I have cloned the sample myapplication from here(https://cumulocity.com/guides/web/introduction/) and it works.
However, when I change the resourcesUrl to point to my bitbucket repos, it starts getting funny.
{
"availability": "MARKET",
"contextPath": "myapplication",
"key": "myapplication-appkey",
"name": "myapplication",
"resourcesUrl": "https://bitbucket.org/m2m/cumulocity-ui-plugin-examples/raw/develop/build",
"type": "HOSTED",
"imports": [
"core/c8yBranding",
"core/deviceList",
"core/deviceDetail",
"myapplication/myplugin"
]
}
Each time I switch to myapplication on cumulocity, my page will automatically forwarded to bitbucket. Even I delete the myapplication from administration and change back "resourcesUrl" to original, and reregister plugin and app, the portal still continues to forward the page to bitbucket.
Did I miss anything here and how to bring back? Thanks.
Updates,
Looks reregistering the app with original resourcesUrl does work today and possibly was something not right with my PC yesterday.(today I found this is not related to my PC, their is a delay between grunt appRegister and the application is really updated in Cumulocity, wonder how long the delay is?)
The myapplication is forwarded to bitbucket looks to be related to if the repo is private or public. If the repo is public, cumulocity will load the login page as expected. If private, even in the Administration page->Own applications->Myapplication->properties page, set username and password and click save, still goes to bitbucket login page.
So now the question is, how to link("resourcesUrl") to a private repo hosted in bitbucket?
If change "availability" from "MARKET" to "PRIVATE", the application page will be 404 no application found, is this expected?
Thanks.
To point to a resourcesUrl that is protected by basic authentication, which is the case for private bitbucket repos, one must add the properties resourcesUsername and resourcesPassword to the manifest.
In case of bitbucket these are the credentials to a bitbucket user. We recommend a user with just read permissions to this repo.
A MARKETis available to every tenant that subscribes it and a PRIVATEapp is only available to the tenant that owns it. For example, if a tenant 'acme' creates an application 'foo' that same app will only be available at acme.cumulocity.com/apps/foo.
Related
I'm using Doxygen to generate documentation on a C++ project. I want to share this documentation with various team members without them having to build the docs themselves. In an ideal world, there's a service to privately host the static HTML that's generated from Doxygen, and gate it behind some sort of login. I think literally all this service needs to do is have some authentication middleware before serving the HTML. Just password protecting a directory is not good enough for what I'd like to do.
Does anyone know of a service like this that already exists? Am I taking the wrong approach?
What you are asking for is a service that host static pages but provide the authentication functionality. I don't know if something like that exists and I have not found anything in a quick search.
However, there's another approach, much more simple. Just generate the documentation and upload it wherever you want that requires authentication (Google Drive, a private repository in GitHub or Bitbucket, etc). Give access to your team members and they will just have to keep it up to date with the remote one and open the index.html locally in their browsers.
Azure has a static web app host available.
You can configure it so users must log in before anything is served up.
This is a bare bones config that will require people log into an app reg I made available to them, otherwise it will redirect to the azure ad login page.
We are already using Azure for our cloud needs, so this wasn't much to stand up for the documentation host.
Custom authentication in Azure Static Web Apps
Authentication and authorization for Azure Static Web Apps
{
"auth": {
"identityProviders": {
"azureActiveDirectory": {
"userDetailsClaim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"registration": {
"openIdIssuer": "https://login.microsoftonline.com/TENANT_ID",
"clientIdSettingName": "AZURE_CLIENT_ID",
"clientSecretSettingName": "AZURE_CLIENT_SECRET"
}
}
}
},
"routes": [
{
"route": "/*",
"allowedRoles": [
"authenticated"
]
}
],
"responseOverrides": {
"401": {
"statusCode": 302,
"redirect": "/.auth/login/aad"
}
}
}
I am a hardware guy first and software second so GitHub is not my forte.
I had Altium Designer setup with my GitHub server for version control. When GitHub forced 2FA recently it broke the link to Altium which, unfortunately doesn't have stellar GitHub integration.
There are 6 fields I am allowed to enter in Altium to point it to my (GitHub) server:
1.) Method (HTTP, HTTPS, file, svn)
2.) Server (URL)
3.) Port
4.) Repo Subfolder
5.) username
6.) Password
Again, nothing changed except moving to 2FA. Now, when I attempt to login it obviously says it could not connect to the server because Altium has no provisions to provide a token during the login process.
I read the article at GitHub here: https://docs.github.com/en/free-pro-team#latest/github/authenticating-to-github/using-ssh-over-the-https-port
But I have no idea if that will do anything for me. Is there a way to route my Altium server connection to use my SSH key outside of the Altium environment? Or perhaps another way to "whitelist" my desktop in GitHub for SSO?
