Is it possible to change the whitelist for Twitter auth without overriding the entire meteor package?
Basically I want to change this:
Twitter.whitelistedFields = ['profile_image_url', 'profile_image_url_https', 'lang'];
to something like this:
Twitter.whitelistedFields = ['profile_image_url', 'profile_image_url_https', 'lang', 'name', 'id_str', 'url', 'description', 'location'];
If the whitelist is exposed on the exported object you could create a wrapper package:
//Package.js
api.use('twitter')
api.imply('twitter')
api.add_files('wrapper.js')
//Wrapper.js
Twitter.whitelistedFields = ['profile_image_url', 'profile_image_url_https', 'lang', 'name', 'id_str', 'url', 'description', 'location']
If you're talking about the built in accounts twitter package you could specify the requestPermissions option: http://docs.meteor.com/#meteor_loginwithexternalservice, I don't know exactly what the format for that is for twitter, but I've successfully used this method to download profile info from github.
Update
#GeorgeD. pointed out that the requestPermissions option is not available for Twitter, Weibo, or Meteor developer accounts.
Related
I have a rails application that needs to add QuickSight. Found that for these purposes it is necessary to use the get_dashboard_embed_url method. This method returns me the URL, but following it (manually, through an iframe tag) I get this error text
Embedding failed because of invalid URL or authorization code. Both of these must be valid and the authorization code must not be expired for embedding to work.
Where can I find the authenticate code? How can I get it? Thanks for your help
This is how i fetch the url
credential_options = {
client: Aws::STS::Client.new(region: ENV['AWS_REGION']),
role_arn: ENV['QUICK_SIGHT_ROLE_ARN'],
role_session_name: self.user_email
}
assume_role_credential = Aws::AssumeRoleCredentials.new(credential_options)
qs_client = Aws::QuickSight::Client.new({
credentials: assume_role_credential,
region: ENV['AWS_REGION']
})
begin
qs_client.register_user({
identity_type: 'IAM', # accepts IAM, QUICKSIGHT
email: self.user_email,
user_role: 'READER', # accepts ADMIN, AUTHOR, READER, RESTRICTED_AUTHOR, RESTRICTED_READER
iam_arn: ENV['QUICK_SIGHT_ROLE_ARN'],
session_name: self.user,
aws_account_id: ENV['AWS_ACCOUNT_ID'],
namespace: 'default'
})
rescue
end
options = {
aws_account_id: ENV['AWS_ACCOUNT_ID'],
dashboard_id: ENV['QUICK_SIGHT_DASHBOARD_ID'],
identity_type: 'IAM',
session_lifetime_in_minutes: 300,
undo_redo_disabled: false,
reset_disabled: false
}
qs_client.get_dashboard_embed_url(options, {}).embed_url
And how i try to display
iframe src=#url class='w-100 h-100' style='min-height: 500px;'
At the first, sorry for my weak english, but i hope that you'll understand what i mean
Ok, after completing these points, everything began to work for me. Also read "Underwater rocks", this is very important points list which will save you tons of time
Replace my code in question with this
def fetch_url # this method fetch embed dashboard url
credential_options = {
client: Aws::STS::Client.new(
region: ENV['AWS_REGION'],
access_key_id: ENV['AWS_ACCESS_KEY_ID'],
secret_access_key: ENV['AWS_SECRET_ACCESS_KEY']
),
role_arn: ENV['QUICK_SIGHT_ROLE_ARN'],
role_session_name: self.user_email # This is attr_accessor :user_email
}
assume_role_credential = Aws::AssumeRoleCredentials.new(credential_options)
qs_client = Aws::QuickSight::Client.new({
credentials: assume_role_credential,
region: ENV['AWS_REGION']
})
begin
qs_client.register_user({
identity_type: 'IAM', # accepts IAM, QUICKSIGHT
email: self.user_email,
user_role: 'READER', # accepts ADMIN, AUTHOR, READER, RESTRICTED_AUTHOR, RESTRICTED_READER
iam_arn: ENV['QUICK_SIGHT_ROLE_ARN'],
session_name: self.user_email,
aws_account_id: 'ENV['AWS_ACCOUNT_ID']',
namespace: 'default'
})
rescue
end
options = {
aws_account_id: ENV['AWS_ACCOUNT_ID'],
dashboard_id: ENV['QUICK_SIGHT_DASHBOARD_ID'],
identity_type: 'IAM',
session_lifetime_in_minutes: 300,
undo_redo_disabled: false,
reset_disabled: false
}
qs_client.get_dashboard_embed_url(options).embed_url
end
Go to Manage QuickSight panel https://your-quicksight-region(us-east-2 for example).quicksight.aws.amazon.com/sn/admin#users and click on "Manage permissions" button (button is placed above of the table with users)
