Spring Cloud config server encryption decryption - spring-cloud-config

I am using the below command to encryot the password.
curl -H "Content-Type: text/plain" lonrs03668:8888/encrypt -d Simple12$jedi
after decryting the password, the value after $ sign getting lost and it is only returning the Simple12.
The issue is that if string contains the $ sign it is not encrypting/decrypting correctly.

Try curl -H 'content-type: text/plain' localhost:8888/encrypt --data-raw 'your password'

Below is working for me by adding \ before $ .
curl -u root:s3cr3t -H "Content-Type: text/plain" lonrs03668:8888/encrypt --data-ascii Simple12\$jedi.

Related

Authentication error using cloudflare api

I repeatedly received an authentication error just like this (not me) when using the Cloudflare api.
curl -X GET "https://api.cloudflare.com/client/v4/zones/<ZONEID>/dns_records?type=A&name=<DOMAIN>&content=127.0.0.1&proxied=undefined&page=1&per_page=20&order=type&direction=desc&match=all" \
-H "X-Auth-Email: <EMAIL>" \
-H "X-Auth-Key: <APITOKEN>" \
-H "Content-Type: application/json"
{“success”:false,“errors”:[{“code”:10000,“message”:“Authentication error”}]}
What am I doing wrong?
I was getting that exact same error message, and I found out that I was using the API Token instead of the API Key in the X-Auth-Key parameter.
Apparently the only way that seems to work is to use the user token instead of the zone one.
curl -XPOST -H 'X-Auth-Key: TOKEN' -H 'X-auth-email: EMAIL' -H \"Content-type: application/json\" -d '{\"type\":\"CNAME\",\"name\":\"hi\",\"content\":\"example.com\",\"proxied\":true}' 'https://api.cloudflare.com/client/v4/ZONE_ID/dns_records'

Fail2ban jail for specific url doesn't work with Cloudflare

This is a continuation of a previous question regarding creating a jail for a specific url.
It bans the Cloudflare IP and not that of the user. I've followed this guide to setup the Cloudflare filter, but am having issues.
Jail.local looks like this...
[apache-specific-url]
enabled = true
port = http,https
filter = apache-specific-url
action = cloudflare
iptables-allports
logpath = %(apache_access_log)s
bantime = 48h
maxretry = 1
actions.d/cloudflare.conf
This is the cloudflare.conf that came with Fail2ban V0.11.1 which is what I'm using. It looks to be the latest and correct version. I've properly set cftoken & cfuser in the file.
actionban = curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' \
-H 'Content-Type: application/json' -d '{ "mode": "block", "configuration": { "target": "ip", "value": "" } }' \
https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules
actionunban = curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' \
https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' \
'https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=&page=1&per_page=1' | tr -d '\n' | cut -d'"' -f6)
My API info & Curl is good
If I curl the following, the test IP is indeed banned on cloudflare and I get a success upon return.
curl -s -X POST "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules" \
-H "X-Auth-Email: CloudFlare-username" \
-H "X-Auth-Key: CloudFlare-API-Key" \
-H "Content-Type: application/json" \
--data '{"mode":"block","configuration":{"target":"ip","value":"1.2.3.4"},"notes":"Fail2ban"}'
/var/log/fail2ban.log shows the following
2021-01-15 14:59:08,461 fail2ban.filter [3439]: INFO [apache-specific-url] Found 172.69.63.147 - 2021-01-15 14:59:07
2021-01-15 14:59:08,981 fail2ban.actions [3439]: NOTICE [apache-specific-url] Ban 172.69.63.147
I'm not sure what I'm missing here, but it doesn't look like I've setup the jail properly to get the actual IP from Cloudflare and ban it locally or on Cloudflare.
Any help greatly appreciated.
After a great deal of trial and error, the problem with banning and unbanning was with the cloudflare action. Parsing the json seems to be tricky for folks. Oddly enough, I found several folks with the issue with different resolutions. However, the following is the "Mix" that works for me. I hope it helps someone in the future.
/etc/fail2ban/action.d/cloudflare.conf
actionban = curl -s -X POST "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules" \
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cftoken>" \
-H "Content-Type: application/json" \
--data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"Fail2ban"}'
actionunban = curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$( \
curl -s -X GET "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&match=all" \
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cftoken>" \
-H "Content-Type: application/json" | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' | tr -d '"' | head -n 1 | sed -E -e 's/^\s+//' -e 's/\s+$//')" \
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cftoken>" \
-H "Content-Type: application/json"
actionban was gleemed from this blog
actionunban, the tougher of the two, was gleemed from here

Why I can't delete Link between person and group identities with Platform of Trust's Identity API?

