How to reset password of a Google App user using Google App script/Python/Java script.
I know it can be done using GAM, I want to know if its possible through above languages.
https://developers.google.com/admin-sdk/directory/v1/reference/users/update#request
You can do it when you update your user account.
Here is some code when you create user account.
{
"primaryEmail": "liz#example.com",
"name": {
"givenName": "Elizabeth",
"familyName": "Smith"
},
"suspended": false,
"password": "new user password",
"hashFunction": "SHA-1",
"changePasswordAtNextLogin": false,
"ipWhitelisted": false,
"ims": [
{
To change the password just update your user account.
{
"primaryEmail": "liz#example.com",
"name": {
"givenName": "Liz",
"familyName": "Smith"
},
"suspended": false,
"password": "updated password",
"hashFunction": "SHA-1",
"changePasswordAtNextLogin": true,
"ipWhitelisted": false,
"ims": [
{
You need to set the "changePasswordAtNextLogin": true, in order to change the password.
NOTE: A password is required for new user accounts. If a hashFunction
is specified, the password must be a valid hash key.
The previous answer, while actually partially true, contains some wrong assumptions and uses plain old SHA1, which is actually discouraged now in 2022, and since my edits were rejected as too substantial and the question doesn't have a proper answer yet, I'll write my own answer.
You can use patch semantics for exactly what you're trying to do - you don't need to provide a fully-populated User object for that, just the fields you actually change - in your case, only the new password details, omitting any user fields you aren't changing in the process.
For instance, this would be the correct payload if you want to change a password to Testpassw0rd1 (assuming your app will use a salt string of Usesomesalthere1 and SHA-256 based password hashing, which is considered a safe algorithm):
{
"password": "$5$Usesomesalthere1$F8UxCaJUKHYgoZUY01YRiogSXXRquSmFuTHcpFOVrD7",
"hashFunction": "crypt"
}
(Yes, that's the entire payload you'd want to send to the patch method endpoint for your desired user.)
A proper password value for any string you want you can obtain from libc crypt() function, using $5$your_salt_value$ as the second parameter (replace your_salt_value with whatever you use in your app - you just need to have it consistent with the value used in password JSON parameter, can't have it different in both places or the resulting password won't work at all).
Related
I'm currently learning how to use the Patreon API. Before I integrate it into my site, I want to test the endpoints using POSTMAN. For example, I want to test the /campaign endpoint based on this documentation.
However, I'm confused how to set the parameter
fields[campaign]=created_at,creation_name
I put it in the body > x-www-form-urlencoded but it's not getting displayed in the atributes.
What is the correct way to set it?
Here is my screenshot of Postman:
Based on the documentation, the attributes in the response should have this information:
{
"data":
{
"attributes": {
"created_at": "2018-04-01T15:27:11+00:00",
"creation_name": "online communities",
"discord_server_id": "1234567890",
"image_small_url": "https://example.url",
"image_url": "https://example.url",
"is_charged_immediately": false,
"is_monthly": true,
"main_video_embed": null,
"main_video_url": null,
"one_liner": null,
"patron_count": 1000,
"pay_per_name": "month",
"pledge_url": "/bePatron?c=12345",
"published_at": "2018-04-01T18:15:34+00:00",
"summary": "The most creator-first API",
"thanks_embed": "",
"thanks_msg": null,
"thanks_video_url": null,
},
"id": "12345",
"type": "campaign"
},
From the API documentation
GET /api/oauth2/v2/campaigns/{campaign_id}
[ and ] needs to URL encode
Fields for each include must be explicitly requested i.e. fields[campaign]=created_at,creation_name but url encode the brackets i.e.fields%5Bcampaign%5D=created_at,creation_name
So you needs to change the Query Params KEY but
VALUE keep the same format field , field
From
fields[Bcampaign]
To
fields%5Bcampaign%5D
My username is mapped to email while creating a user with payload
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": {
"formatted": "Careerex Admin"
},
"userName": "careerex.admin#in.aanasonic.com",
"password": "abc!12345",
"profileUrl": "www.gmail.com",
"phoneNumbers": [
{
"type": "mobile",
"value": "9876543210"
}
],
"locale": "Delhi"
}
I am getting following error regarding restrictions of username-
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"scimType": "invalidValue",
"detail": "31301 - Username careerex.admin#in.aanasonic.com is not valid. User name must be a non null string with following format, ^[\\S]{3,30}$",
"status": "400"
}
Please help how to fix this and create user with same email???
