There are a bunch of POST calls from the website to the server and I don't know how to turn them off.
2019-10-24T21:24:49.606Z - info: admin already logged in. Passing through...
2019-10-24T21:25:09.767Z - info: /modules/apostrophe-notifications/poll-notifications
2019-10-24T21:25:09.768Z - info: admin already logged in. Passing through...
2019-10-24T21:25:29.911Z - info: /modules/apostrophe-notifications/poll-notifications
2019-10-24T21:25:29.912Z - info: admin already logged in. Passing through...
2019-10-24T21:25:50.023Z - info: /modules/apostrophe-notifications/poll-notifications
2019-10-24T21:25:50.024Z - info: admin already logged in. Passing through...
That just keeps going on and on...
In my app.js file, I've set the longPollingTimeout options to 0, but it doesn't stop it, and when I set it to 20000 ms it sends it every 20 seconds.
var apos = Mongo.getMongoPw().then(function(mongoPw){
return require('apostrophe')({
...
modules: {
...
'apostrophe-notifications': {
longPollingTimeout: 20000
},
...
}
});
It seems very pointless and spammy in my logs which we send to splunk.
How can I turn this off if it's unnecessary?
The API you're referring to is polling for notifications, which can be sent at any time by server-side or browser-side code. For instance, if you try this in the browser console:
apos.notify('Oh no!', { type: 'error' });
You'll get a notification, which persists until dismissed (it's stored server-side).
Where this gets more useful is when they are sent on the server side. For instance, your server-side javascript may also say:
if (req.user) {
// server side you must include req
apos.notify(req, 'Oh no!', { type: 'error' });
}
Now a notification will reach the currently logged-in user, sooner or later, and you don't have to think about how to deliver it; it just gets taken care of for you by poll-notifications. This is very useful in long running tasks. Without this feature enabled Apostrophe would be unable to deliver many necessary messages to the user.
However, you're wondering why you get this annoying message in your logs:
admin already logged in. Passing through...
I have checked both the apostrophe core module and the apostrophe workflow module. Neither contains any such message. I have also used github search to check the entire apostrophecms organization for this message, which does not appear. Same for a github-wide search. I left out the word "admin" and, in the apostrophecms org, also tried a search for "passing through" alone without turning up any code.
So what this indicates is that your custom code, or another npm module you have added to your project, contains custom middleware that is logging this message on every request that comes in. I would recommend quieting that middleware down as it's not necessary to report this on every notification poll.
Related
I've registered an app in Azure AD and given it API permissions(both Application and delegated) to read all AD groups (Group.Read.All, also Directory.Read.All etc). Using this app I am using Graph Service Client to make a call to get user's AD groups.
public async Task<IEnumerable<GroupInfo>> GetAllGroupsOfUser(string mail)
{
IList<GroupInfo> result = new List<GroupInfo>();
IUserMemberOfCollectionWithReferencesPage memberOfGroups = await _graphServiceClient.Users[mail].MemberOf.Request().GetAsync();
.......... More code ........
}
It works fine for most of the users email but for few emails, which are present in the active directory, I'm getting the following exception
Code: Request_ResourceNotFound Message: Resource 'someuser#somedomain.co' does not exist or one of its queried reference-property objects are not present.
Your error is not that you lack certain permissions, and it has nothing to do with which api testing tool you are using. Your error is very simple. As your error message says, it is that you entered the wrong user email.
Your error message has clearly stated that there is no'someuser#somedomain.co' email, because this is not a correct email, it should be .com instead of .co.
So you must make sure that you enter the correct email without special characters or spaces.
This is my test result:
1.
2.
I'm currently using Workbox to get some caching done with Service Workers. Right now, I'm facing the issue of removing more personalised data from the cache when the user logs out. We have already implemented this by posting a message to the SW upon the logout action. However, I'm having trouble handling the edge case where the user deletes the cookies. Because of how we do authentication, the user is logged out upon cookie deletion. But we are unable to detect this deletion and thus unable to clear the cache.
Any suggestions on how to handle edge case or to better handle authenticated assets in SW/Workbox? Thanks!
Below is a short example of our current flow.
* sw.js */
self.addEventListener("message", msg => {
if (msg.type) {
switch (msg.event) {
case "LOGOUT":
// delete caches which contain personalized data
Promise.all(
exprPlugins.map(plugin =>
plugin.deleteCacheAndMetadata(),
),
)
// ... other code
break;
}
}
});
You might be thinking this in a too SW specific way I guess :-)
Pseudocode:
// Page loads / timer fires every one minute
// if (no cookie found)
// -- send logout msg to sw
// else
// -- send "the user logged in is *id from cookie*" kinda event
// -- sw checks the data matches whoever is now logged in and if needed purges the cache
Please note that since this is not an automatic event after the cookie is manually deleted, an ill-meaning user could open Dev Tools and look at the data from the previous user. Thus this is NOT SECURE, it's more like a tongue-in-the-cheek workaround.
As others pointed out, you should probably not be caching any critical PII info into the caches.
I'm trying to use react-native-fbsdk for Facebook analytics. When I go to the events debugging page to check if it works, I can see a couple events like App Activation and App Installs and other stuff like Completed App Session. Of these, I'm manually logging App Activation whereas the rest is I think the sdk provides by default.
The problem is, it's not logging many other custom events that I'm trying to log.
