FOSUserBundle missing parameter token for password reset issue - symfony

I have a Symfony 3 CRM, but there seems to be an issue with the password resetting (for which I am using FOS User Bundle). A user can enter their email, they get the email with a link, but when they reach the page to change their password, the following error is logged:
An exception has been thrown during the rendering of a template ("Some
mandatory parameters are missing ("token") to generate a URL for route
"fos_user_resetting_reset".") in FOSUserBundle::layout.html.twig at
line 54.
So, I checked the route in the FOSUserBundle config (bearing in mind, I have not altered this file or anything within the friendsofsymfony directory):
<route id="fos_user_resetting_reset" path="/reset/{token}" methods="GET POST">
<default key="_controller">FOSUserBundle:Resetting:reset</default>
</route>
And the URL being visited:
https://crm.mysite.co.uk/resetting/reset/sAt7xPNzW4AempvzK6m2xRRN7jI058xAQjbct7GgyqI
which as you can see clearly passes a token. I've had strange issues like this before, if for example I don't pass a default value in my route (even if there's clearly a token or some other required parameter passed) but since this is a separate bundle and is in XML rather than YML I don't know how to fix this. I'm not entirely sure why it's even throwing an error?
Any help with this appreciated.

try to view inside your console the route inside your app by doing:
bin/console debug:route
In this list you can get all available url
A possibility is that you need to call only:
https://crm.mysite.co.uk/reset/sAt7xPNzW4AempvzK6m2xRRN7jI058xAQjbct7GgyqI

Related

Symfony 5.3 Mailer setup env vars not reading correctly

In a Symfony 5.3 project I am using the Mailer (..\Symfony\Component\Mailer\MailerInterface) to send mails.
For devolopment I required "symfony/google-mailer" with composer and set it up in .env.local.
Say username is "example#gmail.com" and password is "0000".
In .env.local I specified
MAILER_USER='example#gmail.com'
MAILER_PASSWORD='0000'
MAILER_DSN=gmail://MAILER_USER:MAILER_PASSWORD#default
which results in error
Failed to authenticate on SMTP server with username "MAILER_USER" using the following authenticators: "LOGIN", "PLAIN", "XOAUTH2". Authenticator "LOGIN" returned "Symfony\Component\Mailer\Exception\TransportException: Expected response code "235" but got code "535", with message "535-5.7.8 Username and Password not accepted.
As stated in the docs I changed the one special character in user name ("#") to it's URL-encoded form like
MAILER_USER='example%40gmail.com'
which then results in the error
Email "example%40gmail.com" does not comply with addr-spec of RFC 2822.
(Obviously the URL-encoding didn't work like expected (because it wasn't reversed?))
I tried to load the env vars in paramaters in services.yaml and use the parameters instead - but that lead to the first error too.
If I write the auth infos into the MAILER_DSN env var directly it just works fine without problems, like
MAILER_DSN=gmail://example#gmail.com:0000#default
So this seems to be a syntax problem which I can't figure out from the docs.
Any hints?
You should remove the single quotes and you need to wrap the env variables used in other env variables with ${} sic
MAILER_USER=example#gmail.com
MAILER_PASSWORD=0000
MAILER_DSN=gmail://${MAILER_USER}:${MAILER_PASSWORD}#default
Result:
$_SERVER['MAILER_DSN'] = "gmail://example#gmail.com:0000#default"
.env :
MAILER_DSN=smtp://username:password#smtp.gmail.com
You have to enable access to applications in google parameters (security).

"Error 404" when posting SignOutUser to Firebase

I write a code to access Firebase.
I use HTTPRequest to login, register, delete account etc.
All work well but one method - logout = SignOutUser - always returns with 404 Error, unknown URL.
Links that work with HTTPRequest:
https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=%s
https://www.googleapis.com/identitytoolkit/v3/relyingparty/signupNewUser?key=%s
https://www.googleapis.com/identitytoolkit/v3/relyingparty/deleteAccount?key=%s
(with proper API key added to the string, of course)
And the one that doesn't work:
https://www.googleapis.com/identitytoolkit/v3/relyingparty/signOutUser?key=%s
What can be the problem? Can it be fixed?
Is there any other way to logout a user?
I write the code in gdscript, but I tried it via web code too, same result.
Thank you in advance!

Presto custom PasswordAuthenticator plugin for coordinator authentication is not triggered

I created a presto custom password authenticator plugin (internal) by making a copy of the LDAP plugin and modifying it. You can see that code here: https://github.com/prestodb/presto/tree/master/presto-password-authenticators/src/main/java/com/facebook/presto/password.
I created copies of the Authenticator, AuthenticatorFactory, and the config, and modified them to basically just take a user/password from the config and to only allow that user in. I also put the new class in the PasswordAuthenticatorPlugin registration code.
I can see the plugin loading when presto is started, but it doesn't appear to do anything despite no errors being present. What am I missing?
Note: I had already found a solution to this, I'm just recording it on SO as I originally came here and found no help.
To make a custom password plugin work, you actually need HTTPS enabled for communication with the coordinator. You can actually see this recommendation at the bottom of their documentation:
https://prestodb.github.io/docs/current/develop/password-authenticator.html
Additionally, the coordinator must be configured to use password authentication and have HTTPS enabled.
So, the steps to make it work are:
Make sure your main config.properties has "http-server.authentication.type=PASSWORD".
Make sure you add a password-authenticator.properties next to config properties with content like the sample in the link above. But make sure you use your string from your authenticator as the name, and that you add your configuration properties instead (user name and password).
Set up a JKS store or a real certificate (some instructions here from Presto for JKS: https://prestodb.github.io/docs/current/security/tls.html).
Add SSL config to your config.properties.
http-server.https.enabled=true
http-server.https.port=8443
http-server.https.keystore.path=/etc/presto-keystore/keystore.jks
http-server.https.keystore.key=password123
Set up your JDBC driver to use the same key store.
I wrote up a blog on it with a bit more detail as well if any of that doesn't make sense. But after doing all this, you should find that it does require a password and it does enforce your plugin.
https://coding-stream-of-consciousness.com/2019/06/18/presto-custom-password-authentication-plugin-internal/

