I am developing a Python3 (standard) appengine application; long story short a ReactJS client does Firebase authentication and makes a post to my backend passing the idToken.
The backend successfully makes the firebase verification, and received the info about the authenticated user, but suddenly I see:
...
INFO:views.login:{'iss': 'https://securetoken.google.com/dev-audience-gift', 'aud': 'xxxx', 'auth_time': 1664105271, 'user_id': 'xxx', 'sub': 'xxx', 'iat': 1664105271, 'exp': 1664108871, 'email': 'xxxx', 'email_verified': False, 'firebase': {'identities': {'email': ['xxxx']}, 'sign_in_provider': 'password'}, 'uid': 'xx'}
WARNING:root:initial generator _memcache_get_tasklet(context.py:1139) raised AssertionError(No api proxy found for service "memcache")
So, I see that the memcache layer is raising an exception.
I am NOT running tests, so I don't really understand what's going on. Also, I tried to run the local app either via python main.py and dev_appserver.py, nothing changes.
Related
I want to integrate with Apple Pay on my website using the Apple Pay JS API, but my call to Apple is failing.
We are using Firebase Functions to run our server, and Firebase Hosting to host our website.
To do this, I need to request an Apple Pay Payments Session as described in https://developer.apple.com/documentation/apple_pay_on_the_web/apple_pay_js_api/requesting_an_apple_pay_payment_session.
The way this seems to work is that I start a payments session client side on my website and configure this to call an endpoint on my server. This then calls Apple's servers with a merchant identifier certificate I've created, and I get the payments session back and return it to my website. I'm following these documentation pages:
https://developer.apple.com/documentation/apple_pay_on_the_web/apple_pay_js_api/providing_merchant_validation
https://developer.apple.com/documentation/apple_pay_on_the_web/apple_pay_js_api/requesting_an_apple_pay_payment_session
I am calling Apple like this:
const { validationUrl } = req.body
const axiosInstance = axios.create({
httpsAgent: new https.Agent({
cert: fs.readFileSync(`${__dirname}/merchantIdentity.crt.pem`),
key: fs.readFileSync(`${__dirname}/merchantIdentity.key.pem`),
rejectUnauthorized: false
})
})
const appleUrl = `https://${validationUrl}/paymentSession`
const validateMerchantData = {
merchantIdentifier: <my merchant id>,
displayName: "Mercado",
initiative: "web",
initiativeContext: process.env.CLIENT_URL.replace("https://", "")
}
const appleRes = await axiosInstance.post(appleUrl, validateMerchantData)
CLIENT_URL is the base URL of my client website
I am getting the following error at this point:
Error: getaddrinfo EAI_AGAIN https
at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:71:26)
at GetAddrInfoReqWrap.callbackTrampoline (node:internal/async_hooks:130:17)
In https://developer.apple.com/documentation/apple_pay_on_the_web/configuring_your_environment, the documentation says "You must register and verify all top-level domains and subdomains where you will display the Apple Pay button." It's not clear to me whether this means the website domain (the hosting one) or our functions domain. I have successfully registered and verified our hosting domain, but I couldn't manage to do this with the functions domain, which is the one I'm actually using to call Apple (obviously wouldn't do this from the client, and Apple specifically says not to do this.
This is because Apple calls https://<domain_name>/.well-known/some_file.txt to do the verification, but firebase functions are always of the form https://-<project_id>.cloudfunctions.net/<function_name>, so it's impossible to have an endpoint for /.well-known. My solution has been to use rewrites on my Firebase Hosting URL to call my applePay firebase function.
What could be causing the error, and how could I resolve?
PS: not interested in any answers suggesting to use something like Stripe for Apple Pay.
I have a app built with vue and firebase/firestore. I use the firebase emulator to local development and am trying to integrate my dev workflow with cypress. But i get a error in cypress that do not occur if i access the app from browser.
