I am trying to add oauth2-proxy to secure my opengrok instance. I am following the document mentioned here: https://developer.okta.com/blog/2022/07/14/add-auth-to-any-app-with-oauth2-proxy
and my docker-compose.yaml file is as below: https://pastebin.com/raw/WkGqgiB3
I am able to validate and authenticate using my company sso (Oauth2 authentication) but not able to figure out how I can pass the username to opengrok UI.
I tried editing ROOT/pageheader.jspf file, to add below code but that doesn't work:
--%><%#page import="org.opengrok.web.PageConfig"%>
<%
/* ---------------------- pageheader.jspf start --------------------- */
{
PageConfig cfg = PageConfig.get(request);
%>
<%= cfg.getEnv().getIncludeFiles().getHeaderIncludeFileContent(false) %>
<div class="logout">
<span id="logout">
Welcome, <%=request.getRemoteUser()%>! | Logout
</span>
</div>
<%
}
/* ---------------------- pageheader.jspf end --------------------- */
%>
But getRemoteUser() returns null. I also tried to get different headers such as:
<%=request.getHeader("X-Forwarded-Email")%> etc but all returns null.
I am just admin of this application and don't have much java/ jsp experience so can't identify in detail what exactly is going wrong.
Can any Opengrok or Oauth2 expert help here please.
Please let me know if you need any more information.
Finally got it working:
Use -set-xauthrequest = true or if you are passing environment variable then pass:
OAUTH2_PROXY_SET_XAUTHREQUEST = true
this will pass through
X-Auth-Request-Email
X-Auth-Request-User
Much thanks to answer here: https://github.com/oauth2-proxy/oauth2-proxy/issues/197#issuecomment-540158057
Related
I'm learning stimulus and trying to get add a checkbox feature where you can mark an order as complete from the show page without using a form. I followed this tutorial, but am not getting the correct results. The checkbox does nothing when clicked and unchecks when refreshed; however if I manually set the complete attribute to true, the checkbox is automatically checked when loading the page, as it should.
I have a model "Order" with a boolean attribute "complete". Here's my show.html.erb section
<tr data-controller="todo" data-todo-update-url="<%= order_path(#order.id) %>">
<td>
<div>
<input type="checkbox"
data-action="todo#toggle"
data-target="todo.completed"
<% if #order.complete %> checked <% end %> >
</div>
</td>
</tr>
Here's my stimulus todo_controller
import { Controller } from "#hotwired/stimulus"
export default class extends Controller {
static targets = [ "completed" ]
toggle(event) {
// Inside the toggle(event) function, let’s start by getting the value of the checkbox,
// and put it into a FormData object
let formData = new FormData()
formData.append("#order[complete]", this.completedTarget.completed);
// Let’s post that data to the "update-url" value we set on the Todo row.
// We’ll set the method to PATCH so that it gets routed to our todo#update on our controller.
// The credentials and headers included ensure we send the session cookie and the CSRF protection token and
// and prevent an ActionController::InvalidAuthenticityToken error.
fetch(this.data.get("update-url"), {
body: formData,
method: 'PATCH',
dataType: 'script',
credentials: "include",
headers: {
"X-CSRF-Token": getMetaValue("csrf-token")
}
})
// We can take the Response object and verify that our request was successful.
// If there was an error, we’ll revert the checkbox change.
.then(function(response) {
if (response.status != 204) {
event.target.complete = !event.target.complete
}
})
}
}
Can someone tell me where my code is going wrong?
This is more a long comment than a solution but few things I see :
You create an empty form and append a single input with name
"#order[complete]" though your Stimulus controller is Javascript
and has no knowledge of # the such way you use in Ruby. Also params
names are usually model[field] then I think you don't need the #.
"order[complete]" should be fine.
Also you grab the value from a specific target for the aforementionned value with this.completedTarget.completed. Should you not rather pick the value of the input field ? and rather grab this.completedTarget.value or maybe the checked status this.completedTarget.checked
You are getting the URL to your fetch from a data attribute. I am not a stimulus expert but it doesn't look like anything Stimulus related. As of now you have written it this.data.get("update-url") but in regular javascript, something like this.element.dataset.todoUpdateUrl should work.