On the new page click on "Create" button and select "Sharing dashboards" checkbox. Set the name of the permission, click on the "Create" button
In your controller action: #url = fetch_url # fetch_url - method from 1 point
Add to your view: iframe src=#url OR you can use a amazon-quicksight-embedding-sdk but for me the iframe works pretty well
Underwater rocks
Remember that dashboard url (which you are get with this method qs_client.get_dashboard_embed_url(options).embed_url) can be used only once, i.e. you can't open two browsers tabs with the same URL. When you are will pass this URL to iframe, this URL will cease to be working and you will no longer be able to use it in others browser windows or others iframe's
Add your app domain to whitelist domains on the QuickSight. You can do it in the Manage QuickSight panel https://your-quicksight-region.quicksight.aws.amazon.com/sn/admin#embedding
!!!IMPORTANT!!! if you are trying to embed dashboard to your localhost:your_server_port_number rails server, then you will always get the error message into the iframe (but if you go to this URL through the address bar of the browser, then you should see your dashboard (comment out / remove the iframe so it doesn't use the link, because every embedded dashboard url is disposable)). This is because localhost:your_server_port_number is not provided in the whitelist (Underwater rocks p.2). For resolving this issue and testing your work you can use ngrok (maybe it's available only for macOS, i'm not sure).
When you'll download the ngrok open your terminal and run command
$ ./path_to_ngrok_script/./ngrok http your_server_port_number
For me it's:
$ ~/./scripts/ngrok http 3000
After that do these 3 things for adding your work station to QuickSight whitelist:
In the terminal with ngrok copy generated domain which starts with
the https (i'll name it ngrok_domain), NOT WITH HTTP. For
example: https://047956358355.ngrok.io
Go to the Underwater rocks p.2 and add ngrok_domain
Open your browser and go to the path with iframe, but use ngrok_domain instead of localhost:3000. For example, your embedded dashboard path is localhost:3000/embed_dashboard. Change it to https://047956358355.ngrok.io/embed_dashboard
After all these steps all is start working for me. I'm sure that some of the points here are superfluous, but i'm really tired of working with this integration, so here you yourself decide what should be left and what should be removed.
I hope my answer helped at least someone
I am reviewing the sample code for the HFC SDK and saw ways to manage users.
To enroll an existing user the following function is used:
chain.enroll
To register and enroll a new user the following function is used:
chain.registerAndEnroll
However, the sample code did not provide an example for a register only function:
chain.register
If I understand it correctly both the chain.enroll and chain.registerAndEnroll will both save the user key/certificate in the machine where the functions are called.
If I want an admin to create a new user (e.g., userA), I cannot use the chain.registerAndEnroll function since the key/certificate will be saved in the admin's machine instead of userA's machine since the function performs not only a register but also an enroll. Hence, my need for a register only function.
In addition, how do I add attributes to users using HFC similar to the attributes that can be defined in membersrvc.yaml?
Unfortunately I was unable to find an online link to the hfc API doc (although you can build the doc locally if needed).
That being said, there is a chain.register function which takes a RegistrationRequest object and then returns the enroll secret/password you would later use to enroll the new user:
//create some attributes
var attributes = [{name:'foo',value:'bar'}];
var registrationRequest = {
roles: [ role ],
enrollmentID: name,
affiliation: "bank_a",
attributes: attributes,
registrar: registrar
};
chain.register(registrationRequest, function(err, enrollmentPassword) {
//your code here
}
I am running a Slack team for a gaming community. My users all have avatars in the game and I am already using the Slack API to automatically set their Slack user name to their in-game name, so its easier for people to be recognized.