Firebase CLI version is 7.9.0 and Cypress version is "^3.8.0"
My npm scripts to load everything are below:
"start": "firebase emulators:exec --only firestore \"npm run dev:appandtest\"",
"dev:appandtest": "concurrently -n \"app,test\" -c \"bgYellow.black,bgWhite.black\" \"npm:dev:app\" \"npm:dev:test\"",
"dev:app": "webpack-dev-server --config build/webpack.dev.js",
"dev:test": "npx cypress open",
The local server runs on port 9000 and the firebase emulator on port 8080.
After things are running, if i access the app from a normal browser everything is fine as this screen shows.
normal
Then i tried to run a basic cypress test with this code
describe('The Home Page', function () {
it('successfully loads', function () {
cy.visit('/');
});
});
And i got the errors messages below:
[2019-12-14T15:29:24.725Z] #firebase/firestore: Firestore (6.6.2): Could not reach Cloud Firestore backend. Backend didn't respond within 10 seconds.
This typically indicates that your device does not have a healthy Internet connection at the moment. The client will operate in offline mode until it is able to successfully connect to the backend.
error.ts:166 Uncaught (in promise) FirebaseError: Failed to get document because the client is offline.
at new FirestoreError (http://localhost:9000/bundle.js:11739:149)
at Object.next (http://localhost:9000/bundle.js:16734:8)
at next (http://localhost:9000/bundle.js:16725:4704)
at http://localhost:9000/bundle.js:16430:411
I took a screenshot also:
buggy
I tried to research answers but wasn't able to find one. Thanks in advance for any help.
The solution to this problem, at least for now, is to enable experimentalForceLongPolling, like this:
// NOTE: do NOT put this in production.
firebase.firestore().settings({ experimentalForceLongPolling: true })
Important: this is an experimental feature and you should put it in some conditional checks with environment variables. You should not use this in production environment.
The reason for this is best described here:
The default behavior of Firestore's web SDK is to make use of WebChannel's streaming mode. The client makes what looks like an XHR, but then the server will hold the response open for 60 seconds and send as many server-initiated responses as it can during that time window.
The experimentalForLongPolling option forces the server to send only a single response per request.
And here:
That is the same workaround we are using in cypress. I think the underlying problem is that Cypress is intercepting all network traffic so it can monitor and sometimes mock. However, the webchannel protocol used by firestore has multiple replies over the same http request. The Cypress code cannot handle this and will only forward the first reply and ignore the rest.
In the v9 new API you can't rely on
provideFirebaseApp(() => initializeApp(environment.firebase)),
where environment.firebase includes { experimentalAutoDetectLongPolling: true }.
Instead you have to explicitly do this in the provideFirestore method.
provideFirestore(() => {
let firestore;
if (environment.useEmulators) {
// bug: experimentalAutoDetectLongPolling not picked up via `getFirestore`
const app = initializeApp(environment.firebase)
firestore = initializeFirestore(app, {
experimentalAutoDetectLongPolling: true
})
connectFirestoreEmulator(firestore, 'localhost', 8080)
} else {
firestore = getFirestore();
}
return firestore;
}),
I had a question related to Airflow v1.10.3. We recently upgraded airflow from v1.9 to v1.10.3. With the new upgrade, we are experiencing a situation where any Celery execute commands coming in from the UI are not getting queued/executed in message broker and celery workers.
Based on Celery FAQ: https://docs.celeryproject.org/en/latest/faq.html#why-is-task-delay-apply-the-worker-just-hanging, it points to authentication issue, user not having the access.
We had web authentication (Google Oauth) in place in version v1.9 using following config:
[webserver]:
authenticate = True
auth_backend = airflow.contrib.auth.backends.google_auth
[google]:
client_id = <client id>
client_secret = <secret key>
oauth_callback_route = /oauth2callback
domain = <domain_name>.com
Will the above config values still work or do we need to set the RBAC=True and provide Google Oauth credentials in webserver_config.py?
Webserver_config.py
from flask_appbuilder.security.manager import AUTH_OAUTH
AUTH_TYPE = AUTH_OAUTH
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Admin"
OAUTH_PROVIDERS = [{
'name':'google',
'whitelist': ['#yourdomain.com'], # optional
'token_key':'access_token',
'icon':'fa-google',
'remote_app': {
'base_url':'https://www.googleapis.com/oauth2/v2/',
'request_token_params':{
'scope': 'email profile'
},
'access_token_url':'https://oauth2.googleapis.com/token',
'authorize_url':'https://accounts.google.com/o/oauth2/auth',
'request_token_url': None,
'consumer_key': '<your_client_id>',
'consumer_secret': '<your_client_secret>',
}
}]
Any help is very much appreciated. Thanks.
