My custom search command required some credentials to work (third party lib auth) and I don't want to have it hardcoded.
What is the best practice to pass the credentials inside this custom search command?
I'm looking to do some similar to set-up page from add-on builder.
Any thought on this?
Assuming there is a script running behind the custom search command, you can have your credentials stored in a file(eg: json format) and then encrypt the file using a key(GnuPG library). your hard coded credential file will not be required after this.
In the script, decrypt(use GnuPG library) the encrypted file using the key used for encryption and then use it for authentication.
Related
I use Nextcloud as a normal user to store and share files.
I decided to use it as a backend for a web application I am developing so that I can store the files in Nextcloud while the frontend is done by me.
I spent some hours on the API docs
https://docs.nextcloud.com/server/latest/developer_manual/client_apis/WebDAV/index.html
and, with some disappointment, unless I have not made a mistake, I realized that the only API that can be used from outside Nextcloud is the WebDav API.
This is a minimalistic API that allows doing basic things such as uploading a file by passing the full path like with this GET statement (authenticated by basic auth passing username and password in the headers:
GET https://nextcloud.example.com/remote.php/dav/files/username/FolderOne/SubFolderTwo/HelloWorld.txt
This will download the file located in /FolderOne/SubFolderTwo/HelloWorld.txt
with a PUT request, it is possible to overwrite the file by passing the file content in the raw body request
This is very effective but minimalistic.
I was expecting to have a full REST API to access more properties and perform complex operations.
Could you please tell me if I missed some important information?
There is the OCS API but it works only from inside Nextcloud.
Thanks.
A full REST API is avaiable - https://docs.nextcloud.com/server/22/developer_manual/client_apis/OCS/ocs-api-overview.html
Create a Share - https://docs.nextcloud.com/server/latest/developer_manual/client_apis/OCS/ocs-share-api.html
The OwnCloud documentation also offers more examples
https://doc.owncloud.com/server/10.8/developer_manual/core/apis/ocs-share-api.html
You can register an App id and use that to login or passthru a username and password in the authentication header.
I am using Fusion Auth as an auth backend for my project.
After starting up the container as shown here(https://fusionauth.io/docs/v1/tech/installation-guide/docker), if we open the URL(Ex: http://localhost:9011) we need to create an admin user and then we will be able to create Application, API Key, Lambda.
As my project doesn't involve UI interaction, I wanted to create Application without involving UI interaction(i.e., setup-wizard).
I was unable to find an API that relates to setup-wizard.
As I saw Since this is your own private instance of FusionAuth, you need to create a new administrator account that you will use to log in to the FusionAuth web interface. in setup-wizard I thought this is required only for UI, So I tried to create Application using this(https://fusionauth.io/docs/v1/tech/apis/applications#create-an-application) API, but it is returning a 401(Unauthorized).
Can someone help me to either create an application without authentication or bypass setup-wizard?
The FusionAuth Kickstart does exactly what you need. It will allow you to pre-define the configuration that you require in a JSON file and then the system will bootstrap itself automatically.
The base use case it to provision an API key which would allow you to programmatically configure the rest of the system by using APIs after an API key has been created.
{
"apiKeys": [{
"key": "a super secret API key that nobody knows"
}]
}
You also have the option of building your entire configuration in the Kickstart definition. There are a bunch of examples and walk throughs on the Kickstart installation guide.
Good luck!
Recently I bumped into a situation where our TeamCity build config(s) should be composed by the given business logic, not by hand. Kotlin DSL does match our needs perfectly well so I did a .KTS script quite quickly. The only issue I have so far is FTP uploader step, namely the password parameter. All my attempts to put a password a ended with FTP 503 error.
Like this:
param("jetbrains.buildServer.deployer.username", "abc")
param("jetbrains.buildServer.deployer.password", "secret-password")
or like that (as I googled out that non-secure password parameter is obsolete):
param("jetbrains.buildServer.deployer.username", "abc")
param("secure:jetbrains.buildServer.deployer.password", "secret-password")
If I put the password manually in TeamCity and examine generated DSL then, I see the password is somehow secured:
param("secure:jetbrains.buildServer.deployer.password", "zxx5a3133fc69ef3252") <- "abc" password
param("secure:jetbrains.buildServer.deployer.password", "zxx4469c7c25073dd9f") <- "123" password
What is the encoding/encryption used here? Any clue how to pass an arbitrary password (ideally, via %parameter%) in Kotlin DSL scripts?
When you need to add a password into the versioned settings not via TeamCity UI (for example, adding settings with Kotlin-based DSL), you will need to add the password to TeamCity and get the corresponding token to use in the settings. The token can be generated via the "Generate Token for password" action available in the Project | Actions menu.
At this time passwords are not inheritable by projects hierarchy. If a setting in a project (a VCS root, OAuth connection, cloud profile) requires a password, the token generated for this password can be used in this project only. For instance, it is not possible to take a generated token and use it ain a similar setting in a subproject. A new token should be generated in this case.If you need to use a secure value in the nested projects, consider adding a password parameter with the secure value and using a reference to the parameter in the nested projects.
other way how to generate the token is
mvn -Dtext="mysecret" org.jetbrains.teamcity:teamcity-configs-maven-plugin:scramble
I am trying to create a File Explorer like uwp app, it will be an app like traditional file explorer in windows 10 but it will mainly show only video files, so for that I want to use BroadFileAccess capability.
Usually when I use a capability related to FileAccess I have a simple API like KnownFolders.VideoLibrary and others like that to get the root folder of that library, but in this case broadfileacccess claims to give access to complete file system which is available to the user, but in the docs there is not a single method or api reference something likeKnownFolders.FileSystem which can give us the root folder of the file system of the user so we can build apps like file explorer etc. How can I actually go on and use this broadFileAccess capability if there is not even a api method to use it ?
From official document:
This is a restricted capability. On first use, the system will prompt the user to allow access. Access is configurable in Settings > Privacy > File system. If you submit an app to the Store that declares this capability, you will need to supply additional descriptions of why your app needs this capability, and how it intends to use it.
This capability works for APIs in the Windows.Storage namespace
Currently, it does not provide proprietary Windows.Storage API. But you could use present Windows.Storage API to get higher access. For example, you could invoke GetFolderFromPathAsync method with absolute path(#"D:\PersonImages"). You could use GetFolderFromPathAsync with SystemDataPaths or UserDataPaths.
var folder = await StorageFolder.GetFolderFromPathAsync(UserDataPaths.GetDefault().Desktop);
Prior to this, this kind of access was illegal.
Using a provided username, password, and domain name, how can I retrieve a boolean value indicating if a user has successfully authenticated with a primary domain controller? Authentication should be performed using the Kerberos protocol for windows domain controllers. Thanks in advance, Dan
There's a free implementation of a windows-only JAAS login module and of an SSO Negotiate (Kerberos/NTLM) authenticator: Waffle.
You need to either write your own or use third party Authentication Module for that. When I was doing this, there was nothing available from JDK, so I used this tool. Note that it's GPL, but you can learn from there. You will have to create conf. file describing your authentication module and feed it into your JVM with java.security.auth.login.config property (e.g. using -D, or either way). In case of Tagish it looks something like this:
NTLogin
{
com.tagish.auth.win32.NTSystemLogin required returnNames=true returnSIDs=false defaultDomain="domain";
};
Another thing you will need is to specify kerberos configuration file via java.security.krb5.conf property. I don't have the details of this file handy, but you can easily find it on the net -- google about for krb5.conf. Settings in this file will have to match your windows domain and other windows specific settings.
It's a bit tricky to configure, but for me it worked very well, pretty robust.