Hashicorp Vault API - Create User - unsupported path - urlencode

Can we create a user in vault API using special characters. For example below POST url is used to create users.
POST : http://localhost:8200/v1/auth/userpass/users/myuser-1#beta_1.0$
Paylod :
{
"password": "myPassword",
"policies": "myuser-1#beta_1.0$",
"ttl": "120",
"max_ttl": "120"
}
Result :
{
"errors": [
"1 error occurred:\n\t* unsupported path\n\n"
]
}
the user myuser-1#beta_1.0$ contains special characters # _ $. I think the # $ chars should be encoded before passing to vault. However there is no information about url encoding in below documentation.
https://www.vaultproject.io/api/auth/userpass/index.html
Is encoding supported here or should it be replaced with other char before sending it to vault??
Note: Removing # $ chars, api works fine.

Related

GCP Endpoint's using multiple authentication

I have the following security schemes defined for a method in my swagger file:
...
get:
...
security:
- api_key: []
- firebase: []
securityDefinitions:
api_key:
in: query
name: key
type: apiKey
firebase:
authorizationUrl: ''
flow: implicit
type: oauth2
x-google-audiences: project-id
x-google-issuer: https://securetoken.google.com/project-id
x-google-jwks_uri: https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken#system.gserviceaccount.com
However, it will not work if I try to send a request using an api key, but it will if I use a firebase token (even if I do not provide the api key).
The response:
{
"code": 16,
"message": "JWT validation failed: Missing or invalid credentials",
"details": [
{
"#type": "type.googleapis.com/google.rpc.DebugInfo",
"stackEntries": [],
"detail": "auth"
}
]
}
If I remove firebase from the security definition, then it will work using the api key.
Is it a known issue that an api key security scheme will not work if there is also an oauth2 for the same method?
What happens is that "OR" security requirements are not supported when one of the alternatives is an API key. Therefore, you are experiencing the right behavior.
If you provide both alternatives the API key will be ignored, but if OAuth2 is removed and it only accepts the API key, it works.
According to the same documentation that I attached, you could require both authentication methods using an "AND" condition. Something like this:
...
security:
- api_key: []
firebase: []
....

Unable to upload document with special character in AWS CloudSearch through Java SDK

I am trying to upload a document which has special character in it. The JSON string is
[{
"type": "add",
"id": 1234,
"fields": {
"copyrightline": "© 2005 Some company. All Rights Reserved."
}
}]
When i remove '©' from the json, i am able to upload the document. When i have the character '©' the below is the error
AmazonCloudSearchDomainException: The request signature we calculated
does not match the signature you provided. Check your AWS Secret
Access Key and signing method. Consult the service documentation for
details. (Service: AmazonCloudSearchDomain; Status Code: 403; Error
Code: SignatureDoesNotMatch; Request ID:
d11a2497-aeac-11e9-b6fb-db6602f3004a)
Tried changing the encoding (UTF-8, UTF-16 and UTF-32) but with no success.
Here is the code which push the above string to CloudSearch
UploadDocumentsRequest uploadDocumentsRequest = new UploadDocumentsRequest();
InputStream inputStream = org.apache.commons.io.IOUtils.toInputStream(testDataString, "UTF-8");
uploadDocumentsRequest.setDocuments(inputStream);
uploadDocumentsRequest.setContentType(ContentType.Applicationjson);
uploadDocumentsRequest.setContentLength((long) testData.length());
UploadDocumentsResult uploadDocumentsResult = client.uploadDocuments(uploadDocumentsRequest);
Found out that the issue is with setContentLength(). If the length is invalid the error is thrown. So the following code change made sure it works.
uploadDocumentsRequest.setContentLength((long) cloudSearchAddRequest.getBytes("UTF-8").length);

Create MasterCard tokenization API

I have a mobile app containing payment method via MasterCard. I have this tutorial:
https://ap-gateway.mastercard.com/api/documentation/apiDocumentation/rest-json/version/latest/api.html?locale=en_US
I want to create Tokenization which contains customer's master detail, I have followed this tutorial part:
https://ap-gateway.mastercard.com/api/documentation/apiDocumentation/rest-json/version/latest/operation/Tokenization%3a Create or Update Token (with system-generated token).html?locale=en_US
I tried with :
POST https://ap-gateway.mastercard.com/api/rest/version/41/merchant/{{MyMerchantID}}/token
Params:
{
"sourceOfFunds": {
"type": "CARD",
"provided": {
"card":{
"number": "5123450000000008",
"expiry": {
"month": "05",
"year": "17"
}
}
}
Note: The number is a mastercard test number.
I am always get this error:
error
cause "INVALID_REQUEST"
explanation "Invalid credentials."
result "ERROR"
I followed the params in second URL.
Can anyone help? Are the params correct or I missed something?
In your configuration file, you need to set the following:
$configArray["merchantId"] = "[merchantId]";
// API username in the format below where Merchant ID is the same as above
$configArray["apiUsername"] = "merchant.[merchantId]";
// API password which can be configured in Merchant Administration
$configArray["password"] = "your api password";
Setting the above parameters in the config file will solve your problem
Try replacing "ap-gateway" with the real gateway provided for you. Your merchantID is not supported in test gateway.
First, you should ask you bank to enable the tokenization for your merchant account
POST
https://ap-gateway.mastercard.com/api/rest/version/61/merchant/{{MyMerchantID}}/token
you have to set Authorization->Basic Auth
Username : Your_MerchantID
Password : ApiPassword
Params:
{
"session": {
"id": "SESSION0002510583427E2239608H32"
}
}