From my experience, both will work. Of course, as they call the FAB-based UI, the "new UI", the old one will probably be killed off.
Your problem, though, doesn't sound like it has anything to do with user authentication, but celery access. It sounds like airflow and/or celery are not reading celery_result_backend or one of the other renamed options, when they should.
Search for Celery config in their UPDATING document for the full list.
My Add-on has been published and has been working for some time, and the published version available for about 3-4 weeks, available in the Add-on store for sheets. It has 8 users. School Announcements Easy works with a form and a sheet to automate the production of daily bulletins from form submissions.
One of the functions removes old submissions based on a date selected by the user. In June it stopped removing old data. Testing from the developer account shows it still works. I thought perhaps the date format was causing it to hang up, but it works regardless of date format, but not in my account at my school/workplace. Only in my developer account.
I looked in the API Console linked from Resources -> Cloud Platform Project in the code page. I have two errors:
You do not have permission to perform that action. at unknown function
With the associated Stackdriver notification:
{
insertId: "1orur8efqvxg4e"
jsonPayload: {…}
labels: {…}
logName: "projects/project-id-xxxxxxxxxxxxx/logs/script.googleapis.com%2Fconsole_logs"
receiveTimestamp: "2018-06-01T14:54:57.277315484Z"
resource: {…}
severity: "ERROR"
timestamp: "2018-06-01T14:54:56.269Z"
}
My add-on's code at bullMenu:18 is var ss = SpreadsheetApp.getActiveSpreadsheet(); This error shows up a lot!
The other error is more troubling to me:
The script does not have permission to get the active user's identity.
With the associated Stackdriver notification:
{
insertId: "g3dkpzf2htk4x"
labels: {…}
logName: "projects/project-id-xxxxxxxxxxxxxxxxxxxx/logs/script.googleapis.com%2Fconsole_logs"
receiveTimestamp: "2018-06-01T14:55:50.288011162Z"
resource: {…}
severity: "WARNING"
textPayload: "The script does not have permission to get the active user's identity."
timestamp: "2018-06-01T14:55:49.286Z"
}
To my knowledge I did not write any code that requests the user's identity.
Any clues on how to track these down would help. It seems they may be connected in some way, and only started on June 1. Prior to that, it worked great.
I did make an attempt to install FireBase and added code to the head of one of the pages as follows:
<script src="https://www.gstatic.com/firebasejs/5.0.4/firebase.js"></script>
<script>
// Initialize Firebase
var config = {
apiKey: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
authDomain: "xxxxxxxxxxxxxxxxxxxxxx.firebaseapp.com",
databaseURL: "https://xxxxxxxxxxxxxxxxxx.firebaseio.com",
projectId: "xxxxxxxxxxxxxxxxxxxxxxxxx",
storageBucket: "xxxxxxxxxxxxxxxxxxxxxxxxxx.appspot.com",
messagingSenderId: "xxxxxxxxxxxxx"
};
firebase.initializeApp(config);
</script>
It seems likely that this is the culprit, that I may be using Firebase improperly or have the wrong version. I'm adapting to writing add-ons, but FireBase is totally new to me, and seems essential.
Any ideas?
I have tried both using custom token and just firebase secret. But the same exact app works when running locally, but I cannot authenticate when running from OpenShift Node environment.
myRootRef.authWithCustomToken(firebaseSecret, function(error, authData) {
log.info('Firebase Authed');
if(error){
log.fatal('Unable to authenticate');
log.error(error);
log.info(firebaseSecret);
return;
}
Is there anything else I need to do to "bless" OpenShift - The error I get back is
{"code":"INVALID_TOKEN"}
The only thing I can think of that makes the most sense is that Open Shift is blocking the ports for Firebase communications which I believe is WebSockets