I've seen several examples of onCreateUser for manually registering a user and from what I can tell all of my code appears OK, but I continue to receive the Signups forbidden [403] error upon creation. I've also looked at the documentation as per http://docs.meteor.com/#/full/accounts_createuser. Thanks everyone for your help.
Here's what I have: ROOT>client>registration.js
Template.registrationStep2.events({
'submit form': function(e, template) {
e.preventDefault();
var institutionID = template.find('#institutionID').value;
var institutionRole = template.find('#institutionRole').value;
var institutionName = template.find('#institutionName').value;
var login = template.find('#login').value;
var firstName = template.find('#firstName').value;
var lastName = template.find('#lastName').value;
var email = template.find('#email').value;
var password = template.find('#password').value;
var profile = {
firstName: firstName,
lastName: lastName,
role: institutionRole,
institutionID: institutionID
}
Accounts.createUser({
username: login,
email: email,
password: password,
profile: profile
}, function(error){
if (error){
Meteor.log.error("Error Creating User", error);
} else {
Session.set("flashType", "success");
Session.set("flashMessage", "Your account has been created.");
Router.go('registrationComplete');
}
});
} else {
// alert("Need institution");
$('#needInstitutionModal').modal('show');
}
}
});
I have accounts-password and accounts-ui installed and updated to the latest versions.
No matter what I do I receive this error:
I20150709-13:43:17.545(-5)? (13:43:17) [ERROR] - Object:
I20150709-13:43:17.546(-5)? {
I20150709-13:43:17.546(-5)? "time": "2015-07-09T18:43:17.543Z",
I20150709-13:43:17.546(-5)? "level": "ERROR",
I20150709-13:43:17.546(-5)? "message": "Error Creating User",
I20150709-13:43:17.546(-5)? "userId": null,
I20150709-13:43:17.546(-5)? "additional": {
I20150709-13:43:17.546(-5)? "error": 403,
I20150709-13:43:17.546(-5)? "reason": "Signups forbidden",
I20150709-13:43:17.546(-5)? "message": "Signups forbidden [403]",
I20150709-13:43:17.547(-5)? "errorType": "Meteor.Error"
I20150709-13:43:17.547(-5)? }
I20150709-13:43:17.547(-5)? }
Figured it out.
In order to do this I had to move the Accounts.createUser function to the server side (server.js side in server folder) and call it as a Meteor.method call.
Related
I have written this code to signup:
actions: {
signup({ commit, dispatch }, formData) {
axios
.post('accounts:signUp?key=XXXXXXXXXXXX', {
email: formData.email,
password: formData.password,
returnSecureToken: true
})
.then(res => {
commit('userData', {
token: res.data.idToken,
userId: res.data.localId
});
dispatch('storeUserInfo', formData);
console.log(res);
})
.catch(error => {
alert(error.code);
alert(error.message);
});
},
My aim is to display the exact error which is returned by Firebase like
EMAIL_NOT_FOUND: There is no user record corresponding to this
identifier. The user may have been deleted. INVALID_PASSWORD: The
password is invalid or the user does not have a password.
USER_DISABLED: The user account has been disabled by an administrator
With this code every time it returns: Request failed with status code 400
In the response I can see the message like:
{
"error": {
"code": 400,
"message": "EMAIL_NOT_FOUND",
"errors": [
{
"message": "EMAIL_NOT_FOUND",
"domain": "global",
"reason": "invalid"
}
]
}
}
By doing
.catch(error => {
console.log(error.response.data.error.message);
});
You will be able to get the error message, e.g. "EMAIL_NOT_FOUND". It's then up to you to map it to the textual message (i.e. "There is no user record corresponding to this identifier. The user may have been deleted.").
For more details, see the Axios documentation on Errors Handling: https://github.com/axios/axios#handling-errors
One extra note: The error messages you use as examples in your question don't correspond to accounts:signUp but to accounts:signInWithPassword
I am writing an API that sends an firebase message (using the official FirebaseAdmin library) when requested to a android device. I got it working perfect in normal C#, but in ASP.NET core I always get a 404 not found exception.
