Below is the code I am using for imap to fetch emails.
$hostname = '{imap.secureserver.net:993/imap/ssl/}INBOX';
$username = 'xyz#domain.com';
$password = 'emailpassword';
$inbox = imap_open($hostname,$username,$password,NULL,1) or die('Cannot connect to Gmail: ' . print_r(imap_errors()));
Below is the error I am getting:
Array ( [0] => Can't open mailbox {imap.secureserver.net:993/imap/ssl/}INBOX: invalid remote specification ) Cannot connect to Gmail: 1
Related
I'm trying to create a request in Postman (prefer) to test the Push notification API out. My search mostly returned firebase or onesignal settings while I'm trying to send the request in raw directly to apple.
Can someone please help to setup and formulate a basic APNS request in postman?
I'm using this documentation page as a reference.
What I'm missing I think is where to specify the contents of the p12 file plus any other missing data.
I didn't get number 3 in the path variable.
:path =/3/device/00fc13adff785122b4ad28809a3420982341241421348097878e577c991de8f0
Listing 2 A POST request relying on a certificate
HEADERS
- END_STREAM
+ END_HEADERS
:method = POST
:scheme = https
:path = /3/device/00fc13adff785122b4ad28809a3420982341241421348097878e577c991de8f0
host = api.sandbox.push.apple.com
apns-id = eabeae54-14a8-11e5-b60b-1697f925ec7b
apns-push-type = alert
apns-expiration = 0
apns-priority = 10
DATA
+ END_STREAM
{ "aps" : { "alert" : "Hello" } }
Translated above into postman
I've a curl command in case it helps (it's in http2 though). Reference
Note: You MUST have curl 7.47+ with http/2 support compiled in
curl -v \
-d '{"aps":{"alert":"<message>","badge":42}}' \
-H "apns-topic: <bundle id>" \
-H "apns-priority: 10" \
--http2 \
--cert <certificate file> \
https://api.development.push.apple.com/3/device/<device token>
I'm trying to assign the Admin role in Grafana for certain user groups using Azure AD OAuth.
I can successfully log in with Azure AD credentials using this documentation: Set up OAuth2 with Azure Active Directory
According to this page I need to include role_attribute_path somewhere: Role mapping
role_attribute_path = contains(info.groups[*], 'admin') && 'Admin' || contains(info.groups[*], 'editor') && 'Editor' || 'Viewer'
Has anyone got a working example of role assignment using the Azure AD log in?
I've just got this to work with Keycloak as my OIDC provider. This required trapping the response from the UserInfo OAuth2 endpoint and examining the resulting JSON. Only then are you going to be able to modify the JMESPath expression to achieve what you want.
To trap the response I had to make two curl calls and therefore you will likely need to do something similar for AzureAD. The first gets you an access token, and the second call uses this to get you the details you want - ie. groups/roles - that you have chosen to expose - from the UserInfo endpoint. This behavior is described in the Grafana docs.
For what it is worth for Keycloak the calls were on Linux/bash:
ACCESS_TOKEN=$(curl \
-d "client_id=xxxx" \
-d "client_secret=xxxx" \
-d "username=xxxx" \
-d "password=xxxx" \
-d "grant_type=password" \
"https://xxx.foo.bar/auth/realms/myrealm/protocol/openid-connect/token" \
| jq --raw-output .access_token)
curl \
-X POST \
-H "Authorization: bearer "$ACCESS_TOKEN \
"https://xxx.foo.bar/auth/realms/myrealm/protocol/openid-connect/userinfo" \
| jq
When I managed to do this I found that I hadn't properly exposed the groups I was interested in and so needed to do some more config within Keycloak to enable this.
Through this tinkering I eventually got a JSON document with the groups key. Something like this:
{
...
"groups": [
"MyGroup"
],
...