And just to be sure there is no confusion to about where you will
call this , just declare it at the top of your Stimulus methd like
this : var backUrl = this.element.dataset.todoUpdateUrl. And fill the url to your fetch as just fetch(backUrl,...
you pass the formData directly to your fetch body. If this doesn't work, try to stringify it and extract the entries like : JSON.stringify(Object.fromEntries(formData)). Also I am not too sure about the dataType: 'script', you may just omit that alltogether.
There may be other problems that I don't see. Also when you are dealing with JS, don't only look to your Rails console, especially if nothing hits the backend. Open the developper / inspect tool in your browser and monitor the console there, you should see all the XHR (async) requests made to your app.
If nothing happens, then your fetch is not firing and there need to be more investigations made..
I was able to connect with to Intuit using the Minimul/QboApi gem and get the "Connect to Quickbooks" button working with oauth2 based on the example provided on Github. However neither the gem nor the samples show how to implement single sign on with Intuit. In the example provided by Minimul, the Connect To Quickbooks button is produced by intuit's javascript found at https://appcenter.intuit.com/Content/IA/intuit.ipp.anywhere-1.3.5.js
and a setup script and the tag . The tag appears to have been deprecated. Or at least, it doesn't appear to do anything other than produce the button with the right text and logo on it.
But bottom line, I have been unable to find any documentation on the ipp.anywhere.js package, and not even sure if i's meant to used with oauth2 since it's not mentioned anywhere. I believe that the connect to intuit button does the right things, but the guidelines seem pretty strict about what that the button needs to say the right thing and have th eright logo or they will reject it in the store. They also seem to suggest that users are much more likely to try something if an SSO with Intuit workflow is enabled. Any help appreciated.
After some further work, I figured out a solution that can create a 'log in with Inuit button' , although it's a bit of a javascript hack. First, I determined that the only thing I really needed to change was the button image. In other respects the code behind ` works fine for either a "login with intuit" or "connect to intuit work flow" . The only problem is the button image.
Here is the code (adapted from Minimul/QboApi) to get access and oauth2 refresh tokens via a "Connect to Quickbooks" button.
Setup in the controller code in login or sessions controller:
def new
#app_center = QboApi::APP_CENTER_BASE # "https://appcenter.intuit.com"
state= SecureRandom.uuid.to_s
intuit_id = ENV["CLIENT_ID"]
intuit_secret = ENV["CLIENT_SECRET"]
client = Rack::OAuth2::Client.new(
identifier: intuit_id,
secret: intuit_secret,
redirect_uri: ENV["OAUTH_REDIRECT_URL"],
uthorization_endpoint:"https://appcenter.intuit.com/connect/oauth2",
token_endpoint: "https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer",
response_type: "code"
)
#make sure to include at least "openid profile email"
#in the scope to you can retrieve user info.
#uri = client.authorization_uri(scope: 'com.intuit.quickbooks.accounting openid profile email phone address', state: state)
end
Here is the code required to generate the button on the view. (The view needs to load jquery as well in order for the script to work.)
<script type="text/javascript" src="<%= #app_center %>/Content/IA/intuit.ipp.anywhere-1.3.5.js">
</script>
<script>
intuit.ipp.anywhere.setup({
grantUrl: "<%== #uri %>",
datasources: {
quickbooks: true,
payments: false
}
});
</script>
<div>
<ipp:connecttointuit></ipp:connecttointuit>
This code produces the following html on the page delivered to the client:
<ipp:connecttointuit>
Connect with QuickBooks
</ipp:connecttointuit>
This code produces a button with the Connect with QuickBooks image, and an event handler inside intuit.ipp.anywhere-1.3.5.js attaches itself to the click event.
The problem is that the button is styled by the class=intuitPlatformConnectButton attribute inside the generated <a> tag, so if you want a "login with intuit button instead of a connect with intuit button the class on the anchor needs to be changed to class='intuitPlatformLoginButtonHorizontal' but still needs to attach to the event handler defined for <ipp:connecttointuit>. The best solution that doesn't require mucking with intuit.ipp.anywhere is to create the connect button and hide it, and then create another tag styled with class=intuitPlatformLoginButtonHorizontal whose click event calls click on the hidden connect button. I use AngularJs on my login page, so I handle the click with ng-click, but it could be done simply with jquery alone.
new.html.erb:
<div>
</div>
<div>
<ipp:connecttointuit id="connectToIntuit" ng-hide="true">< </ipp:connecttointuit>
</div>
and the controller code:
$scope.intuit_login = function() {
let el = angular.element("#connectToIntuit:first-child")
el[0].firstChild.click();
}
This will result in a redirect upon authentication to the supplied redirect url, where you can use openid to get the user credentials.