Response status code does not indicate success: 404 (NotFound)
{
"error": {
"code": 404,
"message": "Requested entity was not found.",
"errors": [
{
"message": "Requested entity was not found.",
"domain": "global",
"reason": "notFound"
}
],
"status": "NOT_FOUND"
}
}
I run the following code at startup:
if (FirebaseApp.DefaultInstance == null)
{
FirebaseApp.Create(new AppOptions
{
Credential = GoogleCredential.FromFile($#"{env.WebRootPath}\app-5a821-firebase-adminsdk-pf36f-6f44114d87.json")
});
}
And this is the request that I made, very simple:
[HttpGet]
public async Task<ActionResult<IEnumerable<string>>> Get()
{
var message = new Message
{
Token = "dgY8UMXhEZ4:APA91bFnrZTGJKkCCBJHzbghvsvEaq-w-ee1XBAVqAaS-rsmR3Ald23rHGgpfdgVb09r97jDQBVSc6GtDHWtLHWAnn4Lm3EM_j-sh7cu-RaRSrfnk3X124v4co3Q9ID6TxFdGgv7OXWt",
Data = new Dictionary<string, string>
{
{"title", "test" }
}
};
try
{
var fcmResult = await FirebaseMessaging.DefaultInstance.SendAsync(message);
} catch (FirebaseException ex)
{
}
return new string[] { "value1", "value2" };
}
Github test project: https://github.com/kevingoos/FirebaseAdminTest
Solved problem: https://github.com/firebase/firebase-admin-dotnet/issues/73
This happens when the token is invalid/expired or does not belong to the same project as the credentials used to initialize the Admin SDK.
Just getting started with Firebase phone auth. Seems pretty slick however I've hit a wall with a bug.
{
"error": {
"errors": [
{
"domain": "global",
"reason": "invalid",
"message": "SESSION_EXPIRED"
}
],
"code": 400,
"message": "SESSION_EXPIRED"
}
}
Starting with the Captcha: (standard documentation code!)
var applicationVerifier = new firebase.auth.RecaptchaVerifier('recaptcha-container', {
'size': 'invisible',
'callback': function(response) {
},
'expired-callback': function() {
}
});
Its rendered and the captcha works well.
Next is the sign-in bit where you are sent the auth code to your phone. Works great:
$scope.signInWithPhoneNumber = function signInWithPhoneNumber() {
var phoneNumber = "*censored*";
var appVerifier = window.recaptchaVerifier;
firebase.auth().signInWithPhoneNumber(phoneNumber, applicationVerifier)
.then(function (confirmationResult) {
// SMS sent. Prompt user to type the code from the message, then sign the
// user in with confirmationResult.confirm(code).
window.confirmationResult = confirmationResult;
$scope.setConfirmationResult(confirmationResult);
alert('Result: ' + JSON.stringify(confirmationResult));
}).catch(function (error) {
// Error; SMS not sent
alert('Error: ' + error);
// ...
});
};
Finally its the authentication of the code that the user inputs from the text message. Here is when I get the error 400:
$scope.AuthenticateCode = function (code) {
var code = String(document.getElementById("auth_code").value);
var confirmationResult = $scope.getConfirmationResult();
alert(code);
confirmationResult.confirm(code).then(function (result) {
// User signed in successfully.
var user = result.user;
console.log('Signed In! ' + JSON.stringify(user));
// ...
}).catch(function (error) {
// User couldn't sign in (bad verification code?)
// ...
});
}//end of AuthenticateCode
The error is coming from the VerifyPhone method:
https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPhoneNumber?key=censored
Any help or ideas?
Many Thanks,
Kieran
Ok, there are 2 likely reasons:
The code expired. The user took too long to provide the SMS code and finish sign in.
