I occasionally receive emails from Google (accounts-noreply#google.com), similar to the following:
Subject: Suspicious sign in prevented
Someone recently tried to use an application to sign in to your Google
Account, ________#gmail.com. We prevented the sign-in attempt in case
this was a hijacker trying to access your account. Please review the
details of the sign-in attempt:
Monday, November 19, 2012 8:40:55 PM GMT
IP Address: 184.72.161.49 (amazonaws.com)
Location: Dixmoor, IL, USA
If you do not recognize this sign-in attempt, someone else might be trying
to access your account. You should sign in to your account and reset your
password immediately. Find out how at
http://support.google.com/accounts?p=reset_pw
If this was you, and you want to give this application access to your
account, complete the troubleshooting steps listed at
http://support.google.com/mail?p=client_login
Sincerely,
The Google Accounts Team
© 2012 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
You have received this mandatory email service announcement to update you
about important changes to your Google product or account.
Indeed, this was me, as I have an app running on Heroku (hence why the IP address is from amazonaws.com), and I send email directly from my app via Gmail SMTP (I don't think it should matter, but specifically, I'm using the gmail_smtp plugin which I updated for Rails 3.2).
Is there a way to avoid this warning, or a way to whitelist known IPs?
Short Answer
In a web browser (perhaps Chrome/Incognito), log into your Gmail account (the one via which you're trying to send email from your app).
In another browser tab, open https://accounts.google.com/DisplayUnlockCaptcha -- and follow the steps.
Long Answer
I ended up logging into my Gmail account (mentioned as ________#gmail.com in the Stackoverflow question above) and saw the following warning:
[Note: I'm piecing this Answer together after the fact.] Clicking the link Was it you?, I'm pretty sure I was taken to a page that contained the following, though below it there was a message and button about adding another application to the list:
[Again, I'm pretty sure...] Clicking the button on that page brought me to https://accounts.google.com/DisplayUnlockCaptcha -- which looks like this:
Clicking Continue brought me to another page:
At that point I just went to my app, and made it send an email.
Note: for general live-testing of email in my app, I have a view at triggers#index with two buttons that send PUT requests to these actions: triggers#send_email and triggers#raise_exception. This enables an admin to go to /triggers and send an email or raise an exception to test if the production system is working correctly as far as being able to send email is concerned. Raising an exception in any of my apps emails details to me via exception_notification.
I had the same problem when I tried sending emails through Gmail SMTP using PHP. You shoud complete the troubleshooting steps provided at the end of the email.
On your Gmail mail box look at the bottom right corner and you can see a Details button. Click on it and then on the pop up window change the suspicious warning settings.
To get this working in dev with Rails 4 i had to enable access for less secure apps.
Visit https://www.google.com/settings/security/lesssecureapps while signed on to your gmail account and click 'turn on'. Note, this enables access for less secure apps which could come with unintended consequences.
Some apps and devices use less secure sign-in technology, which makes
your account more vulnerable. You can turn off access for these apps,
which we recommend, or turn on access if you want to use them despite
the risks.
To get this working in Rails 4, in addition to enabling access for less secure apps, as described already (Visit https://www.google.com/settings/security/lesssecureapps while signed on to your gmail account and click 'turn on'. Note, this enables access for less secure apps which could come with unintended consequences.),
one more step may be required in some cases, if account access is still blocked.
If this is the case, also visit https://accounts.google.com/DisplayUnlockCaptcha and click continue, to enable account access to send via gmail SMTP.
Credit to Steve Polito
Related
I have configured smtp settings in web.config and I was able to successfully send email when working on my local machine. But when I uploaded the code on the server, its giving me following exception
Mailbox unavailable. The server response was: 5.7.3 Requested action aborted
Meanwhile, I also received an email from Microsoft telling me that an attempt to login to my account from a new location was blocked. I clearly understand the problem that server is in a different part of the world than where I usually login to a Windows Live account. That's why it is blocking the account to login. But I want it to login and send email using my credentials on from remote server. There must be some settings in Windows Live account but I failed to find one.
Contacting Hotmail Support Center first to find out if its really possible what you are intending to do might be helpful. I think if hotmail web administration has put a security check, it must be for a purpose of stopping such remote login activities.
I am trying to run the sample Google Apps Script Service Account OAuth example taken from here:
https://github.com/googlesamples/apps-script-oauth2/blob/master/samples/GoogleServiceAccount.gs and keep getting a server timed-out error. I copied the exact code and just substituted in the private key, client email, and a user email. The example code looks to be current as there was an update to it on July 30th.
I have authorized https://www.googleapis.com/drive/v2/files through the admin console as well as https://accounts.google.com/o/oauth2/token and have listed these as scopes in the admin settings (and domain-wide delegation is enabled). I am using an admin account to run the script.
I keep getting the ubiquitious "Server Timed Out" error and nothing shows up in the Execution Logs.
What might be the problem? Any help would be appreciated. Thanks in advance.
Thanks, Gerardo, for pointing me in the right direction. It turned out that our organization manages permissions for the Google Developer's Console by Organizations (in the Google Admin console). Somehow a few accounts, including mine, were kicked out of the Organization that had permissions to access the Developer's Console. After adding myself back in, the sample worked without problems.
I have been following the rails tutorial by Michael Hartl for some time. When I came to the point of creating account activation links and automatically send them in an Email, I noticed some bad stuff:
I'm using the cloud 9 ide and the activation link from the Email only works when the cloud 9 project is private. Since I need to store the password for my gmail account in the configs, everyone can view my code and log in to my gmail account.
How could this problem be solved? Making the project private doesn't work because you then aren't able to activate your account.
