I need to test behavior of the feature which depends on the users IP address. The user should be redirected to different pages depending on his IP address.
I create client like that: $this->client = static::createClient();
Is there any way to do that?
Try to create different clients:
$this->client1 = static::createClient([], ['REMOTE_ADDR' => '11.11.11.11']);
$this->client2 = static::createClient([], ['REMOTE_ADDR' => '22.22.22.22']);
Related
I've configured a .Net Core Web app to use OpenID Connect for authentication using the Authorization Code model as per my IdP sample instructions (https://www.onelogin.com/blog/how-to-use-openid-connect-authentication-with-dotnet-core):
services.AddAuthentication(options => {
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(o => {
o.ClientId = "[Client ID]";
o.ClientSecret = "[Client Secret]";
o.Authority = "[Authority]";
o.ResponseType = "code";
o.GetClaimsFromUserInfoEndpoint = true;
});
Then my controller is set up to require authentication:
[Authorize]
public IActionResult About()
{
ViewData["Message"] = "You must be authenticated to view the About page";
return View();
}
I also have configured ngrok to provide a temporary public URL which should be used in the authentication flow redirect back to my site using:
ngrok http 5000 -host-header="localhost:5000"
This command successfully sets up the proxy and once running, I can browse to the site via the proxy url (e.g. https://75c97570.ngrok.io).
The issue I'm running into is that when I attempt to browse to the 'About' page I'm redirected to the IdP site and prompted to log-in as expected, however, the 'redirect_uri' value passed via the query string is my 'localhost' address (https://localhost:5000/signin-oidc) not the ngrok proxy address (https://75c97570.ngrok.io/signin-oidc). This is causing an issue because my IdP requires a non-local url (hence the ngrok proxy), so the redirect_uri value being passed (localhost) doesn't match the one configured in my IdP account (ngrok) and I receive an error message that the 'redirect_uri did not match any client's registered redirect_uris'.
I'm assuming this is a .Net configuration issue. Is there a way to tell .Net to use the ngrok proxy address for the 'redirect_uri' value on redirect as opposed to the localhost address? I've tried using the 'CallbackPath' option on the OpenID Connect configuration options, however it appears that this only allows for a sub-path of the current url (e.g. http://localhost:5000/[something]) and can't be used to specify a completely different url. Is there another way to configure the redirection to use the proxy url?
Thanks!
Ok, after some digging I found one solution to this issue. I added the following code to the initialization of my OpenIdConnect service:
.AddOpenIdConnect(o => {
...(snip)...
o.Events.OnRedirectToIdentityProvider = (context) =>
{
context.ProtocolMessage.RedirectUri = "https://75c97570.ngrok.io/signin-oidc";
return Task.FromResult(0);
};
...(snip)...
}
This does the trick of changing the 'redirect_uri' value which is passed to my IdP on the redirect. Not sure if this is the best way to handle this, however it does work.
I have configured Asterisk 13.13.1 with PJProject 2.5.5 and enable PJSIP as SIP driver (without compiling chan_sip).
I have the fully configured system and it's working but I have some problems with incoming calls. I have few numbers connected with my host and when I calling from any public number I noticed this info on asterisk remote console:
[Feb 24 14:27:16] NOTICE[5291]: res_pjsip/pjsip_distributor.c:525 log_failed_request: Request 'INVITE' from '"zzzzz" <sip:zzzzz#192.168.34.1>' failed for '192.168.34.1:5062' (callid: 0e07e7607f8f62dd225347363173bb9f#192.168.34.1:5062) - No matching endpoint found
And if I add the number which is calling to my Asterisk to endpoints then it's working - I can pick up this call.
How to add the possibility to allow all inbound calls?
You need to create an anonymous endpoint to accept inbound calls from unknown endpoints.
Be aware that adding an anonymous endpoint opens the system to extension scanning attacks where scanners try to find out which extensions you have configured in your system. They do this either to spam you with advertising calls, or exploit call transferring to call long distance numbers, or for some other ulterior motive.
After creating an anonymous endpoint, associate it with a context different from that used by your extensions. This prevents them from dialing long-distance through your trunks.
To add an anonymous endpoint in pjsip.conf, add the following lines:
[anonymous]
type=endpoint
context=anonymous
disallow=all
allow=speex,g726,g722,ilbc,gsm,alaw
In the dialplan extensions.conf:
[anonymous]
exten => _XXXXX,1,GotoIf(${DIALPLAN_EXISTS(local-extensions,${EXTEN},1)}?local-extensions,${EXTEN},1)
same => n,Hangup(1)
local-extensions is the context listing your local extensions.