At the bottom of questions on stackoverflow it says:
'Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.'
It's the Facebook part I'm interested in. When the user clicks 'Facebook' they get something like:
The cursor is in the 'Write Something' box, exactly where you want it to be, there's a banner underneath drawing attention to the stackoverflow site...perfect.
In my rails app I can link to Facebook with:
<div class ="centre_text">Maybe
you'd like to <%= link_to 'ask your friends on Facebook',
"http://www.facebook.com/mypage", :target => "_blank" %> for what
you're looking for? </div>
It goes to the user's page, where they can write a post. But how do I have it like Stackoverflow's, where the 'Write Something' takes up most of the screen, with a 'Share link' button, and how can I put in a banner/detail, like Stackoverflow does?
Any pointers in the right direction would be greatly appreciated.
I am giving you a simple html example, so that you can get idea and customize it according to your need:
Like I want to share a link on facebook, then what I will do is as following:
First create a link:
<img class="fShare" data-url="http://google.com/" data-title="luxury sedan" src="facebook.png" width="5" height="11" alt="facebook" />
add some javascript for this link:
$(document).ready(function() {
$(".fShare").click(function() {
window.open(
'https://www.facebook.com/sharer/sharer.php?u=' + $(this).attr("data-url") + '&t=' + $(this).attr("data-title"),
'facebook-share-dialog',
'width=626,height=436');
return false;
});
});
Friends,
I am going crazy with this issue, I hope you have the answer for me as I have searched wide for this issue. I have a WEB site that has implemented both the 'Like' button and the 'Comments' button. The issue I'm having is actually two-fold:
First:
The usual 'Admin Page' link that goes beside the 'Like' button once the Admin (me) has liked the page is not always present... I can't figure why, because they are exactly the same PHP pages with different info filled from the DB, but they have identical structure. So I don't understand why:
www.rafaelpolit.com/inicio/index.php?sid=14&gim=10
Shows me the Admin Page link, while
www.rafaelpolit.com/inicio/index.php?sid=14&gim=183
Doesn't.
Any ideas?
Second:
The above problem would not be much of an issue if the procedure described on the Open Graph Protocol page (https://developers.facebook.com/docs/opengraph/#publishing) under Publishing would actually work! Here's the actual problem:
My page uses two parameters in the URL to define the page content: one is the section, the other is the image ID.
My other pages that use a single URL attribute, work fine!!! So, if I access (I am using the graph for simplified purposes):
https://graph.facebook.com/http%3A%2F%2Fwww.rafaelpolit.com%2Finicio%2Findex.php%3Fsid%3D106
It correctly shows:
{
"id": "117419061672096",
"name": "Rafael P\u00f3lit - Macro y Objetos",
"picture": "http://profile.ak.fbcdn.net/hprofile-ak-snc4/188186_117419061672096_2606222_s.jpg",
"link": "http://www.rafaelpolit.com/inicio/index.php?sid=106",
"likes": 2,
"category": "Unknown",
"website": "http://www.rafaelpolit.com/inicio/index.php?sid=106",
"description": "-",
"can_post": true
}
But if I access the graph for one of the URLs with multiple arguments, like:
https://graph.facebook.com/http%3A%2F%2Fwww.rafaelpolit.com%2Finicio%2Findex.php%3Fsid%3D14%26gim%3D10
It truncates the second argument and shows:
{
"id": "http://www.rafaelpolit.com/inicio/index.php?sid=14"
}
As you can see if you enter this though:
graph.facebook.com/159684077425429
The Facebook page is actually correctly working!!! :( Is there a way to actually know a Page_ID if I cannot access the page from any place other than my own site?
