Deal – Need BMF Token I can send Paytm/UPI | Proxies-free

Earnings Disclaimer:  All the posts published herein are merely based on individual views, and they do not expressly or by implications represent those of Proxies-free or its owner. It is hereby made clear that Proxies-free does not endorse, support, adopt or vouch any views, programs and/or business opportunities posted herein. Proxies-free also does not give and/or offer any investment advice to any members and/or it’s readers. All members and readers are advised to independently consult their own consultants, lawyers and/or families before making any investment and/or business decisions. This forum is merely a place for general discussions. It is hereby agreed by all members and/or readers that Proxies-free is in no way responsible and/or liable for any damages and/or losses suffered by anyone of you.

openid connect – Does OIDC explicitly handle refresh token exchange for multiple devices?

This question is inspired by this answer and question

I also use that method to handle the case where users can sign in and out of multiple devices, by storing a per-device refresh token for a device id. I am making the assumption that various additional checks should be available to refresh token exchange: check IP for web apps, check device id for mobile apps, throttling etc.

I would have thought that OIDC somehow caters for the flows around multiple devices for a single user, but having tried to study the spec I can’t say I see it. Basically, my question is, does OIDC implicitly or explicitly address this stuff? Am I reading it right there is no support for this and that to handle it a custom non-OIDC approach is necessary?

node.js – Cannot parse to get the token

For some reason I cannot get the token from the localstorage in order to make the request, it says that there is no token. I am using cookie parser. I am trying to create a new category for my shop. It is not recognizing the token, although it is here.

here is my client:

adminDashoard.js

import { useState } from 'react';
import { createCategory } from './api/category';
import isEmpty from 'validator/lib/isEmpty';
import { showErrorMsg, showSuccessMsg } from './helpers/message';
import { showLoading } from './helpers/Loading'



export default function AdminDashboard() {
const (category, setCategory) = useState('');
const (errorMsg, setErrorMsg) = useState('');
const (successMsg, setSuccessMsg) = useState('');
const (loading, setLoading) = useState(false);

const handleMessages= evt =>{
    setErrorMsg('');
    setSuccessMsg('');
}

const handleCategoryChange = (evt) => {
    setErrorMsg('');
    setSuccessMsg('');
    setCategory(evt.target.value);
   

}
const handleCategorySubmit = (evt) => {
    evt.preventDefault();



    if (isEmpty(category)) {

        setErrorMsg('Please enter a category')
    } else {
        const data = { category }

        setLoading(true);
        createCategory(data)
            .then(response => {
                setLoading(false);
                setSuccessMsg(response.data.successMessage)
            })
            .catch(err => {
                setLoading(false);
                setErrorMsg(err.response.data.errorMessage)
                console.log(err)
            })

    }


};



function ShowHeader() {
    return (
        <div className='bg-dark text-white py-4'>
            <div className='container'>
                <div className='row'>
                    <div className='col-md-6'>
                        <h1>
                            <i className='fas fa-home'>   Dashboard</i>
                        </h1>

                    </div>
                </div>
            </div>
        </div>
    )
}

function ShowActionBtns() {
    return (
        <div className='bg-light my-2'>
            <div className='container'>
                <div className='row pb-3'>
                    <div className='col-md-4 my-1 '>
                        <button
                            className='btn btn-outline-info btn-block'
                            data-toggle='modal'
                            data-target='#addCategoryModal'>
                            <i className=' fas fa-plus'>Add Category</i>
                        </button>
                    </div>
                    <div className='col-md-4 my-1 '>
                        <button className='btn btn-outline-danger btn-block'>
                            <i className=' fas fa-plus'>Add Products</i>
                        </button>
                    </div>
                    <div className='col-md-4 my-1 '>
                        <button className='btn btn-outline-success btn-block'>
                            <i className=' fas fa-plus'>Add Blog</i>
                        </button>
                    </div>

                </div>

            </div>

        </div>
    )
}

function ShowCategoryModal() {
    return (
        <div id='addCategoryModal' className='modal' onClick={handleMessages}>
            <div className='modal-dialog modal-dialog-centered modal-lg'>
                <div className='modal-content'>
                    <form onSubmit={handleCategorySubmit}>