The default configuration available in WSO2 Identity Server enforces the username to be a string with a length of 3 to 30 non-empty characters. Your usecase requires the username length to be more than the default range provided.
To support your requirement, add the following parameters for userstore configuration in the deployment.toml file available at <IS_HOME>/repository/conf as given below.
[user_store]
username_java_script_regex = '^[a-zA-Z0-9.-]+#[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$'
username_java_regex='^[a-zA-Z0-9.-]+#[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}'
You can provide a suitable regular expression to match your requirement. Note that username_java_script_regex is used by front-end components for username validation.
Refer here for more information.
By default, the username in the WSO2 is not allowed as email. You need to configure the product to support username as email. You can follow this documentation to achieve this
I have looked into the G Suite admin APIs and found this function:
GET https://www.googleapis.com/admin/directory/v1/users
I get a list of all users, but no users in the list have a phone number. How can I include the user's phone number in the list?
I would also like to know how to get a list of every user's group memberships if this is possible.
The phone number property is under user Resource which you might have missed since it's also located in the Users.list under Response.
{
"kind": "admin#directory#users",
"etag": etag,
"users": [
users Resource
],
"nextPageToken": string
}
which when you click leads to the full User Resources which then contains the phones property including others.
"phones": [
{
"value": string,
"primary": boolean,
"type": string,
"customType": string
}
],
"phones": string
I am interested in retrieving a Facebook group members' Bio information.
I have created an app where I have requested permission of about user_about_me and the app is under review for submission.
I have coded for the app in JSP but it can only select name, gender, last_name, first_name only. It is not selecting the Bio information.
I face the same problem even in the graph API explorer, when I use
{group_ID}/members
I can retrieve list of all group members. But I can not see more details than the following:
"data": [
{
"name": "name",
"administrator": false,
"id": "USER ID"
},
..
When I click on the ID (or enter the ID in the explorer), I can only get the following:
{
"id": "member_ID",
"first_name": "firstname",
"last_name": "lastname",
"link": "https://www.facebook.com/app_scoped_user_id/...",
"name": "name ",
"updated_time": "2015-02-07T10:02:58+0000"
}
This is not showing the Bio information.
when I enter the following:
{member_ID}?fields=bio
I just get
{
"id": "10153223503039309"
}
I will appreciate if someone please identify me the problem. I believe this problem will also solve my code problem, where at the moment I am unable to retrieve the group member's Bio information too.
Is it possible that the problem will be resolved after the app's acceptance, which is under review?
Thanks you very much.
Syed
You canĀ“t just grab more information from the user just because he is a member of some group. You would have to let him authorize your App with the correct permissions in order to get more data.
I have tried just about everything that I can think of and cannot get this to work.
I am trying to set an access code in my code and send it to a templateRole using the RequestSignatureFromTemplate call. Right now, all of my configuration info is in XML. I am NOT adverse to using JSON but not all of my developers know JSON.
Here is a snippet of my XML.
<envelopeDefinition xmlns=\"http://www.docusign.com/restapi\">
accountId>12345</accountId>
<status>sent</status>
<emailSubject>Test Form</emailSubject>
<emailBlurb>This is a template test.</emailBlurb>
<templateId>####-########</templateId>
<templateRoles>
<templateRole>
<accessCode>AccessCode124</accessCode>" +
<addAccessCodeToEmail>true</addAccessCodeToEmail>" +
<email>jevans#eclarifire.com</email>
<name>Test User</name>
<roleName>RoleOne</roleName>
<emailNotification>
<emailSubject>This is RoleOne's subject</emailSubject>
<emailBody>This is RoleOne's email.</emailBody>
<addAccessCodeToEmail>true</addAccessCodeToEmail>
</emailNotification>
</templateRole>
<templateRole>
<accessCode>AccessCode246</accessCode>
<email>jevans#eclarifire.com</email>
<name>Test User2</name>
<roleName>RoleTwo</roleName>
<emailNotification>
<emailBody>Your access code is 24680</emailBody>
</emailNotification>
</templateRole>
</templateRoles>
</envelopeDefinition>
You'll notice that I have two different implementations in the templateRole nodes. This is intentional since I'm trying everything that I can think of. In templateRole(1), I have added the addAccessCodeToEmail node in two different places and it doesn't work in either. I have also attempted to override the emailBlurb node in templateRole(1) and it doesn't work either.
I've been through the documentation and it says that you should be able to add anything that the Recipients format follows but I can't get it to work.