}
At this point I could see that my JMESPath should therefore be:
contains(groups[*], 'MyGroup') && 'Admin'
Addendum
If you use multiple organizations in Grafana, and are migrating from LDAP, you may find that your next question is how can you map users to an org_id in a similar rules-based fashion.
As of Grafana 6.5.1 this feature is not supported although it has been requested as an enhancement. Nor is it possible to concurrently maintain a separate LDAP bind solely for the purpose of group lookups and org mappings UNLESS you are using an Oauth proxy configuration (Documentation regarding the possibility of using Oauth for authentication and LDAP for authorization with some sample configs here.)
With the introduction of Grafana 6.6.0, role assignment using OAuth with Azure AD is now possible.
I put the following into the config ini file to assign the Admin role to anyone in a certain Azure AD group and everyone else would become a Viewer:
[auth.generic_oauth]
name = Azure AD
enabled = true
allow_sign_up = true
client_id = {{ .azure.client.id }}
client_secret = {{ .azure.client.secret }}
scopes = openid email profile
auth_url = https://login.microsoftonline.com/{{ .azure.tenantid }}/oauth2/authorize
token_url = https://login.microsoftonline.com/{{ .azure.tenantid }}/oauth2/token
api_url =
team_ids =
allowed_organizations =
role_attribute_path = contains(groups[*], '{{ .azure.admin_group }}') && 'Admin' || 'Viewer'
where
{{ .azure.client.id}} is the Azure AD, App registration, Application client ID
{{ .azure.client.secret}} is the client secret associated with the above registered app
{{ .azure.tenantid }} is the Azure AD tenant ID
{{ .azure.admin_group }} is the ObjectID of the Azure AD group you want as Admin roles
If I run IE on my computer as the user DOMAIN\automatic the url works:
right click IE
shift + right click "Internet Explorer" in the menu
run as different user
When opening the url http://server/ClearCache there is no problem.
When I do the same with powershell and run it again as DOMAIN\automatic the following script runs:
$url = "http://server/ClearCache"
$req = [system.Net.WebRequest]::Create($url)
$req.UseDefaultCredentials = $true
$res = $req.GetResponse()
$res
The route ClearCache has [AllowAnonymous] in the controller.
When I go to the server with remote desktop logged in as user DOMAIN\automatic that needs to run the powershell script (sql server agent job step) and run the script in powershell I get:
Exception calling "GetResponse" with "0" argument(s): "The remote
server returned an error: (400) Bad Request." At line:1 char:1
+ $res = $req.GetResponse()
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WebException
Opening the url in IE gives me the response 400 Bad Request.
This seems to be related to an IE profile on the server because Chrome on the server can open the url.
Would anyone know what reg key or setting in the ocean of options I need to change to make this work?
Thank you for reading my question.
[UPDATE]
When trying to run it under my credentials I still get the 400 error so don't think it is because of authentication:
$url = "http://server/ClearCache"
$req = [system.Net.WebRequest]::Create($url)
# $req.UseDefaultCredentials = $true
$passwd = ConvertTo-SecureString "password" -AsPlainText -Force;
$req.Credentials = New-Object System.Management.Automation.PSCredential ("myAccount", $passwd);
$res = $req.GetResponse()
$res
Not sure what the problem was or why it worked in Chrome but not IE. Since the response body (can see the response body in IE devtools when you press F12) says "Invalid host name" I tried to add some DNS bindings in C:\Windows\System32\drivers\etc\hosts like 127.0.0.1 myserver and uncommenting localhost but with no result.
Finally replaced the server name with the ip address and that solved it (xxx are numbers of ip address):
$url = "http://xxx.xxx.xxx.xxx/ClearCache"
How could i upload a log file from my local system to a webpage (http://abc..) using powershell script?