How do I debug this? Thanks in advance.
When you send the custom events, are you setting the page_scoped_user_id correctly? Here is a raw JSON cutom event, per docs.
{
url : "https://graph.facebook.com/<app_id>/activities",
form: {
event: 'CUSTOM_APP_EVENTS',
custom_events: JSON.stringify([{
_eventName: "fb_mobile_purchase",
_valueToSum: 55.22,
_fb_currency: 'USD'
}]),
advertiser_tracking_enabled: 0,
application_tracking_enabled: 0,
extinfo: JSON.stringify(['mb1']),
page_id: <page_id>,
page_scoped_user_id: recipientId
}
}
The last value, recipientId, is misleading. If you want to log something the user sent, you would want to log the senderId property of that incoming message.
I have a single-page JavaScript application and I'm using the Auth0 service for signup/login.
I have integrated the Lock widget and I'm saving a string to localStorage after a user is authenticated, like so:
lock.on("authenticated", function(authResult)
{
localStorage.setItem('login', authResult.idToken);
}
The problem is that when Auth0 redirects them back to my application after logging in, the authenticated event is fired only after page loaded, but by that time, I've already done the check to see if the localStorage string is set (which it is not); therefore, the user just keeps getting asked to login again:
if(localStorage.getItem('login') == undefined)
{
lock.show(function(err, profile, token)
{
// ...
}
}
I tried to see if there was anything special passed in to the page after a callback - but the referrer isn't always there.
If I don't automatically prompt the user to login, but instead show a login button - the authenticated event never fires for some reason.
How do I get around this?
Based on the information provided you seem to be using Lock in redirect mode and if that's the case you can use the hash_parsed event as a way to know if Lock found a response that it will process.
Every time a new Auth0Lock object is initialized in redirect mode (the default), it will attempt to parse the hash part of the URL, looking for the result of a login attempt. After that, this event will be emitted with null if it couldn't find anything in the hash. It will be emitted with the same argument as the authenticated event after a successful login or with the same argument as authorization_error if something went wrong.
Leveraging this event you could do the following:
Subscribe to the hash_parsed event:
If hash_parsed is emitted with null and localStorage has no indication the user already logged in then redirect to login.
If hash_parsed is emitted with a non-null value that either the authenticated or authorization_error will be emitted and you can react accordingly.
Some sample code:
lock.on("hash_parsed", function (response) {
if (!response && !localStorage.getItem('login')) {
// Redirect to the login screen
} else {
// Either the user is already logged in or an authentication
// response will be processed by Lock so don't trigger
// an automatic redirect to login screen
}
});
I'm developing an iOS app that gives users access to their OneDrive/SkyDrive and I've run into a very annoying issue:
The very first time a user links the app to their OneDrive, everything goes as expected:
They have to enter a user id and password
Then they have to agree to let the app access their info
Then they get to browse their OneDrive
That's all good.
But, if the app closes, and you try to access the OneDrive again, rather than skipping straight to #3, and being able to access the OneDrive, they are stopped at step #2 (step 1 is skipped, as expected) and they have to agree again to let the app access their info.
The code is taken directly from the iOS examples in the online documentation (with some slight modification based on samples found here on Stack Overflow), but, here it is for inspection:
- (void) onedriveInitWithDelegate:(id)theDelegate {
self.onedriveClient = [[LiveConnectClient alloc] initWithClientId:MY_CLIENT_ID
delegate:theDelegate
userState:#"initialize"];
}
And then, theDelegate implements this:
- (void)authCompleted:(LiveConnectSessionStatus) status
session:(LiveConnectSession *) session
userState:(id) userState {
NSLog(#"Status: %u", status);
if ([userState isEqual:#"initialize"]) {
NSLog( #"authCompleted - Initialized.");
if (session == nil) {
[self.onedriveClient login:self
scopes:[NSArray arrayWithObjects:#"wl.basic", #"wl.signin", #"wl.skydrive_update", nil]
delegate:self
userState:#"signin"];
}
}
if ([userState isEqual:#"signin"]) {
if (session != nil) {
NSLog( #"authCompleted - Signed in.");
}
}
}
I thought that perhaps the status value might give a clue and that maybe I could avoid the login call, but it's always zero/undefined when I get to authCompleted after calling initWithClientId. (And session is always nil.)
Is there a scope I'm missing? Is there a different call to make rather than a straight-up login call? Or is it more complicated than that? I've seen reference to "refresh tokens" related to OAuth2 login, but I've not been able to find any concrete examples of how they might be used in this situation.
Any help and/or insights greatly appreciated.
Diz
Well, it turns out that the answer is pretty simple here. I just needed to add the "wl.offline_access" scope to my list of scopes during the initial login operation. The docs didn't really imply this type of behavior for this scope, but, that did the trick for me.
With this new scope added, subsequent invocations of the app no longer bring up the "agree to give the app these permissions" dialog, and I can go straight to browsing the OneDrive.
(Credit where it's due: Stephane Cavin over at the microsoft forums gave me the tip I needed to work this out. Gory details are here:
http://social.msdn.microsoft.com/Forums/en-US/8c5c7a99-7e49-401d-8616-d568eea3cef1/ios-onedrive-skydrive-app-displays-permissions-dialog-every-time-it-runs?forum=onedriveapi )
Diz