It looks like your missing something from you pjsip config. My basic config is as follows and is based on a sipgate setup with an internal extension. This config has been extracted from a running box (though usernames & passwords have been removed);
pjsip.conf
[transport-udp]
type = transport
protocol = udp
bind = 0.0.0.0
[reg_sipgate_premium]
type = registration
retry_interval = 20
max_retries = 10
contact_user = 0000000
expiration = 120
transport = transport-udp
outbound_auth = auth_sipgate_premium
client_uri = sip:0000000#sipgate.co.uk:5060
server_uri = sip:sipgate.co.uk:5060
[auth_sipgate_premium]
type = auth
username = 0000000
password = password
[sipgate_aor_premium]
type = aor
contact = sip:0000000#sipgate.co.uk
[sipgate-preimum]
type = endpoint
context = incomingsipgate
dtmf_mode = rfc4733
disallow = all
allow = alaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
timers = yes
from_user = 0000000
from_domain = sipgate.co.uk
language = en
outbound_auth = auth_sipgate_premium
aors = sipgate_aor_premium
extensions.conf
[incomingsipgate]
exten => 0000000,1,Goto(sipgate-in-premium,0000000,1)
[sipgate-in-premium]
exten => 0000000,1,Verbose(Incoming call from Sipgate line CallerID=${CALLERID(all)})
exten => 0000000,2,Goto(internal-ext,120,1)
[internal-ext]
exten => 120,1,Dial(SCCP/120,20,o,CallerID=${CALLERID(all)})
This line is used to catch any free phone (0500) number and route it via sipgate when a user internally dials 90500xxxxxxx;
exten => _90500.,1,Dial(PJSIP/${EXTEN:1}#sipgate-preimum)
For sure, the problem is in your incoming line operator context. The problem is not in pjsip - it is in dialplan. Please check your trunk (or registration context value to understand proper dialplan section:
[outer]
exten=>_1234567,1,NoOp(Incoming call to public number 1234567)
exten=>_1234567,n,GoTo(outer,3333,1)
exten=>_1234567,n,Hangup()
exten=>_3333,1,NoOp(Transfered from public context to local extension 3333)
exten=>_3333,n,Dial(PJSIP/${EXTEN},180)
exten=>_3333,n,Hangup()
Change 1234567 to your public number and 3333 to the local number that has to receive this incoming call. And of course, set outer as context for incoming calls number provider registration (trunk).
I'm facing quite an issue and I really don't know what it's caused by at all. A lot of stuff on my website gets done via websockets, for example pushing messages to clients.
For pushing I'm using ZMQ and Ratchet.
This is the php code:
$UserMessage = array(
'user' => $userid,
'message' => 'Search started',
);
$context = new \ZMQContext();
$socket = $context->getSocket(\ZMQ::SOCKET_PUSH, 'my pusher');
$socket->connect("tcp://localhost:5555");
$socket->send(json_encode($UserMessage));
This is the push-server:
<?php
require dirname(__DIR__) . '/vendor/autoload.php';
$loop = React\EventLoop\Factory::create();
$pusher = new Some\Bundle\Topic\Pusher();
// Listen for the web server to make a ZeroMQ push after an ajax request
$context = new React\ZMQ\Context($loop);
$pull = $context->getSocket(ZMQ::SOCKET_PULL);
$pull->bind('tcp://127.0.0.1:5555'); // Binding to 127.0.0.1 means the only client that can connect is itself
$pull->on('message', array($pusher, 'onMessage'));
// Set up our WebSocket server for clients wanting real-time updates
$webSock = new React\Socket\Server($loop);
$webSock->listen(8181, '0.0.0.0'); // Binding to 0.0.0.0 means remotes can connect
$webServer = new Ratchet\Server\IoServer(
new Ratchet\Http\HttpServer(
new Ratchet\WebSocket\WsServer(
new Ratchet\Wamp\WampServer(
$pusher
)
)
),
$webSock
);
$loop->run();
The problem is: sometimes messages don't get pushed AT ALL. This is happening very randomly. Sometimes it works like a charm for 20 messages in a row, sometimes not.
Does anyone have any idea what this might be caused by? I'm using nginx as a webserver by the way. Are there any kind of logs that might help out?
Regards
I would like to get the user IP address in my meteor application, on the server side, so that I can log the IP address with a bunch of things (for example: non-registered users subscribing to a mailing list, or just doing anything important).
I know that the IP address 'seen' by the server can be different than the real source address when there are reverse proxies involved. In such situations, X-Forwarded-For header should be parsed to get the real public IP address of the user. Note that parsing X-Forwarded-For should not be automatic (see http://www.openinfo.co.uk/apache/index.html for a discussion of potential security issues).
External reference: This question came up on the meteor-talk mailing list in august 2012 (no solution offered).
1 - Without a http request, in the functions you should be able to get the clientIP with:
clientIP = this.connection.clientAddress;
//EX: you declare a submitForm function with Meteor.methods and
//you call it from the client with Meteor.call().