apache nutch to index to solr via REST

newbie in apache nutch - writing a client to use it via REST.
succeed in all the steps (INJECT, FETCH...) - in the last step - when trying to index to solr - it fails to pass the parameter.
The Request (I formatted it in some website)
{
"args": {
"batch": "1463743197862",
"crawlId": "sample-crawl-01",
"solr.server.url": "http:\/\/x.x.x.x:8081\/solr\/"
},
"confId": "default",
"type": "INDEX",
"crawlId": "sample-crawl-01"
}
The Nutch logs:
java.lang.Exception: java.lang.RuntimeException: Missing SOLR URL. Should be set via -D solr.server.url
SOLRIndexWriter
solr.server.url : URL of the SOLR instance (mandatory)
solr.commit.size : buffer size when sending to SOLR (default 1000)
solr.mapping.file : name of the mapping file for fields (default solrindex-mapping.xml)
solr.auth : use authentication (default false)
solr.auth.username : username for authentication
solr.auth.password : password for authentication
at org.apache.hadoop.mapred.LocalJobRunner$Job.runTasks(LocalJobRunner.java:462)
at org.apache.hadoop.mapred.LocalJobRunner$Job.run(LocalJobRunner.java:522)
Was that implemented? the param passing to solr plugin?
You need to create/update a configuration using the /config/create/ endpoint, with a POST request and a payload similar to:
{
"configId":"solr-config",
"force":"true",
"params":{"solr.server.url":"http://127.0.0.1:8983/solr/"}
}
In this case I'm creating a new configuration and specifying the solr.server.url parameter. You can verify this is working with a GET request to /config/solr-config (solr-config is the previously specified configId), the output should contain all the default parameters see https://gist.github.com/jorgelbg/689b1d66d116fa55a1ee14d7193d71b4 for an example/default output. If everything worked fine in the returned JSON you should see the solr.server.url option with the desired value https://gist.github.com/jorgelbg/689b1d66d116fa55a1ee14d7193d71b4#file-nutch-solr-config-json-L464.
After this just hit the /job/create endpoint to create a new INDEX Job, the payload should be something like:
{
"type":"INDEX",
"confId":"solr-config",
"crawlId":"crawl01",
"args": {}
}
The idea is that need to you pass the configId that you created with the solr.server.url specified along with the crawlId and other args. This should return something similar to:
{
"id": "crawl01-solr-config-INDEX-1252914231",
"type": "INDEX",
"confId": "solr-config",
"args": {},
"result": null,
"state": "RUNNING",
"msg": "OK",
"crawlId": "crawl01"
}
Bottom line you need to create a new configuration with the solr.server.url setted instead of specifying it through the args key in the JSON payload.

Setting HTML as supported messageformat in UCWA

I have a functional ucwa client that only works with plain messages. According to the lync documentation, a PUT request is needed to change the supported modality and message format, and that an If-Match header is required to verify the request is not for an out-of-date status.
For example, a GET request to /ucwa/oauth/v1/applications/102628975647/communication will return
{
"9b5c7fdf-2c5f-462e-a4e3-39663f09301a": "please pass this in a PUT request",
"supportedModalities": [],
"supportedMessageFormats": [
"Plain"
],
"_links": {..},/*ommitted for brevity */
"rel": "communication",
"etag": "3010254294"
}
I PUT back this, with an If-Match: 3010254294 header:
{
"9b5c7fdf-2c5f-462e-a4e3-39663f09301a": "please pass this in a PUT request",
"supportedModalities": [],
"supportedMessageFormats": [
"Plain", "Html"
],
"rel": "communication",
"etag": "3010254294"
}
But I consistently get a 428 PreconditionRequired error, which, according to documentation, means that I am missing the If-Match header. Various combinations of ETag and If-Match also fail. What is the proper format for this request?
I remember running into this issue when I was trying to figure out why I could not receive HTML-formatted messages. The issue being that you appear to have the data correct except the If-Match header is very particular in that it would only work for me when I had the value quoted and it may/may not work for single quotes.
If-Match: "3010254294"
Relevant Fiddler Trace: UCWA Html Messaging.saz