This question already has an answer here:
Is there a way to update the headers in one feature file and use the Auth token from Karate.config.js?
(1 answer)
Closed 1 year ago.
Using Karate I need to upload some files to Gitlab but I am not successful. I have no idea how to handle credentials to be able to connect to the Git lab. I have tried to use this:
Given url 'https://gitlab.xxxx.xxxxx.com/projectX/client-data-service'
And multipart file file = { read: 'test.jpg', filename:'test.jpg', contentType: 'image/jpg' }
When method post
Then status 200
Then I have tried to use login to gitlab via driver in the beginning (to be logged in):
Given driver 'https://gitlab.xxxx.xxxxx.com/users/sign_in'
* retry().input('input[id=user_login]', 'user#user.xx')
* retry().input('input[id=user_password]', '12345')
* retry().click('input[name=commit]')
* delay(3000);
Given driver 'https://gitlab.xxxx.xxxxx.com/projectX/client-data-service'
* delay(3000);
Given url 'https://gitlab.xxxx.xxxxx.com/projectX/client-data-service'
And multipart file file = { read: 'test.jpg', filename:'test.jpg', contentType: 'image/jpg' }
When method post
Then status 200
but I still receive information about permission problem:
<div class="container">
<h3>The page could not be found or you don't have permission to view it.</h3>
<hr />
<p>The resource that you are attempting to access does not exist or you don't have the necessary permissions to view it.</p>
<p>Make sure the address is correct and that the page hasn't moved.</p>
<p>Please contact your GitLab administrator if you think this is a mistake.</p>
Go back
</div>
Could you have some idea to be successful with uploading file(s) to Gitlab/Github with permission? Thank you!
I suggest the API. You have to understand how to pass GitLab credentials by reading the docs here: https://docs.gitlab.com/ee/api/README.html#authentication
I'm sorry I can't help more than that. Note that there are examples of auth and even OAuth in the demos. Maybe you just need to add a header with the private / access-token. Try getting a cURL command to work first, and then porting that to Karate should be easy.
Related
Background
I am working on a custom theme for my WordPress site which I would like to manage from a private GitHub repo. (This theme will never be pushed into the WordPress market place) The general idea would be that I use the repo to manage the code and then once I tag a new version, the tag would trigger an update for the WordPress theme.
I have this pattern working using the following as a template:
https://github.com/krafit/wp-gitlab-updater
(Yes, I know the repo is for Gitlab and not GitHub)
Since my repo is private, I will need to generate a user token to allow the theme to be updated. And because the user token is capable of accessing all my private repos, the idea of sharing the user token with another plugin is discomforting from a security standpoint. (Meaning, I'm uncomfortable using a plugin like: https://github.com/afragen/git-updater)
Question
The problem is that GitHub has deprecated the use of access_token as a query string parameter, so all tokens must be sent over as an Authorization header.
How do I add an authorization header to the request WordPress sends to download the artifact?
What I've Tried
When I check for new tags I use the code:
protected function fetch_tags_from_repo( $git_url, $repo, $access_token ) {
$request_url = "$git_url/repos/$repo/tags?access_token=$access_token";
$args = [
"headers" => [
"Accept" => "application/vnd.github.v3+json",
"Authorization" => "token " . $access_token
]
];
$request = wp_safe_remote_get( $request_url, $args );
return $request;
}
This works without any issues. However...
During the pre_set_site_transient_update_themes hook I return an object that looks like:
$transient->response[ $theme['name'] ]['theme'] = $theme['name'];
$transient->response[ $theme['name'] ]['new_version'] = $latest_version;
$transient->response[ $theme['name'] ]['package'] = $theme_package;
The problem is, I have no way of adding an Authorization header to the transient response object. Therefore, when WP later tries to download the artifact, it fails.
Note: The $theme_package string is a URL which looks like:
$theme_package = "$git_url/repos/$repo/zipball/refs/tags/$latest_version";
Any support appreciated, thank you!
Honestly, this problem has been exhausting and enough is enough...
Answer
Eject from GitHub and use Gitlab because they still support access_token as a header. They have unlimited free private repos <5gb storage.
If you are planning to distribute the private repo with a license I recommend you not to expose your access credentials in the script.
Instead you should use the GitHub PHP API together with a SSH Key that you setup in your repo settings or a GitHub App with access permission granted on your repo.
Here is a solid SDK to start from:
https://github.com/KnpLabs/php-github-api
Alternatively as you suggested it in your answer, a third party service could be used to manage the credentials on your behalf.
Gitlab is a nice generic and low cost option but if you are looking for something dedicated to Wordpress development I recommend WP Package Editor (WP2E)
Among other things the service uses a registered GitHub App to pull the latest version from public / private GitHub repositories:
https://github.com/marketplace/wp-package-editor
This is quoted from the documentation regarding how it is implemented with GitHub:
For a script to be successfully imported to the library of repositories and later be synchronized as an installer dependency there are 4 conditions :
The GitHub App must be connected to a WP2E account
The “read-only” access to the repository must be granted to the WP2E GitHub App
The script must be a valid WP theme or plugin
The repository must have at least one “release” on GitHub
Note: In order to synchronize with the GitHub account/repo the GitHub App should be integrated via the saas panel ( not directly via the GitHub Marketplace )
I'm using a free plan of firebase storage. All working good but the image not loading on my flutter web.