                        <div className='modal-header bg-info text-white'>
                            <h5 className='modal-title'>Add Category</h5>
                            <button className='close' data-dismiss='modal'>
                                <span>
                                    <i className='fas fa-times'></i>
                                </span>
                            </button>
                        </div>

                        <div className='modal-body my-2'>
                            {errorMsg && showErrorMsg(errorMsg)}
                            {successMsg && showSuccessMsg(successMsg)}
                            {
                                loading ? (
                                    <div className='text-center'>{showLoading()}</div>
                                ) : (
                                    <>
                                        <label className='text-secondary'> Category</label>
                                        <input
                                            type='text'
                                            className='form-control'
                                            name='category'
                                            value={category}
                                            onChange={handleCategoryChange}
                                        />
                                    </>
                                )
                            }


                        </div>

                        <div className='modal-footer'>
                            <button data-dismiss='modal' className='btn btn-secondary'>Close</button>
                            <button className='btn btn-info' type='submit'>Submit</button>
                        </div>
                    </form>
                </div>
            </div>
        </div>
    )
}

return <div>
    {ShowHeader()}
    {ShowActionBtns()}
    {ShowCategoryModal()}
</div>
    }

Here is my api file:

import axios from "axios"

export const createCategory = async (formData) => {
const config = {
    headers: {
        'Content-Type': 'application/json'
       
    },
    
};

const response = await axios.post('http://localhost:5000/api/category', formData, config);
return response;

}

on the server side,

  here is my server.js : 
  const express=require('express');
  const app= express();
  const cors=require('cors');
  const connectDB= require('./database/db');
  const morgan= require('morgan');
  const authRoutes= require ('./routes/auth')
  const categoryRoutes = require ('./routes/category');
  const cookieParser = require('cookie-parser')

  //middleware
  app.use(cors());
  app.use(morgan('dev'));
  app.use(express.json());
  app.use(cookieParser());
  app.use('/api/auth', authRoutes);
  app.use('/api/category', categoryRoutes);

  connectDB();

  const port = process.env.PORT || 5000;

  app.listen(port, () => console.log(`Listening on port ${port}`));

  app.get('/', (req, res) =>{
  res.send(' hello server')
    })

here is my route file :

  const express = require('express');
  const router = express.Router();
  const categoryController = require('../routes/controllers/category');
  const  {authenticatateJWT} = require('./middleware/authenticator');

  router.post('/', authenticatateJWT, categoryController.create);

  module.exports = router;

here is my controller:

    exports.create = (req, res)=>{
    console.log(req.user);

    setTimeout(() =>{
    res.json({
      successMessage: `${req.body.category} was created!`
      });
      }, 5000)

      }

here is my middleware:

    const jwt = require('jsonwebtoken');
    const { jwtSecret } = require('../../config/keys');

    exports.authenticatateJWT = (req, res, next) => {
     const token = req.cookies.token;
     console.log(token);
     if (!token) {
     return res.status(401).json({
        errorMessage: 'No token. Authorization denied',
       });
    }
       try {
       const decoded = jwt.verify(token, jwtSecret);

       req.user = decoded.user;
       next();
        } catch (err) {
          console.log('jwt error:', err)
          res.status(401).json({
          errorMessage: 'Invalid token',

          });
      }
    };

kibana – Nginx redirect to kiabana url if memcache token exist

am making a call to nginx.From nginx i have to check if memcache have a token i want to redirect to kibana else i will throw error


content_by_lua '
            local memcached = require "resty.memcached"
            local memc, err = memcached:new()
            if not memc then
                 ngx.say("failed to instantiate memc: ", err)
                 return
            end
            memc:set_timeout(100000)
            local ok, err = memc:connect("md-sd-er.9q4u5f.cfg.aps1.cache.amazonaws.com", 11211);
            if not ok then
               ngx.say("failed to connect: ", err)
               return
            end
            if ok then
                ngx.say("Connected");
                ngx.say(ok);
            end
            local args = ngx.req.get_uri_args();
            local tokenId = args.sid
            ngx.say("###Kuppu");
            ngx.say( "usettttr");
            local res = memc:get("user")
            ngx.say(res);
            if res then
                # Redirect to kibana url

            end
            if not res then
                 # Return Error
            end

authentication – Is it bad practice to use only one token for a SPA (no applications, only user)?