GitHub has not forced 2FA on for users. That wouldn't be useful, because people could just not set up a second factor. It's possible your organization has required this, though.
However, GitHub is deprecating the use of a plain password when using Git over HTTPS in favor of a token. Using a plain password was already forbidden for users who use 2FA, since there's no place to send a 2FA code (and for automated systems, doing that would be very inconvenient).
In this case, it's easy to keep using HTTPS: just generate a personal access token (in the developer settings) with the repo scope and paste it into the password field. Git doesn't know the difference between a password and a token; they're both the same to it. This also has a bunch of other benefits:
If you change your password, the token isn't automatically cleaned up, so you don't have to change Altium Designer.
If you decide you want to revoke that token, you can do so independently of changing your password.
If you're using SSO, you need to enable that token for SSO using the drop-down before it can be used to access protected resources.
I have setup a drone server (not in a container , running on my machine for the first part of this).
I have a github repo set up and the details for the github client and secret.
The server is http://localhost:4040 and the 'Authorization callback URL' set to http://localhost:4040/authorize
When I hit access http://localhost:4040 to login am sent to github to authorize the application. (This is in line with what I expected). The details all look correct (what I think it should be).
When I click the Authorize application button in the github screen I am redirected back to http://localhost:4040/authorize and on to http://localhost:4040/login?error=oauth_error
Where can I get more information on this error? Can I provide more details?
Where can I get more information about setting up a drone server (first) then a docker drone (as it seems that is the setup preferred (correct?))?
Thanks in advance for your time on this
Implementing a PHP Bitbucket API service for a website. One thing I need to do is give a bitbucket user (could be anyone at all as long as they have a bitbucket account) access to a private repository and be able to pull the repo down via composer.
Is this possible by the Bitbucket API?
Should I be giving the user just standard read access to the repo?
If thats the case what happens with SSH keys? How would I handle that?
OR should I use the deployment keys feature? Is this available via the API?
If you know of any documentation apart from the official ones that might highlight some of these features slightly better, it would be greatly appreciated.
Thankyou
To give a user access to a repository through the API: https://confluence.atlassian.com/display/BITBUCKET/privileges+Endpoint#privilegesEndpoint-PUTanewprivilege
If all you need is the ability to clone, then "read" permission is sufficient.
HTTPS vs SSH is orthogonal. Once a user has access, it is up to them to choose the protocol.
Deploy keys are another option is all you need to the ability to clone a repo over SSH (not HTTPS), but it sounds like that may not be a very good fit for what you're trying to do.
The user would need access to the repository... read access is fine
now since your repository is a private one, it's not hosted on packagist, i'm assuming...
so your composer config, well at least the way we do it in our workspace could be as follows:
{
"name" : "bitbucket-users-project-name",
"author" : "bitbucket-users-name",
"repositories": [
{
"type": "git",
"url": "git#bitbucket.org:your-username/your-repo-name.git"
}
],
"require" : {
"your-repo-composer--name" : "version.number.here"
}
}
for testing purposes you could use dev-master instead of version.number.here
now since you're using the ssh git url, that user would require their ssh key added to their own account
I need to develop a bunch of my own web hooks (or services maybe) for auto deploy, report into project management systems, etc.
But data posted to web hook don't have much information to fill my needs.
For example, I've received simple push event, how can I know is it force push or not? Okay, I have 2 treeishes, let's look at repository and check this push — oops, need user token to do it. Sad.
What is the right method to access gitlab api from web hooks? Probably I've missed something important? I'm really confused.
Upd1:
Let's try to find a solution. Possibilities
Imagine we can have a user who can read all projects in gitlab. But
that user should be connected to each project to have an access. Ok
;-(
What about to read repo by pusher? We can't because we need to use his private token to do this.
Maybe some internal functionality to read all repos or something? Sure not.
So. Maybe database? Nope. Because we need to clone repo at first and can't save data in DB anyway with refreshing caches.
I think we need a security token and maybe many checkboxes with access permissions for each joined web hook or an app (service).
Please feel free to share your ideas.
I've remembered partial solution. So scenario will be like that:
Create web service with your web hook.
Create a ssh key on the same host for some special (usually owner of web hook service) user to have an access to repos.
Add ssh key created at previous step as deploy key.
Finally: Register your webhook and add your deploy key for that hook to project — repeat it for each project what need this hook.
You have event listener (your web hook service), and you have access to that repository (ssh/git).
But still that solution doesn't have access to API itself.
Probably, there is also an another solution.
Create custom admin user with a big random password and some synthetic name like HookBot or something, remember private_token of that user;
Register your web hook;
Use api access to add your deploy key with HookBot (untested);
Use sudo api to get sources or something else. Just mimicry to pusher's account (sudo -u {author_id}) and go on, read repo, work with it, etc.
Maybe some another solutions? More legit?