Gravity Forms API always 401

I am trying to use the gravity forms rest api, https://www.gravityhelp.com/documentation/article/web-api/ but I receive a 401 error no matter what I try. I've tried using all the methods listed in the documentation and in Steven Henty's article, https://www.stevenhenty.com/gravity-forms-api/ but it doesn't seem to work.
If I am logged into a wordpress site as administrator should I not be able to use a link like:
http://mydomain/gravityformsapi/forms/
Thank you for any suggestions.
For mine case it was that I haven't clicked the update button "Web API" Tab.
Make sure you click update button , although it does show the API Key's but still you have to click update button to enable API.
I was getting the same thing due to some weirdness about the route endpoint. When calculating the signature you don't use a trailing slash on the route: forms/1.
But you do use a trailing slash in the URL (otherwise I got a 301 Moved Permanently):
http://demo.gravityforms.com/gravityformsapi/the_route/?api_key...
It looks odd to have /?api_key... but that is what works for me.
Here's the ruby example I was using with the demo credentials:
GravityFormsAPI.generate_URL(site: 'demo.gravityforms.com', route: 'forms/1', public_api_key: '5b225f8382', private_api_key: 'fc6d1bc71d2ebfc')
Hope this helps.
Sometimes i received intermittent 401 error after a lot of research i find this article
Azure DocumentDB Intermittent 401 error when querying REST API via Obj-c
If the signature contains + sign i received 401 error
Maybe that help other person
Sorry for my english writing
Based on the solution here I'm posting this answer.Imagine you have created the URL and it didn't work and you got 401. Then after a little time you realized the error that Opps! The parameters I was passing needed a bracket and you run the code again and you again got 401.
Why is that?
This is because the parameters which are apiKey, Signature and Expire time are the same and you only changed the other parameters with your GET request. However these three parameters are used to authenticate the user so that means the old signature which was generated to deny the permission will deny it again no matter what.
So to fix that I just changed the expire time from 1577922200 to 1577933200. I could've changed it to anything but the thing is I just need to give something new so that a new signature can be generated. So when I changed it started working.
OTHER POSSIBLE REASONWhile making the signature using SHA1 you use NSString *string_to_sign = [NSString stringWithFormat:#"%#:%#:%#:%#",api_key,http_method,route,expires];
as per the documentation. But in order to make CCHmac you have to pass it two things:
Key
Data
and based on the link it is created as
const char *cKey = [api_private_key cStringUsingEncoding:NSASCIIStringEncoding];
const char *cData = [string_to_sign cStringUsingEncoding:NSASCIIStringEncoding];
So what I was mistaking is that I was using API Key in cKey instead of API Private Key. So I change it as per tutorial said and it worked. Otherwise I was getting 401 not matter what I try.

Error During PingFederate Agentless Sequence

Some of our users are encountering the following error page during the sequence of redirects after authenticating at their IdP.
"Unexpected exception occurred in Response Handling: null"
Partner: ...
Target: ...
This is what I believe is the corresponding info from the the server log.
2015-07-16 07:48:53,458 DEBUG [com.pingidentity.jgroups.MuxInvocationHandler] invocation of saveState on InterReqStateMgmtMapImpl state map size:215 attributes map size4 w/args: [ZkyN3LwNSjurZyfIewu1Kgjbgl7HrB, State(1437050933419){
inMsgCtx=null
outMsgCtx=OutMessageContext
XML: <samlp:AuthnRequest Version="2.0" ID="E6_0yldGrt0iqNKfUpArog6DG8G" IssueInstant="2015-07-16T12:48:53.419Z" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">#issuer%</saml:Issuer>
<samlp:NameIDPolicy AllowCreate="true"/>
</samlp:AuthnRequest>
entityId: <Id> (IDP)
Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
relayState: ZkyN3LwNSjurZyfIewu1Kgjbgl7HrB
Endpoint: <endpoint>
SignaturePolicy: DO_NOT_SIGN
parameters=null}] returned null
Is there an obvious place to look for more details? This happens for around 10% of our users and seems to follow them from device to device.
I figured out what the issue was. We are using account linking using the SAML Subject from the IdP. It turned out that a number of accounts at the IdP didn't have the LDAP attribute mapped to the NameID populated. So we were receiving SAML assertions without any data in the Subject.
Understanding where to look is the key. The audit.log file shows a general "failure". Then you look up corresponding activity details in the server.log file. Then you examine the corresponding SAML assertion in the log to determine what the problem was. The difficult part is noticing omissions in the data. That's harder for the eye/brain to catch imho.
It would be useful if we had an option for directing users to a custom page rather than a Ping-specific error page when this occurs.

Resources