The code was already successfully used. I think this is the likely reason. You need to get a new verificationId in that case. Get a new reCAPTCHA token via the invisible reCAPTCHA you are using.
You are most likely to forget the "Country Code" before the phone no.
That is why firebase throw error 400 which means invalid parameters
If it's an Ionic3 project, change the following lines:
Imports:
import { AngularFireAuth } from 'angularfire2/auth';
import firebase from 'firebase';
Create var:
public recaptchaVerifier: firebase.auth.RecaptchaVerifier;
on "ionViewDidLoad()"
this.recaptchaVerifier = new firebase.auth.RecaptchaVerifier('recaptcha-container');
on "your_method(phoneNumber: number)"
const appVerifier = this.recaptchaVerifier;
const phoneNumberString = "+" + phoneNumber;
this.fireAuth.auth.signInWithPhoneNumber(phoneNumberString, appVerifier)
.then(confirmationResult => {
// SMS sent. Prompt user to type the code from the message, then sign the
// user in with confirmationResult.confirm(code).
let prompt = this.alertCtrl.create({
title: 'Enter the Confirmation code',
inputs: [{ name: 'confirmationCode', placeholder: 'Confirmation Code' }],
buttons: [
{
text: 'Cancel',
handler: data => { console.log('Cancel clicked'); }
},
{
text: 'Send',
handler: data => {
confirmationResult.confirm(data.confirmationCode)
.then(result => {
// Phone number confirmed
}).catch(error => {
// Invalid
console.log(error);
});
}
}
]
});
prompt.present();
})
.catch(error => {
console.error("SMS not sent", error);
});
Reference:
Firebase Phone Number Authentication
I got into a similar situation when a POST request to google API was returning Bad Request 400. When the message was logged, it said:
All requests from this device are blocked due to Unusual Activity. Please try again later
The issue was when the ReCaptcha was sensing a bot out of my development environment and it worked well when I tried later. During the rest of the development, I turned off this feature for easy work.
I am trying to upload files using edgee:slingshot, but I have several errors. I have did everything as described in github page. This is my settings on server:
Slingshot.GoogleCloud.directiveDefault.GoogleSecretKey = Assets.getText('google-cloud-service-key.pem');
Slingshot.createDirective("myFileUploads", Slingshot.GoogleCloud, {
bucket: 'dossum-app',
GoogleAccessId: "GOOGXXXX",
GoogleSecretKey: "qZEsLZ/NiXXXXXXXXXXXXUW8NVjSvRb8SgdxXXXXX2",
acl: 'bucket-owner-full-control',
authorize: function() {
if (!this.userId) {
var message = 'Please login before posting file';
throw new Meteor.Error('Login Required', message);
}
return true;
},
key: function(file) {
var user = Meteor.users.findOne(this.userId);
return user.username + '/' + file.name;
}
});
And this is cors.json:
[{"origin": ["http://localhost:3000", "http://qnekt.zehinz.com"], "responseHeader": ["Origin", "Accept", "X-Requested-With", "Authorization", "Content-Type", "Content-Length", "Accept-Encoding", "X-CSRF-Token"], "method": ["GET", "HEAD", "DELETE", "PUT", "POST", "HEAD"], "maxAgeSeconds": 3600}]
If I run with above configuration I get this error without any details: {error: 500, reason: "Internal server error"....
I have tried to comment this line: //GoogleSecretKey:"qZEsLZ/NiEkXo641XHIUW8NVjSvRb8SgdxIyYcV2"
This time I receive this error:
{error: "Forbidden - 403", reason: "Failed to upload file to cloud storage", details: undefined ...
Can anyone please guide me?
Where should I get GoogleAccessId if I am using .pem file instead of GoogleSecretKey?
What should be the cors.json file for file uploading and public reading?