In addition I would also like to automatically set their profile picture in Slack with their avatar picture from the game. However I could not figure out a way to do it, so my question is can it be done and if yes, how?
My current starting point is the undocumented API method users.profile.set which allows me to set the profile of a user (see below for an example of a user profile). So far I've been able to modify:
first_name
last_name
title
phone
skype
The user profile also contains the URL to the profile picture, but I was so far not able to change it. I tried external URLs, and URLs of images already uploaded on Slack.
Here is a link to my documentation of the "undocumented" Slack API method users.profile.set with all options that I could figure out so far.
Any help would be hugely appreciated.
Update November 2017
In the meantime Slack has added a new API method called users.setPhoto for setting profile photos. However, this new method does not solve this question, because it only works for your own user (or more precisely the user you have an access token for, e.g. you not specify another user ID).
I am looking for a way to change the profile pictures of all users on my Slack team by a Slack app / bot.
Example of a user profile:
{
id: "U12345678",
team_id: "T12345678",
name: "erik.kalkoken",
deleted: false,
status: null,
color: "9f69e7",
real_name: "Erik Kalkoken",
tz: "America/Chicago",
tz_label: "Central Daylight Time",
tz_offset: 3600,
profile: {
avatar_hash: "XXX",
first_name: "Erik",
last_name: "Kalkoken",
title: "",
phone: "",
skype: "",
image_24: "https://avatars.slack-edge.com/2016-03-19/XXX_24.jpg",
image_32: "https://avatars.slack-edge.com/2016-03-19/XXX_32.jpg",
image_48: "https://avatars.slack-edge.com/2016-03-19/XXX_48.jpg",
image_72: "https://avatars.slack-edge.com/2016-03-19/XXX_72.jpg",
image_192: "https://avatars.slack-edge.com/2016-03-19/XXX_192.jpg",
image_512: "https://avatars.slack-edge.com/2016-03-19/XXX_512.jpg",
image_1024: "https://avatars.slack-edge.com/2016-03-19/XXX_512.jpg",
image_original: "https://avatars.slack-edge.com/2016-03-19/XXX_original.jpg",
real_name: "Erik Kalkoken",
real_name_normalized: "Erik Kalkoken",
email: "test#email.com"
},
is_admin: false,
is_owner: false,
is_primary_owner: false,
is_restricted: false,
is_ultra_restricted: false,
is_bot: false,
has_2fa: false
}
After messing around with it for a little, it's possible to use the undocumented users.setPhoto endpoint:
curl https://slack.com/api/users.setPhoto \
-F "token=<removed>" \
-F "image=#/path/to/image.jpg"
Unfortunately it will resize your avatar which removes the ability to upload animated gifs.
I don't think the profile picture API is available yet. I read a while back that it was on their TODO list.
I was able to get it to work using Jay Querie's method.
The two difference was I gave the full path and I put the image first.
So in my case:
curl https://slack.com/api/users.setPhoto -F "image=#C:\Users\name\Pictures\dojocat.jpg" -F "token=xxxx-123-123-123-123"
Originally when I was using gitbash to run the curl and it was searching for the image in the directory where my gitbash was installed / being executed. So if I put the dojocat.jpg next to my gitbash executable it would would have found it.
I am using Google OAuth for Google signin with Odoo.
Everything works fine and I can sign in using google with no problem. However, I cannot open multiple sessions using my same google credentials.
For example, if I open two sessions, one in chrome and another in firefox, then the older session gets logged out.
I don't understand what's the problem because no matter how many sessions I start if I log in using my username and password separately, without using google OAuth, none of the sessions get logged out - works fine.
I was wondering it has got something to do with the code, so I did a lot of tweaks but nothing works. I saw that at one point it cannot get the session information of older sessions. However my question is not about the code.
My question is, is there any configuration or setting to be set in google OAuth or Odoo 8 which lets users have multiple sessions at the same time or is there any setting while using google OAuth with Odoo that I need to know for this?
