.
A field in feeds must reference an account; all feeds have a creator.
You may be able to see my problem already, but I'll elaborate:
I can't make an account without making a profile, which I can't make without making a feed, which I can't make without making an account, etc...
Must I give up the functionality of profiles for deactivated accounts (which wouldn't be a huge deal, but I'd like to know if there's another way), or is there a sensible trick that will allow me to solve the paradoxical nature of this relationship?
EDIT: I've realized I could simply set the default_feed field so it's allowed to be null, and have the application handle this special case (which should never happen anyway, since a feed is created with the account) with a "this user has no default feed" message. I'd still like to know if I've missed a more creative solution though.
One simple way to break the dependency is to make default_feed in profile nullable.
Start by creating a profile with the default feed set to null
Create the account that references that profile.
Once the account is set up, create the default feed with the account that has been created as owner.
I will like to know how does Stackoverflow maintain the additional details of users logging in using open-ids? In my knowledge, the details of these users are stored in the server of google,facebook etc. (The ones whose open id is being used). How then this site is also storing info about user's points, badges, privileges etc.?
Open id Selector, the one being used by Stackoverflow, is a client side javascript library so how is this possible?
Is a separate database created? If yes, how? There is no registration even!
Please provide the details of how this is being done.
When you login, the server checks if you already have an account. If there is no entry (it is the very first login), the server will automatically create a new user and save the openid identifier.
So the next time you login, the row is already there, and Stack Overflow will recognize you. By the way, you can learn the id of your database entry by looking at your profile url.
The JavaScript openid-selector is not involved in any of this. It just is a convenience feature which allows easy selection of an openid provider. All its magic is done before the openid magic takes place.