If you'd like to keep your workspace private, but your application url public, just click on the 'Share' button near the top right of the IDE. Once there, check 'Public' next to 'Application'. That will disable Cloud9's authentication when accessing the application url while keeping your code/workspace private.
I'm trying to integrate Paypal login within my Rails app and I can't make it work.
I was following the guide: http://cristianobetta.com/blog/2013/09/27/integrating-login-with-paypal-into-rails/
I created an application from the paypal developer site, and set the followings:
App return URL (test): http:/ /localhost:3000/auth/paypal/callback
App return URL (live): http:/ /localhost:3000/auth/paypal/callback
and I get the error:
"Relying Party Validation error: redirect_uri provided in the request does not match with the registered redirect_uri. Please check the request."
when I try to visit the URL:
http:/ /localhost:3000/auth/paypal
Interesting enough, I get the same error if I input my application credential in the official Paypal API integration tool:
https://devtools-paypal.com/guide/openid/ruby?interactive=ON&env=sandbox
Any ideas?
Thanks
This has changed a bit since the accepted answer, and will presumably change again soon... but here's how you do this now.
Log into developer.paypal.com
Click on Dashboard (https://developer.paypal.com/developer/applications)
Click your app name under "Rest API Apps"
Scroll to the box at the bottom of the screen labeled "Sandbox (or Live) App Settings
Set the Return URL (Where users will be redirected after test transactions)
Click save
NOTE
This Return URL must exactly match the redirect_uri that you pass in via querystring (so it's confusing as to why you'd need to pass it in in the first place)
GOTCHA
At this point in time, the Return URL can seemingly never be updated. In my recent experience, if you don't type it correctly the first time you save it, you will have to create a new app.
You need to set this value inside of your sandbox application on the developer website.
Log into developer.paypal.com
Click Applications
Under My Rest Apps click your App name
Click Edit next to App redirect URLs
Set the return URLs for live or test
Save
I resolved it by setting both the live and test redirect URLs to the same thing.
Plus, I ensured that I ticked to get Personal Information from the advanced settings panel, also adding URLs for privacy and agreement links.
The portal hung when set to localhost addresses for those links, so possibly PayPal tried to dereference them, so I put in real fake URLs.
I was encountering this issue myself, albeit in a Sinatra rather than Rails app - like you, I was using http://localhost:4567/auth/paypal/callback as the return URL - changing it to http://127.0.0.1:4567/auth/paypal/callback on the PayPal dev portal and accessing my app from 127.0.0.1 rather than localhost fixed it for me.
I am brand new to SalesForce development, and want to explore the API and its capabilities. I have created a new Developer Edition account. I have not yet tried to access the API programmatically, but I am trying (unsuccessfully) to access it via both the Workbench ( https://workbench.developerforce.com/login.php ) and the Apigee Console ( https://apigee.com/console/salesforce ).
For some reason, in both cases I'm redirected to a URL with OAuth error code 1800 (e.g. https://na15.salesforce.com/setup/secur/RemoteAccessErrorPage.apexp?oauth_error_code=1800&display=popup in the Workbench case). At this URL, I am getting a screen with the text "Remote Access Authorization Error" - "There was a problem in setting up your remote access". What am I doing wrong?
Some additional details:
I can log into SalesForce just fine, the problem only occurs with API/OAuth access
I have not touched anything in my brand-new Developer Edition account, except for (1) populating it with some sample data (Leads, Accounts, Contacts), and (2) resetting the security token (through "My Personal Information" -> "Reset My Security Token")
On the WorkBenh login screen, it does not matter which API version I choose (tried 24, 25 and 26), and I am using "Production" for the Environment since my login doesn't seem to work at all for Pre-Release or Sandbox
(not a real answer, I expect to update it frequently as the situation develops)
Weird.
Yes, Developer Edition is a "Production" as far as connecting apps are concerned. You might have to file a Case with Salesforce Support (Help&Training link in the upper right corner).
Workbench does use API (and probably so does this Apigee thingie) but if you're using your username & pass I don't see how it might go to OAuth...
Can you download any other SF-related tooling (Data Loader, Force.com IDE, Real Force Explorer, Excel Connector, some iPad/Android app... hell, Chatter for Desktop even) and try the connectivity?
Sometimes API products don't display special field for the security token (which you can bypass by entering longer string in the password field: "passwordSecurityToken") but Workbench never asked for a token when I was accessing my Dev. Edition.
There was an issue with OAuth on NA15, but should be resolved now. I tested with Workbench with a brand new NA15 org and its working as expected.
I've run into this when I try and "short circuit" the auth url by decoding the startUrl param and going straight to it in a tab that's already logged in. For example
login to some org on na14.salesforce.com
click sfdx authorize an org in vs code with default url
get sent to a url like https://login.salesforce.com/?startURL=%2Fsetup%2Fsecur%2FRemoteAccessAuthorizationPage.apexp%3Fsource%3D<long_base64_encoded_string>
use a url decoder (i.e. https://meyerweb.com/eric/tools/dencoder/) to translate that to https://login.salesforce.com/?startURL=/setup/secur/RemoteAccessAuthorizationPage.apexp?source=<long_base64_encoded_string>
change the url to match the domain i'm logged in as, i.e. https://na14.salesforce.com/?startURL=/setup/secur/RemoteAccessAuthorizationPage.apexp?source=<long_base64_encoded_string>
go through the standard oauth grant
success
For the most part that works fine, but in some cases I get that wonderful oauth error 1800. In those cases I've been able to work around the issue by specifying the specific domain my instance is on when starting the oauth authorization. Using the above example for step 2 I would chose https://na14.salesforce.com for the the url (other oauth flows typically provide a similar custom url input, but ymmv). Voila, step 7 is successful.
Can't say for sure if that's exactly what will happen for others.