I'm getting this error.
Access to XMLHttpRequest at 'https://firebasestorage.googleapis.com/v0/b/sap-app-8318e.appspot.com/o/cover%2Fimage_cropper_028D7F16-0161-4E90-B40D-EE47D310F322-5339-000003697F67306C.jpg?alt=media&token=313475a9-9728-4e61-97da-f5d5534bb008' from origin 'https://sap.nextcardpro.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
firebasestorage.googleapis.com/v0/b/sap-app-8318e.appspot.com/o/cover%2Fimage_cropper_028D7F16-0161-4E90-B40D-EE47D310F322-5339-000003697F67306C.jpg?alt=media&token=313475a9-9728-4e61-97da-f5d5534bb008:1
I searched on google everyone told need to allow CORS Access from firebase, but how can I have to add it. but how can I add it to my free firebase plan?
[
{
"origin": ["*"],
"responseHeader": ["Content-Type"],
"method": ["GET", "HEAD", "DELETE"],
"maxAgeSeconds": 3600
}
]
Finally, solve by this post after 2 days of google search.
https://bitmovin.com/docs/encoding/faqs/how-do-i-set-up-cors-for-my-google-cloud-storage-bucket
Answer from above link:
If you already familiar with Google Cloud Services and Tools, like gcloud and/or gsutil, you can also checkout Google's documentation about CORS.
Login to your google cloud console: https://console.cloud.google.com/home. Click on "Activate Google Cloud Shell" in the upper right corner (see picture below):
At the bottom of your window, a shell terminal will be shown, where gcloud and gsutil are already available. Execute the command shown below. It creates a json-file which is needed to setup the cors-configuration for your bucket. This configuration will allow every domain to access your bucket using XHR-Requests in the browser: echo '[{"origin": ["*"],"responseHeader": ["Content-Type"],"method": ["GET", "HEAD"],"maxAgeSeconds": 3600}]' > cors-config.json
If you want to restrict the access one or more specific domains, add their URL to the array, e.g.: echo '[{"origin": ["https://yourdomain.com", "http://localhost:*"],"responseHeader": ["Content-Type"],"method": ["GET", "HEAD"],"maxAgeSeconds": 3600}]' > cors-config.json
(localhost is also added to access resources while developing, based on your needs).
Replace YOUR_BUCKET_NAME with your actual bucket name in the following command to update the cors-settings from your bucket gsutil cors set cors-config.json gs://YOUR_BUCKET_NAME
To check if everything worked as expected, you can get the cors-settings of a bucket with the following command: gsutil cors get gs://YOUR_BUCKET_NAME
You can find the bucket ID in the Storage panel of your project's Firebase Console:
Storage Panel of the Firebase Console
It's the value starting with gs://.
I had a similar problem and as always, it took me few hours to fix but the solution is as always simple and easy.
When you run this command flutter run -d chrome --web-renderer canvaskit --no-sound-null-safety app will run and everything works fine and pixel-perfect but sadly network images failed to load. When you inspect the app look into console you will see this beautiful error
(Blocked by CORS policy) : No ‘Access-Control: Allow-Origin’ header is present on the requested resource.
What is CORS?
CORS stands for (Cross-Origin-Resource-Sharing). CORS is a browser security feature that restricts Cross-origin HTTP requests that are initiated from scripts running in the browser.
Now how to fix CORS issue? And displaying images from any other domain or from Firebase Storage. The answer is very simple follow me with the steps below
Open the GCP console you will see the screen below
Now select your project and click on the dashboard Button.
Start a cloud terminal by clicking the >_ icon button in the top navbar as you can see in the below image
Click on the open editor button and (wait for few seconds)
Now click on 3 (...) dot and create new file and named it cors.json like you can see in the below image
Copy and paste the this code
[ { "origin": ["*"], "method": ["GET"], "maxAgeSeconds": 3600 } ]
In the code you notice i set the origin * which means that every website can display your images. But you can also insert the domain of your website there to restrict the access.
Now run the command : gsutil cors set cors.json gs://your-bucket When you run gsutil cors set cors.json gs://your-bucket you will get beautiful error (‘gsutil ServiceException: 401 Anonymous caller does not have storage.objects.list access to bucket’) it’s mean you need to login first.
Run this command gcloud auth login and login into gcloud
Now again run this command gsutil cors set cors.json gs://your-bucket
if you want to read more about CORS: https://cloud.google.com/storage/docs/configuring-cors
If somebody has a problem with installing gsutil. It will not work with python 3.10 which is the most recent one. You have to install a previous one, which version number starts with 3.7
like this one:
download python 3.7.9
Official Firebase Storage answer can be found here. May be useful if the answer ever changes. As of April 2022, it's basically the same as Feroz's answer.