Say we have multiple instances of application X deployed on site1.com, site2.com, site3.com, etc. And we have a centralized server at example.com serving all of these.

All the instances of X are static sites, that is, they do not have a server, and thus, they can’t proxy requests to endpoints.

Traditionally, in a same-site situation, HTTPOnly, secure cookies would’ve been used to store user sessions, but with the (necessary) death of third-party cookies, we can’t do that cross-site. So recently we have been debating about shifting to storing the session token or JWT in LocalStorage or in a cookie (using Javascript).

We understand the issues with XSS and CSRF involved, but we don’t understand how else to make authentication work cross-site. Our application instances are usually “control panels” where users log in to manage their data or other information regarding their organization. They are strictly user <-> server and there is no third-party application involved which might require some access_token.

I have read in a lot of places that storing tokens (JWTs) in LocalStorage is a bad idea. Other places ask you to avoid cookies since they are vulnerable to CSRF. And some places ask you to use id_token and access_token. So where are we supposed to store tokens then?

It’s quite confusing, and I seem to be missing something super obvious (or super complicated). Thanks for helping out!

Related
This post encouraged me to post this question, but I don’t feel like the answer takes into account our cross-site use case:
OIDC – what is the point of two separate tokens – access and id?

Form APi Could not parse property path Unexpected token

Using

  • Drupal 9.1.4
  • symfony/property-access I think is on 5.2.0 (that’s the last version mentioned in the changelog)

I have a custom built form with some date and number fields, for example:

$form('calculator')('chargeable_consideration') = (
  '#type' => 'number',
  '#min' => 0,
  '#step' => 0.01,
  '#required' => TRUE,
  '#size' => 13,
  '#attributes' => (
    'placeholder' => '£0.00',
  ),
  '#title' => $this->t('description text (£) <button class="tooltip-anchor" title="pop up text">?</button>'),
  '#prefix' => '<div class="form-group">',
  '#suffix' => '</div>',
);

I have validation checking the dates are within a range, but nothing to check the numbers.

if I use the numbers

  • 10000.85
  • 123456789.70
  • 1234567890

the form works as expected.

If I use the numbers

I get the following error

SymfonyComponentPropertyAccessExceptionInvalidPropertyPathException: Could not parse property path "calculator)(chargeable_consideration". Unexpected token "(" at position 11. in SymfonyComponentPropertyAccessPropertyPath->__construct() (line 111 of vendorsymfonyproperty-accessPropertyPath.php).
SymfonyComponentPropertyAccessPropertyAccessor->getPropertyPath('calculator)(chargeable_consideration') (Line: 120)
SymfonyComponentPropertyAccessPropertyAccessor->getValue(Array, 'calculator)(chargeable_consideration') (Line: 406)
Drupalcustom_formFormCustomForm->validateForm(Array, Object)
call_user_func_array(Array, Array) (Line: 82)

How do I prevent it from throwing this exception?

web application – Does API access token that only have access to public information need to be kept secret?

I found a Instagram Basic Display API access token leaked in a website. This token belongs to a Instagram marketing account of this website. Using my leet investigating skill, below are the information i have.

  • This token has 3 months valid period
  • This token is in use (i see it’s refreshed last week when its valid period is going to end), although i cannot find where it is used
  • This token is an User Access Token for querying data from Basic Display API. Doc here: https://developers.facebook.com/docs/instagram-basic-display-api
  • This access token only has read access to public information 🙁
  • This token will be temporarily rate limited if using too much

Do you know of any impact i can do with this access token other than rate limiting it?

Also, if this token needs to be kept secret, how can we protect it?

LASSIE TOKEN AIRDROP