Thanks in advance
If you are using HTTP, try something like this:
$sourceFilePath = "c:\MyLocalFolder\LocalLogFileName.log"
$siteAddress = "http://192.168.15.12/DestinationFolder"
$urlDest = "{0}/{1}" -f ($siteAddress, "DestinationLogFileName.log";
$webClient = New-Object System.Net.WebClient;
$webClient.Credentials = New-Object System.Net.NetworkCredential("MyUserName", "MyPassword");
("*** Uploading {0} file to {1} ***" -f ($sourceFilePath, $siteAddress) ) | write-host -ForegroundColor Green -BackgroundColor Yellow
$webClient.UploadFile($urlDest, "PUT", $sourceFilePath);
I need to get the Google validation token to use with Google APIs, but my code does not work.
$client_id = '495225261106.apps.googleusercontent.com';
$client_secret = urlencode('MY_SECRET_CDE');
$redirect_uri = urlencode('http://MYPAGE.net/test.php');
//$grant_type = urlencode('authorization_code'); //it does not work either.
$grant_type = 'authorization_code';
$post_string = "code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp6&client_id={$client_id}&client_secret={$client_secret}&redirect_uri={$redirect_uri}&grant_type={$grant_type}";
//echo_key_value('post_string',$post_string);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://accounts.google.com/o/oauth2/token');
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch); // Execute the HTTP command
$errmsg = curl_error($ch);
if($errmsg) echo $errmsg;
The output is:
{"error":"invalid_grant"}
You may find it easier to use Google APIs, especially OAuth stuff, via one of the official client libraries.
Here's a link to the PHP one: http://code.google.com/p/google-api-php-client/
And a link to the docs on OAuth 2.0 with the library (with some great example code): http://code.google.com/p/google-api-php-client/wiki/OAuth2
Don't you have to put " curl_setopt($ch, CURLOPT_POST, true); " before using postfields? Mine is working and except that and I didn't used urlencode on my secret, it's the same
Setup Instructions
Go to the Google Developers Console
https://console.developers.google.com/project Select your project or
create a new one (and then select it)
Enable the API for your
project In the sidebar on the left, expand APIs & auth > APIs Search
for "drive" Click on "Drive API" click the blue "Enable API" button
Create a service account for your project In the sidebar on the left,
expand APIs & auth > Credentials Click blue "Add credentials" button
Select the "Service account" option
Select "Furnish a new private
key" checkbox Select the "JSON" key type option
Click blue "Create"
button your JSON key file is generated and downloaded to your machine
(it is the only copy!)
open the json file and save your private key to a file called rsa
note your service account's email address
(also available in the JSON key file) Share the doc (or docs) with
your service account using the email noted above
based on information from ( a fantastic doc )
https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
for a list of possible API scopes set
https://developers.google.com/identity/protocols/googlescopes#sheetsv4
for a purely bash based solution
#!/bin/bash
client_email='your client email'
scope='https://www.googleapis.com/auth/spreadsheets.readonly'
jwt1=`echo -n '{"alg":"RS256","typ":"JWT"}' | openssl base64 -e`
exp=$(($(date +%s)+3600))
iat=$(date +%s)
jwt2=`echo -n '{\
"iss":"'"$client_email"'",\
"scope":"'"$scope"'",\
"aud":"https://accounts.google.com/o/oauth2/token",\
"exp":'$exp',\
"iat":'$iat'}' | openssl base64 -e`
jwt3=`echo -n "$jwt1.$jwt2" | tr -d '\n' | tr -d '=' | tr '/+' '_-'`
jwt4=`echo -n "$jwt3" | openssl sha -sha256 -sign rsa | openssl base64 -e`
jwt5=`echo -n "$jwt4" | tr -d '\n' | tr -d '=' | tr '/+' '_-'`
echo $jwt3
echo $jwt5
curl -H -vvv "Content-type: application/x-www-form-urlencoded" -X POST "https://accounts.google.com/o/oauth2/token" -d \
"grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=$jwt3.$jwt5"
for a javascript nodejs based solution see
https://gist.github.com/cloverbox/5ce51a1d8889da9045c5b128a3a2502f