401 with pouchdb authentication on put - authentication

Using the apache/couchdb:2 docker image. I've added a user in couchdb (bloggs) and a database (notes) and added the user to the database, using Fauxton.
Then using pouchdb-authentication I've tried:
var db = new PouchDB('http://couchdb.korea.lan:5984/notes', {skip_setup: true});
db.logIn('bloggs', 'mypassword').then(function() {
db.put(doc);
});
The login succeeds, I can do a console.log() or logout at that point. But the db.put() call fails with a 401:
{"error":"unauthorized","reason":"You are not authorized to access this db."}
The container log output shows the username if I do a db.logout() but the db.put() says "undefined" where the username appears on the logout.
Any idea what I'm missing?

Nevermind, looks like a bug.
I was just using the latest pouchdb version on a CDN. Rolling back from 7.0.0 to 6.4.3 has fixed it.

Related

Problem with Azure AD B2C MSAL authentication

I'm trying to add basic authentication to a Vue.js spa. I'm following the tutorial on https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-single-page-app
In case of the sample SPA provied by MS everything works. When I try to do the same in Vue.js I get the following error:
"ClientAuthError: access_token_entity_null: Access token entity is null, please check logs and cache to ensure a valid access token is present." when doing
.then(handleResponse)
.catch(error => {
console.log(error);
});
However after refreshing the page user seems to be logged in:
myMSALObj.getAllAccounts()
returnes the account used during the login.
What I may be doing wrong? I was unable to find any useful info about it :(
As mentioned in the comments using an older version of the library solved the problem.
This issue seems to have been solved in version 2.14.2
Instead of downgrading you should try upgrading :-)

Using Azure Active Directory with aspnetcore app

I am trying to get up to speed using Azure Active Directory with an aspnetcore 5.0 web app.
I have followed this tutorial, and it seems to work fine: That is, I start the app, and it then shows the Active Directory Login, and I log in with my Microsoft Account.
I then try to view the app as a logout out user. So I log out. However, when I do so, I am directed back to the Active Directory login again. It seems there is no way to view the app unless I am logged in.
Instead, I would like to see the login prompt only when I click the Login link. And I should be able to view the app after logging out.
How do I do this?
One way is to use custom URL Rewriting Middleware to redirect by checking the Homepage path.
For Example, In app.UseMvc use below code:
app.UseRewriter(
new RewriteOptions().Add(
context => { if (context.HttpContext.Request.Path == "/AzureAD/Account/SignedOut")
{ context.HttpContext.Response.Redirect("/Home/Index"); }
})
);

ASP.NET Identity Core: invalid token for password reset on web farm

So, I've been reading the docs and I'm trying to make my site on a web farm. I've searched a lot of articles and it seems like setting the keyring to a common network path should be all that is required to get the data protection to work. In my case, I'm persisting it to Azure.
Now, authentication is working fine, but I'm always getting the Invalid Token error when a user tries to reset his password (when the link is generated on one machine and verified on another).
EDIT: added code for generating the link and verifying the token.
Btw, here's the code used for generating the reset link with the token:
var code = await _userManager.GeneratePasswordResetTokenAsync(user);
await _emailSender.SendPasswordResetAsync(user,
User.IsAuthenticated(),
Url.Link("default",
new {
Controller = "Account",
Action = "ResetPasswordEmail",
token = code,
email = user.Email
}),
_dbContext.Database.GetDbConnection(),
CancellationToken.None);
And here's how it's validated:
var validToken = await _userManager.VerifyUserTokenAsync(user,
"Default",
"ResetPassword",
token);
Any ideas on what's going on?
Thanks.
Ok, as always, the problem was between the chair and the keyboard...
The problem was that the keyring was setup to use azure inside an #if RELEASE condition which wasn't set up on the publish pipeline...
Bottom line: sharing the keyring is all that was needed to get everything up and running...

Empty object user when authenticating with Realm.Credentials.jwt(token) and Realm connection issue with RN hot reload

I am trying to use Mongo Realm (v10.0.0-beta.9) ; I use a JWT authentication (token being generated by AWS Cognito). It works pretty well since a user has been created (in Mongo Realms Users menu) and I was able to insert a data in my realm. But...
1. Empty user object
One strange thing nevertheless: the user I get from the authentication is empty
const credentials = Realm.Credentials.custom(jwt)
// Authenticate the user
const user: Realm.User = await app.logIn(credentials)
console.log("logged in with Jwt, user:", user) // display "logged in with Jwt, user: {}"
Is it normal? Examples speak about a identity field: console.log(`Logged in as ${newUser.identity}`);
2. React Native hot reload
A bothering thing: I can't reconnect to a realm when reloading the app (pressing r in the console where I npm started). I don't get any error, I just get... nothing. No log appears in Realm console.
The only solution I get is to kill the app, then restart it.
Did I miss a trick to handle that reconnection with RN hot relad?
I've had some troubles converting any Realm objects to printable strings; I always get {} just like you do. I think it could be related to this (unresolved) task on their GitHub.
On a similar note, there are some bugs in Realm's authentication system. I'm trying to get email/password, Facebook, and Google authentication going in my application but all of them currently seem to be broken on Realm's side.
Here are some related issues on their GitHub that you can follow for a solution.
Facebook
Google
Email/pass (fixed, but not released in the latest beta)
I don't have any information about JWT specifically but given these other authentication issues there's a good chance the issue isn't on your side. I recommend opening an Issue on their repository.

How to know if a user is logged in from another service

I have a php/apache service and meteor on the same server. I am using the accounts-ui package.
Is there anyway to know in my php script, that a user is logged in, given the login token (session id?)
This is my original need: upload a profile picture for a logged in user.
Very simple right? But I have not found an answer after hours of googling.
First solution would be using html5 File apis to send data to meteor server and the server save the image. But this solution wont even work for IE9.
Second solution is what I am trying: Using a html form to upload picture to a php script (or whatever script, it can be a nodejs script if needed). This script will save the image like a traditional php script does. The thing is I cannot know if the upload request is authorized, otherwise everybody can change profile picture of anybody. I must add some information in the upload request and verify them in the php code before saving the image. I am thinking about sending a request from php script to meteor server but I need to know which parameters to send and how meteor responses it.
How can I achieve the second solution or if someone has a another solution for my origin problem that would be great.
Thank you.
Meteor uses an a protocol called DDP to communicate between the client and server. But as of now there isn't a PHP ddp client so you would have to use a REST type communication method between your meteor server and your PHP server.
If you feel you could build a PHP client for your meteor client, it would greatly help you as you could do stuff like run Meteor.call from your php scripts and have them subscribe to collections. The full DDP spec (pre1) can be found at : https://github.com/meteor/meteor/blob/master/packages/livedata/DDP.md
To do a REST method you should use Meteor Router to allow you to create server side routes. It is installed via meteorite which helps you access a list of community packages at [atmosphere.meteor.com].1
sever side js
Meteor.Router.add('/checklogin', 'post', function() {
var userId = this.params.userId;
var loginToken = this.params.loginToken;
if(userId && loginToken) {
return (!!Meteor.findOne({_id:userId,"services.resume.loginTokens.token":loginToken}));
}
});
You can then do a POST request with PHP to /checklogin with two params, one is userId which is the userId (found with Meteor.userId() or localStorage.getItem("Meteor.userId"). The other is the login token found via localStorage.getItem("Meteor.loginToken") on your Meteor client.