So, to sum up my issue:
For some pages I don't get the Admin Page link
For those pages, I have no way of knowing the Page_id
The graph options are not working for pages that have multiple URL arguments/parameters
In the exact same fashion, the https://graph.facebook.com/feed option does not send messages to the people that have 'liked' a page for those pages that have multiple URL parameters, it works fine for those with single parameter.
How do I access the information of a page with two or more parameters?
My final goal is to make something like this actually WORK!:
<?php
$ogurl = urlencode("http://www.rafaelpolit.com/inicio/index.php?sid=14&gim=10");
define("FACEBOOK_APP_ID", "15xxxx84127xxxx");
define("FACEBOOK_SECRET", "xxxx5391830xxxx744b171f0d4b5xxxx");
$mymessage = "Thank you for 'Liking' my Picture.";
$access_token_url = "https://graph.facebook.com/oauth/access_token";
$parameters = "grant_type=client_credentials&client_id=" . FACEBOOK_APP_ID .
"&client_secret=" . FACEBOOK_SECRET;
$access_token = file_get_contents($access_token_url . "?" . $parameters);
$apprequest_url = "https://graph.facebook.com/feed";
$parameters = "?" . $access_token . "&message=" .
urlencode($mymessage) . "&id=" . $ogurl . "&method=post";
$myurl = $apprequest_url . $parameters;
$result = file_get_contents($myurl);
// output the post id
echo "post_id" . $result;
?>
I repeat: This works FINE! if I use the URL of pages with a single URL parameter, it does NOT work if I use URL of pages with multiple parameters.
Any insight? This is a complex issue and I am not a native English speaker, so forgive the extension and any confusion. I appreciate all and every help you may provide!
Thanks a lot,
Rafael Pólit.
ps. Please forgive the non-working links, since I'm new only two of them could actually be links. Most work as copy paste links though, except the graph link which needs https:// in the beginning. Thanks for understanding.
Edit 1:
In response to #Abby 's comment bellow, this is the code I'm using (hopefully formatted instead of the responses in my comments) to insert the button:
<div class="fb_cont ui-corner-all" style="width:706px">
<div id="fb-root"></div>
<script type="text/javascript">
//<![CDATA[
window.fbAsyncInit = function() {
FB.init({appId: '154581841273133', status: true, cookie: true, xfbml: true});
};
(function() {
var e = document.createElement('script'); e.async = true;
e.src = document.location.protocol +
'//connect.facebook.net/en_US/all.js';
document.getElementById('fb-root').appendChild(e);
}());
//]]>
</script>
<div class="fb_cont_int" style="padding:5px;">
<div class="fb_likeDiv" style="width:240px;">
<div class="fb-like" data-href="http://www.rafaelpolit.com/inicio/index.php?sid=14&gim=183" data-send="false" data-width="240" data-show-faces="true" data-colorscheme="dark" data-font="tahoma"></div>
</div>
<div class="fb_commentDiv" style="width:446px;">
<div class="fb-comments" data-href="http://www.rafaelpolit.com/inicio/index.php?sid=14&gim=183" data-num-posts="4" data-width="446" data-colorscheme="dark"></div>
</div>
<div class="dummy"><!-- --></div>
</div>
</div>
Thanks again #Abby for looking into my issue.
Unfortunately I need to accept a route parameter with an & in it. I have this route definition. The id parameter will sometimes have an & in it like this X&Y001.
routes.MapRoute(
"AffiliateEdit",
"Admin/EditAffiliate/{*id}",
new { controller = "UserAdministration", action = "EditAffiliate", id = ""}
);
I have tried working around this issue in the following ways however none of them have worked. All of these result in an HTTP 400 Bad Request error in the browser.
Edit
This gives me Edit
<%= Html.RouteLink("Edit", "AffiliateEdit", new { id = a.CustomerID }) %>
This gives me Edit
<%= Html.RouteLink("Edit", "AffiliateEdit", new { id = Url.Encode(a.CustomerID) }) %>
This gives me Edit
the only thing I can think of (which is a "dirty" solution) is to encode the & yourself. for example something like ##26##.
make sure to check the decoding algorithm only decodes the & ids and not some id that happens to contain ##26## for example.
A better solution depending on db size is to change the offending ids in the database.