//In submitForm function you will have access to the client address as above
2 - With a http request and using iron-router and its Router.map function:
In the action function of the targeted route use:
clientIp = this.request.connection.remoteAddress;
3 - using Meteor.onConnection function:
Meteor.onConnection(function(conn) {
console.log(conn.clientAddress);
});
Similar to the TimDog answer but works with newer versions of Meteor:
var Fiber = Npm.require('fibers');
__meteor_bootstrap__.app
.use(function(req, res, next) {
Fiber(function () {
console.info(req.connection.remoteAddress);
next();
}).run();
});
This needs to be in your top-level server code (not in Meteor.startup)
This answer https://stackoverflow.com/a/22657421/2845061 already does a good job on showing how to get the client IP address.
I just want to note that if your app is served behind proxy servers (usually happens), you will need to set the HTTP_FORWARDED_COUNT environment variable to the number of proxies you are using.
Ref: https://docs.meteor.com/api/connections.html#Meteor-onConnection
You could do this in your server code:
Meteor.userIPMap = [];
__meteor_bootstrap__.app.on("request", function(req, res) {
var uid = Meteor.userId();
if (!uid) uid = "anonymous";
if (!_.any(Meteor.userIPMap, function(m) { m.userid === uid; })) {
Meteor.userIPMap.push({userid: uid, ip: req.connection.remoteAddress });
}
});
You'll then have a Meteor.userIPMap with a map of userids to ip addresses (to accommodate the x-forwarded-for header, use this function inside the above).
Three notes: (1) this will fire whenever there is a request in your app, so I'm not sure what kind of performance hit this will cause; (2) the __meteor_bootstrap__ object is going away soon I think with a forthcoming revamped package system; and (3) the anonymous user needs better handling here..you'll need a way to attach an anonymous user to an IP by a unique, persistent constraint in their request object.
You have to hook into the server sessions and grab the ip of the current user:
Meteor.userIP = function(uid) {
var k, ret, s, ss, _ref, _ref1, _ref2, _ref3;
ret = {};
if (uid != null) {
_ref = Meteor.default_server.sessions;
for (k in _ref) {
ss = _ref[k];
if (ss.userId === uid) {
s = ss;
}
}
if (s) {
ret.forwardedFor = ( _ref1 = s.socket) != null ?
( _ref2 = _ref1.headers) != null ?
_ref2['x-forwarded-for'] : void 0 : void 0;
ret.remoteAddress = ( _ref3 = s.socket) != null ?
_ref3.remoteAddress : void 0;
}
}
return ret.forwardedFor ? ret.forwardedFor : ret.remoteAddress;
};
Of course you will need the current user to be logged in. If you need it for anonymous users as well follow this post I wrote.
P.S. I know it's an old thread but it lacked a full answer or had code that no longer works.
Here's a way that has worked for me to get a client's IP address from anywhere on the server, without using additional packages. Working in Meteor 0.7 and should work in earlier versions as well.
On the client, get the socket URL (unique) and send it to the server. You can view the socket URL in the web console (under Network in Chrome and Safari).
socket_url = Meteor.default_connection._stream.socket._transport.url
Meteor.call('clientIP', socket_url)
Then, on the server, use the client's socket URL to find their IP in Meteor.server.sessions.
sr = socket_url.split('/')
socket_path = "/"+sr[sr.length-4]+"/"+sr[sr.length-3]+"/"+sr[sr.length-2]+"/"+sr[sr.length-1]
_.each(_.values(Meteor.server.sessions), (session) ->
if session.socket.url == socket_path
user_ip = session.socket.remoteAddress
)
user_ip now contains the connected client's IP address.
I have enabled the lighttpd mod_webdav module and set up a webdav mount point of http://website.com/webdav using the following lighttpd.conf entry:
$["remoteip"] == "www.website.com" {
alias.url += (
"/webdav" => "/var/www/htdocs/webdav",
)
$HTTP["url"] =~ "^webdav($|/)" {
dir-listing.activate = "enable"
webdav.activate = "enable"
webdav.is-readonly = "disable"
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/var/www/htdocs/passwd.dav"
auth.require = ("" => "method" => "basic",
"realm" => "webdav",
"require" => "valid-user" ) )
}
}
This gives the same directory for all webdav users.
However, I would like to make http://website.com/webdav redirect to a particular subdirectory based on the webdav user name.
For example:
user logs in as user1, he/she sees htdocs/webdav/user1 when going to http://website.com/webdav
or
user logs in as user2, he/she sees htdocs/webdav/user2 when going to http://website.com/webdav
Can this be done?
Thanks
Even though HTTP and WebDAV allows it, popular clients don't actually follow redirects. The result is that clients such as the windows client, os/x client can't connect to the url directly..