I have an appmaker app that used to send emails. However, my users objected to the permissions required for this feature, so I removed it. However, the "Send email as you" permission is still being requested and I can't seem to get rid of it.
I did the following:
deleted (not just commented out) all references to MailApp I was able to find via the search bar
exported my code and searched for Mail just in case I missed anything above
removed mailto: links, in desperation
pubished to a new deployment to verify the permissions required
I can see in the deployment that "https://www.googleapis.com/auth/script.send_mail" is being requested, which is undesirable. However, I can't edit it, and I can't see why it's being requested.
No matter what I do, I keep seeing "Send email as you" being requested. Am I missing something?
I never solved this problem, but I worked around it by running as developer instead of as user. While doing so, I noticed that I had an old trigger installed. It's possible/likely that old trigger was an email trigger, so perhaps the trigger was what caused the email permission. I'll never know for sure since the trigger was deleted.
Related
so I have recently implemented a reset password feature in my App, which sends a email to the user with the reset password link. Something looking like this
https://myfirebaseapp.firebaseapp.com/__/auth/action?mode=resetPassword&oobCode=XXXX&apiKey=XXXX&lang=en
But then when I click on this link, the page freezes up and doesn't load at all. So then I thought maybe its caused due to API Restrictions to allow only certain domains which I preconfigure. So I went to fix it by adding the websites to the allowed sections in the "edit API key " section. But it still doesn't work. So is there any other setting that I need to change or add?:
Please include https://<app-name>.firebaseapp.com as well.
This is not a technical question at all but for some weird reason your support insisted I post this question on SO...
So anyways, I would like to change the email address of my account. I do not have access to the current email address anymore. I could just go ahead and create a new account, but wanna avoid the hassle of updating API keys, etc.
I tried doing it in https://account.here.com/ but there is an error "Unauthorized" when pressing submit.
How can I do this?
Turns out there was already an account using the email I was trying to use. A more meaningful error message would have avoided all this confusion.
I've got the error above in my Joomla website when I either try to log in or create a new account from the side site. I have also noticed the two following things:
if I create a new user from the backend, this doesn't appear in the _users table;
a file named ".myjoomla.configuration.php.md5", containing an alphanumeric string, is automatically generated in the website root every time I try to log in vainly from the frontend. Besides, it turns up again if I remove it manually through FTP.
Did my website get hacked? How could I fix it?
".myjoomla.configuration.php.md5" contains the md5 hash of the configuration.php file and appears on your site as part of the mySites.guru service you either subscribed to or trialled. It is part of the near-realtime alerting service which detects when configuration.php has been changed and alerts you if you are a paying subscriber of the mySites.guru service. It is NOT an indication of a hack at all.
Disclaimer: It is code I wrote and a service I run, so I know what Im talking about.
Not being able to create users - Im guessing you have Admin Tools or RSFirewall installed and configured, both these products stop users being created IF configured that way.
Token issues: These are well covered in Joomla documentation and forums. They are CSRF tokens and if yours is not validating then try NOT double clicking the buttons, check your session handlers are working, and check your cookies are working as expected
Nothing you say leads me to believe your site is hacked
The issue I've encountered was about the Joomla native Login module. As I published it in all the pages of my website and clicked on the login link appeared on the frontend side, I was redirected to a link that looked like
mysite.com/index.php/component/users/?view=login&Itemid=yourid
which displayed the login page correctly. Yet, once filled in the form and submitted it, the warning message in question popped out. The same problem occurred when either trying to register a new account or reset the password.
Although I couldn't find an explanation to the issue, I managed to fix it by creating a Login, Reset and Registration menu items under the main menu and then hidden them as I didn't want them to show up among the other menu items on the frontend.
Went back to the frontend and clicked on login, I was now redirected to a different url that looks like
mysite.com/login
where "login" is the alias that I had chosen for the Login menu item.
After having filled in the form and submitted it, I was able to log in successfully. Likewise, Registration and Reset operations worked.
I've been asked if there's any way I can link to a resource on a site without making that resource visible via an external link.
The client wants a price list only available via a link on a page on the site itself. Is this possible?
Well, the link will be visible, but if it's a link to something nobody else is authorized to see then only authorized users would be able to see it.
For example, you might link to something which requires authentication. When anybody clicks on that link, they're prompted for that authentication and are validated before the content is returned to them. If only this particular client is authorized, nobody else would see the content.
You might even link to a URI which is only physically accessible by that particular client. For example, a file on that client's machine. Something like this, for example:
click here
Only that client has that file, so the link would fail for anybody else.
Either way, the link isn't the issue. The access to the resource being linked to is the issue. As long as that access is protected, nobody else can see it.
Of course, as an added UX concern you might also conditionally only display the link if that same authorization is available. You'd still want to protect the resource itself, since otherwise it would just be "security through obscurity", but you should also really only show the link if the user is expected to be able to access it.
Strangely, I can 'arc list' and it's okay, all my work shows up and it seems to be me.
When I 'arc land', it shows up in the commit as being applied by 'admin'
I might have generated the wrong certificate when setting it up, but re-doing it didn't work. Besides, shouldn't arc list fail?
I tried disabling the admin account, and it still applied the diff as admin. My commits appear with a dot next to them because they were applied by a disabled account.
one is set up with mymail#example.com, the other mymail+phabricator#example.com. I would try manually editing the email address to something totally different, but Phabricator doesn't seem to have the option.
Does anyone have any ideas what I could try?
Phabricator links commits based on the email address, username, and real name, roughly in order. My guess is that your local Git is configured to commit as Some User <mymail#example.com>, so when the commit is parsed by Phabricator it looks for the user with that address and finds admin. Note that the author, committer and pusher of a commit can all be different (at least, in Git).
The easiest fixes are probably:
Delete the admin account completely (you can do this from the "People" application); or
log in as the admin account and change its email address in Settings.