Below issue was posted by me on https://github.com/XiaoFaye/WooCommerce.NET/issues/414 but since this may not be related at all to WooCommerce.Net but on a lowerlevel to Apache/Word/WooCommerc itself I am posting the same question here
I am really stuck with the famous error:
WebException: {"code":"woocommerce_rest_authentication_error","message":"Invalid signature - provided signature does not match.","data":{"status":401}}
FYI:
I have two wordpress instance running. One on my local machine and one on a remote server. The remote server is, as my local machine, in our company's LAN
I am running WAMP on both machines to run Apache and host Wordpress on port 80
The error ONLY occurs when trying to call the Rest api on the remote server. Connecting to the local rest api, the Rest Api/WooCommerceNet is working like a charm :-)
From my local browser I can login to the remote WooCommerce instance without any problem
On the remote server I have defined WP_SITEURL as 'http://[ip address]/webshop/ and WP_HOME as 'http://[ip address]/webshopin wp-config.php
Calling the api url (http://[ip address]/webshop/wp-json/wc/v3/) from my local browser works OK. I get the normal JSON response
Authentication is done through the WooCommerce.Net wrapper which only requires a consumer key, consumer secret and the api url. I am sure I am using the right consumer key and secret and the proper api url http://[ip address]/webshop/wp-json/wc/v3/ (see previous bullet)
I already played around with the authorizedHeader variable (true/false) when instantiating a WooCommerce RestApi but this has no effect
Is there anybody that can point me into the direction of a solution?
Your help will be much appreciated!
In my case, the problem was in my url adress. The URL Adress had two // begin wp-json
Url Before the solution: http://localhost:8080/wordpress//wp-json/wc/v3/
URL Now, and works ok: http://localhost:8080/wordpress/wp-json/wc/v3/
I use with this sentence.
RestAPI rest = new RestAPI(cUrlApi, Funciones.CK, Funciones.CS,false);
WCObject wc = new WCObject(rest);
var lstWooCategorias = await wc.Category.GetAll();
I hope my answer helps you.
Had the same issue. My fault was to define my url incorrect: http:// instead of https://.
I am using saltstack state script to create a jar from BitBucket and upload the jar to Artifactory. When uploading to Artifactory I see an authorization error. I am not sure if this is the right approach to achieve the upload to Artifactory.
I tried using CURL to achieve upload. I need to provide -u myUser:myPassword along the CURL command for it to work. I cannot provide the credentials in my salt state scripts. I am looking for a better option to achieve the upload without using login credentials. How to upload artifacts to artifactory using saltstack?
curl -X PUT -T /tmp/Batch.jar http://artifactory/artifactory/Batch.jar
Error:
stdout:
{
\"errors\" : [ {
\"status\" : 401,
\"message\" : \"Unauthorized\"
} ]
}
I've run into this sort of thing a couple of times. The easiest solution is to write a small salt execution module to do this work. This way you can store the artifactory credentials as pillar data and use the normal python requests or salt http helpers to make the web requests.
Looks like salt stack provides a module for artifactory alread: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.artifactory.html
It may not do exactly what you're looking for, but you could definitely extend it: https://github.com/saltstack/salt/blob/develop/salt/modules/artifactory.py
The saltstack docs for writing execution modules can be here:
https://docs.saltstack.com/en/latest/ref/modules/
According to Artifactory documentation, the REST API supports these forms of authentication:
Basic authentication using your username and password
[Simplest] Basic authentication using your username and API Key.
Using a dedicated header (X-JFrog-Art-Api) with your API Key.
Using an access token instead of a password for basic authentication.
[Recommended] Using an access token as a bearer token in an authorization header
(Authorization: Bearer) with your access token.
You will have to choose one of the above.
I have Asterisk server with Freeradius server on the same machine and trying to authenticate with Radius if a user can make a call or not but I am getting an error while calling that is:
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Is there something that I am missing in one of Radius files that I have to add?
The issue is that no module in the authorize section of your virtual server has taken responsibility for processing the request.
You should remove the contents of the authorize section, and list the following modules:
authorize {
pap
chap
mschap
digest
eap
}
You should then run the server in debug mode radiusd -X to see which module is taking responsibility for the request (you'll see one returns ok or updated where the others return noop). We'll call this the auth module
Once you've figured out which module will take responsibility for the request you'll need to provide a suitably hashed password.
Here are the password hashes that will work with the different modules.
pap - any
chap - Cleartext-Password, CHAP-Password
mschap - Cleartext-Password, NT-Password
digest - Cleartext-Password, Digest-HA1
eap - Depends on inner method (respond to this answer and I can give further guidance).
For testing you can put the password in a flat file local to the server. The module which deals with these flat files is the files module.
To add entries to the users file, first truncate /etc/raddb/users (alter for your installation).
Then add the following entry to the top:
<username> <password attr> := <password>
With values in <> replaced with the real values.
Remove the unused modules in authorize, and add the files module at the top.
authorize {
files
<auth module>
}
Then remove all the modules from authenticate and add the <auth module>
authenticate {
<auth module>
}
That should give you up and running. If no modules take responsibility for the request, please post the list of attributes in the request from the top of the debug output, and i'll help you identify it.
You need configure your radius to add missing headers
You can enabled full debug on radius server, it will show you all packets radius server get.
Freeradius allow add any header into packet on any stage, see doc.