I have created account on Sandbox
I have then created a group with
curl -i -X POST \
-H "Authorization: Bearer <ACCESS_TOKEN>" \
-H "Content-Type: application/json" \
-d \
"{
\"context\": \"https://standards.oftrust.net/v2/Context/Identity/Group/\",
\"type\": \"Group\",
\"data\": {
\"name\": \"Company Oy\"
}
}" "https://api-sandbox.oftrust.net/identities/v1"
I have also created a Link between person and group, I used MemberOf
curl -i --request POST \
--url https://api-sandbox.oftrust.net/identities/v1/{fromIdentityId}/link/{toIdentityId} \
--header 'Authorization: Bearer <ACCESS_TOKEN>' \
--header 'content-type: application/json' \
--data '{
"context": "https://standards.oftrust.net/v2/Context/Link/Role/MemberOf/",
"type": "Member"
}'
I got successful response that link was created between those identities.
Trying to delete this link now, but I get as response 404 and message Link not found.
What I try is according with example from documentation
curl -i -X DELETE \
-H "Authorization: Bearer <ACCESS_TOKEN>" \
"https://api-sandbox.oftrust.net/identities/v1/{fromIdentityId}/link/{toIdentityId}/MemberOf"
[UPDATE]: I discovered also in Identity API documentation that can list all links of identity.
And have made this for group identity:
curl -i -X GET \
-H "Authorization: Bearer <ACCESS_TOKEN>" \
"https://api-sandbox.oftrust.net/identities/v1/<group_id>/links"
The response shows that link between group and person identities.
Firstly, make sure you respected the id values (their order) for From and To. They should be the same you get in response of https://api-sandbox.oftrust.net/identities/v1/<group_id>/links
Secondly, delete Link endpoint needs to be used with a type, as exemplified. In this case MemberOf. But looking at the creation of the link there is a typo: context used is correct, but the type is Member. Type should match the last part of the name in context => MemberOf
In this case, since you are trying to delete it, simply use Member
curl -i -X DELETE \
-H "Authorization: Bearer <ACCESS_TOKEN>" \
"https://api-sandbox.oftrust.net/identities/v1/{fromIdentityId}/link/{toIdentityId}/Member"

Openam policy decision with (session and ldap filter) environment condition

I think I am doing something stupid and can't find documentation around it.
I have this above policy set in openAM and trying to validate it with json/policies?_action=evaluate. But I can't find how would I have to pass the environment key and values for the above-configured condition? I have tried them in a cookie or in headers but don't seem to get it right. should I add them in the environment and then write the script to handle (and return authorize true) that from the request in the openAM services? OR do I have to add custom service in for identity and that would handle this? OR am I missing this completely?
request for validate is:
curl -X POST \
'http://0.0.0.0:8080/openam/json/policies?_action=evaluate' \
-H 'Accept: */*' \
-H 'Accept-API-Version: resource=1.0' \
-H 'Content-Type: application/json' \
-H 'Cookie: iPlanetDirectoryPro=<token-of-web-agent>' \
-H 'Host: 0.0.0.0:8080' \
-d '{
"resources":["/members"],
"application":"iPlanetAMWebAgentService",
"subject":{
"ssoToken":"<ssoToken-of-demo-user>"
},
"environment": {}
}'

IBM Watson TTS example return a blank audio file

I have some troubles with the Watson TTS example provided by IBM using cURL :
curl -X POST -u {USERNAME}:{PASSWORD} \
--header "Content-Type: application/json" \
--header "Accept: audio/wav" \
--data '{"text":"hello world"}' \
--output hello_world.wav \
"https://stream.watsonplatform.net/text-to-speech/api/v1/synthesize"
I am running this cURL command through GitBASH but the audio file output I'm getting is blank and does not contain any audio.
I've tried changing :
--data '{"text":"hello world"}' \
to :
--data "{\"text\":\"hello world\"}" \
But I get the same result.
Remove the {} around your username and password credentials, which by the way are now compromise.
You will should revoke these credentials and create a fresh set of credentials, which you should try endevour to keep secret and not post in public forums.