I had troubles with edgee:slingshot and Google Cloud Storage. But this settings now work for me:
//server
Slingshot.GoogleCloud.directiveDefault.GoogleSecretKey = Assets.getText('google-cloud-service-key.pem');
Slingshot.createDirective('avatarUploader', Slingshot.GoogleCloud, {
bucket: 'my_bucket',
GoogleAccessId: 'xxxxxxxxxxxxxx#developer.gserviceaccount.com',
acl: 'public-read',
authorize: function() {
if (!this.userId) {
var message = 'Please login before posting file';
throw new Meteor.Error('Login Required', message);
}
return true;
},
key: function(file) {
var user = Meteor.users.findOne(this.userId);
var ext = file.type.split('/')[1];
return user.username + '/' + randomString(20) + '.' + ext;
}
});
//CORS settings
[
{
"origin": ["*"],
"responseHeader": ["*"],
"method": ["GET", "POST", "PUT", "HEAD"],
"maxAgeSeconds": 3000
}
]
For details look here.
I am trying to authentiate through Google's OAuth, but I'm having problems establishing a connection to their API
My client code:
'click #addChannel': function (event) {
event.preventDefault();
var userId = Meteor.userId();
var options = {
requestPermissions: [
'https://www.googleapis.com/auth/youtube',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/youtube.force-ssl',
'https://www.googleapis.com/auth/youtube.readonly',
'https://www.googleapis.com/auth/youtube.upload',
'https://www.googleapis.com/auth/youtubepartner',
'https://www.googleapis.com/auth/youtubepartner-channel-audit',
],
requestOfflineToken: true
};
Google.requestCredential(options, function(token) {
Meteor.call('userAddOauthCredentials', userId, token, function(error, result) {
if (error) {
throw error;
}
console.log(result);
});
});
My server code:
userAddOauthCredentials: function(userId, token) {
check(userId, String);
check(token, String);
var config = ServiceConfiguration.configurations.findOne({service: 'google'});
if (!config) {
throw new ServiceConfiguration.ConfigError();
}
console.log(token, config);
var endpoint = 'https://accounts.google.com/o/oauth2/token';
var params = {
code: token,
client_id: config.clientId,
client_secret: OAuth.openSecret(config.secret),
redirect_uri: OAuth._redirectUri('google', config),
grant_type: 'authorization_code',
};
try { <------------------------------------------------------ this fails
response = HTTP.post(endpoint, { params: params });
} catch (err) {
throw _.extend(new Error("(first) Failed to complete OAuth handshake with Google. " + err.message),
{response: err.response});
}
if (response.data.error) { // if the http response was a json object with an error attribute
throw new Error("(second) Failed to complete OAuth handshake with Google. " + response.data);
} else {
return {
accessToken: response.data.access_token,
refreshToken: response.data.refresh_token,
expiresIn: response.data.expires_in,
idToken: response.data.id_token
};
}
The above throws a [400] { "error" : "invalid_grant" } error.
Most of the above code I got from how the meteor accounts-google packages logs in a user (which works fine in my application). Link to that:
https://github.com/meteor/meteor/blob/87e3c6499d5eacce62f10faefe9ce49c77bb03ee/packages/google/google_server.js
Any advice on how to proceed from here?
Much appreciated
UPDATE1:
I get these warnings in my log
W20150318-09:11:42.532(1) (oauth_server.js:71) Unable to base64 decode state from OAuth query: undefined
W20150318-09:11:42.532(1) (oauth_server.js:71) Unable to base64 decode state from OAuth query: undefined
W20150318-09:11:42.533(1) (oauth_server.js:71) Unable to base64 decode state from OAuth query: undefined
W20150318-09:11:42.534(1) (oauth_server.js:398) Error in OAuth Server: Match error: Expected string, got undefined
You have to parse your var params to application/x-www-form-urlencoded. Please find the below code to parse as i done in php
$fields_string="";
foreach($params as $key=>$value)
{
$fields_string .= $key.'='.$value.'&';
}
rtrim($fields_string, '&');
Now the $filed_string will contained the parse of params array.