Any one got any ideas?
I've never used the addAccessCodeToEmail property in a "Create/Send Envelope" API request, because including the Access Code in the email that the recipient receives entirely nullifies the effect of using Access Code for authentication in the first place. i.e., the entire point of requiring the Recipient to enter an Access Code is to add another layer of assurance -- beyond the fact that someone merely has access to an email inbox -- before granting access to the envelope. If you're going to include the access code in the email that the Recipient receives, then using Access Code as the form of authentication isn't providing any additional security benefit whatsoever -- whoever has access to that email inbox will be able to easily access the envelope (same result as if you don't use Access Code at all).
That being said, there is a property that (for whatever reason) should allow you to have Access Code included in the email that the recipient receives -- I can't get this to work either. Maybe a bug, but someone at DocuSign will need to confirm. According to the documentation, this should result in the email containing the access code:
POST https://{{env}}.docusign.net/restapi/{{version}}/accounts/{{acctId}}/envelopes
{
"status" : "sent",
"emailBlurb" : "please sign",
"emailSubject" : "Please sign your document",
"templateId" : "TEMPLATE_ID",
"templateRoles" : [{
"name" : "John Doe",
"email" : "JohnsEmail#outlook.com",
"roleName" : "Signer1",
"accessCode" : "1234",
"addAccessCodeToEmail": "true"
}]
}
This request results in the recipient being required to enter an Access Code before he can access the Envelope, but the addAccessCodeToEmail property isn't having the expected effect, as the Access Code doesn't appear anywhere in the email that the recipient receives.
Alternative Approach (Best Practice):
Instead of adding the plain-text access code to the email, best practice when using the API to create/send an Envelope and require Access Code as the form of recipient authentication would be to do the following:
Programmatically set accessCode using a piece of data that your application knows about the recipient.
Set the "Email Blurb" (i.e., body of the email) to provide a hint as to the Access Code.
For example, let's say your application knows the Recipient's social security number. When you make the "Create Envelope" API request:
Set the value of accessCode to the last 4 digits of the Recipient's SSN.
Set the value of emailBlurb to include the messaging "Your access code is the last 4 digits of your SSN."
Doing things this way is much more secure than simply including the Access Code (in plain text) in the Email itself.
Finally, regarding your question about overriding the email subject & body for recipients -- see definition of emailNotification property on page 290-291 of the REST API guide (http://www.docusign.com/sites/default/files/REST_API_Guide_v2.pdf):
IMPORTANT: If this is enabled for one recipient, it overrides the Envelope Subject and EmailBlurb. Also, you must enable emailNotification for all recipients.
Sounds like you need to set emailNotification for each and every recipient if you want it to have any effect.
Here are a couple of examples that use "Composite Templates" in the Create Envelope API request to create an envelope with either ID Check or Phone Authentication as the method of recipient authentication.
Recipient Authentication = ID Check
POST https://{{env}}.docusign.net/restapi/{{version}}/accounts/{{acctId}}/envelopes
{
"emailSubject": "Please sign",
"emailBlurb": "Please sign...thanks!",
"status": "sent",
"compositeTemplates": [
{
"serverTemplates": [
{
"sequence" : 1,
"templateId": "TEMPLATE_ID"
}],
"inlineTemplates": [
{
"sequence" : 2,
"recipients": {
"signers" : [{
"email": "SallysEmail#outlook.com",
"name": "Sally Adamson",
"recipientId": "1",
"roleName": "ROLE_NAME",
"requireIdLookup": "true",
"idCheckConfigurationName": "ID Check $"
}]
}
}]
}]
}
Recipient Authentication = Phone Auth
POST https://{{env}}.docusign.net/restapi/{{version}}/accounts/{{acctId}}/envelopes
{
"emailSubject": "Please sign",
"emailBlurb": "Please sign...thanks!",
"status": "sent",
"compositeTemplates": [
{
"serverTemplates": [
{
"sequence" : 1,
"templateId": "TEMPLATE_ID"
}],
"inlineTemplates": [
{
"sequence" : 2,
"recipients": {
"signers" : [{
"email": "SallysEmail#outlook.com",
"name": "Sally Adamson",
"recipientId": "1",
"roleName": "ROLE_NAME",
"requireIdLookup": "true",
"idCheckConfigurationName": "Phone Auth $",
"phoneAuthentication": {
"recipMayProvideNumber": "false",
"senderProvidedNumbers": ["206-444-5555"]
}
}]
}
}]
}]
}