Any idea would be really helpful as I've been struggling for days with this. Thanks!
I have build a module for Odoo V9. Without this module, Odoo save only one token. But when you use odoo in multi computer, you use one token for each computer.
By default odoo don't support multi token. You need to modify the code of module auth_oauth.
With this module it save all token, like that you can have multi connection.
You can donwload and instal this module : https://github.com/IguanaYachts/auth_oauth_multi_token.git
class ResUsers(models.Model):
_inherit = 'res.users'
oauth_access_token_ids = fields.One2many('auth.oauth.multi.token', 'user_id', 'Tokens', copy=False)
oauth_access_max_token = fields.Integer('Number of simultaneous connections', default=5, required=True)
#api.model
def _auth_oauth_signin(self, provider, validation, params):
res = super(ResUsers, self)._auth_oauth_signin(provider, validation, params)
oauth_uid = validation['user_id']
user_ids = self.search([('oauth_uid', '=', oauth_uid), ('oauth_provider_id', '=', provider)]).ids
if not user_ids:
raise openerp.exceptions.AccessDenied()
assert len(user_ids) == 1
self.oauth_access_token_ids.create({'user_id': user_ids[0],
'oauth_access_token': params['access_token'],
'active_token': True,
})
return res
#api.multi
def clear_token(self):
for users in self:
for token in users.oauth_access_token_ids:
token.write({
'oauth_access_token': "****************************",
'active_token': False})
#api.model
def check_credentials(self, password):
try:
return super(ResUsers, self).check_credentials(password)
except openerp.exceptions.AccessDenied:
res = self.env['auth.oauth.multi.token'].sudo().search([
('user_id', '=', self.env.uid),
('oauth_access_token', '=', password),
('active_token', '=', True),
])
if not res:
raise
If you follow the steps above you will be able to successfully configure Google Apps (Gmail) with OpenERP via the OAuth module. The only thing i was missing is an extra step I found in a youtube video; you have to:
Go to Settings - Users
To the users you want to give OAuth access, send them a password reset by using the "Send reset password instructions by email" option.
Ask your users (or yourself) to use the link they receive in their email, but, when they open it, they will only see the log in screen with the "Log in with Google" option. (no typical change password option available)
Use the proper Google account and voila! - Now it connects smoothly.
The Youtube video that show how to log in with Google in OpenERP: http://www.youtube.com/watch?v=A-iwzxEeJmc
and if configuration of Oauth2 and odoo see this link for more detail
https://odootricks.wordpress.com/2014/09/18/setting-up-google-apps-authentication-for-odoo/
So I'm using the 'google-api-client' gem with Rails, and I'm attempting to call the URL below in order to get video views by day and insightTrafficSourceType. This is a call that appears to be allowable from the Available Reports documentation page.
Additionally, I found that I was able to make this call by using the API Explorer tool provided by Google.
URL:
https://www.googleapis.com/youtube/analytics/v1beta1/reports?metrics=views&ids=channel==CHANNEL_ID&dimensions=day,insightTrafficSourceType&filter=video==VIDEO_ID&start-date=2013-01-15&end-date=2013-01-16&start-time=1970-01-01
Result:
{
:error=>
{
"errors"=>[
{
"domain"=>"global",
"reason"=>"invalid",
"message"=>"Unknown identifier (insightTrafficSourceType) given in field parameters.dimensions."
}
],
"code"=>400,
"message"=>"Unknown identifier (insightTrafficSourceType) given in field parameters.dimensions."
}
}
I'm not sure what extra data I can provide in the initial description of this bug, but as stated before I am making the call to the API with the Google::APIClient Ruby library. The actual code itself looks like this:
client.execute(
:api_method => api.reports.query,
:parameters => options
)
You are still referencing the old beta API, i.e., in your URL, you have 'v1beta' and you should have 'v1' there. Try replacing that and running it again. Also, you can look at the api explorer to see the exact URL that should be generated in live examples with your acct (once you enable OAuth) here:
https://developers.google.com/youtube/analytics/v1/
(Look at the bottom of the page.)
Finally, start-time isn't a parameter listed on the production version of the API, so you will want to remove that as well.