We Keep Coding

Cube.js: invalid token

In the server of cubejs, I generated a token by cubejs token -e "180 day".
Then I assign it to CUBEJS_API_SECRET in .env; and assign it to const cubejsApi = cubejs(.... Then I launched the backend and the frontend, I got the following error:
Invalid Token: {
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1ODg5MzQyOTYsImV4cCI6MTYwNDQ4NjI5Nn0.RVdHlpfubXDgwG1FRYbUm-UDLVBjnb-HSVTK5bEy-ZU"
}
JsonWebTokenError: invalid signature
at /Users/chengtie/Downloads/tmp20200414/cubejs/node_modules/jsonwebtoken/verify.js:133:19
at getSecret (/Users/chengtie/Downloads/tmp20200414/cubejs/node_modules/jsonwebtoken/verify.js:90:14)
at Object.module.exports [as verify] (/Users/chengtie/Downloads/tmp20200414/cubejs/node_modules/jsonwebtoken/verify.js:94:10)
at ApiGateway.defaultCheckAuth (/Users/chengtie/Downloads/tmp20200414/cubejs/node_modules/#cubejs-backend/api-gateway/index.js:551:28)
at ApiGateway.checkAuth (/Users/chengtie/Downloads/tmp20200414/cubejs/node_modules/#cubejs-backend/api-gateway/index.js:572:18)
at Layer.handle [as handle_request] (/Users/chengtie/Downloads/tmp20200414/cubejs/node_modules/express/lib/router/layer.js:95:5)
at next (/Users/chengtie/Downloads/tmp20200414/cubejs/node_modules/express/lib/router/route.js:137:13)
at Route.dispatch (/Users/chengtie/Downloads/tmp20200414/cubejs/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/Users/chengtie/Downloads/tmp20200414/cubejs/node_modules/express/lib/router/layer.js:95:5)
at /Users/chengtie/Downloads/tmp20200414/cubejs/node_modules/express/lib/router/index.js:281:22
Regardless of this error, it seems that the data query worked. Does anyone know what happened?

CUBEJS_API_SECRET is generated by default when Cube.js project is created. Unless you want to redefine it you don't need to assign it in .env file. You should only pass it to cubejs() on client side. Please see https://cube.dev/docs/security#generating-token.

Flask JWT Extended "The specified alg value is not allowed" Error

When making a request to a flask route that requires a JWT to access using (#jwt_required decorator on flask-restful resources), I get a 422 UNPROCESSABLE ENTITY with the message: The specified alg value is not allowed.
When logging in and navigating to the (frontend) route that calls the request:
this.axios.get("/jobs").then(res => {
console.log(res.data);
this.jobs = res.data.jobs;
});
in the same go, it works as expected, however on refresh it then shows the 422 error.
I store the token in localstorage and load it into axios headers like so:
const api = {
init: function() {
Vue.use(VueAxios, axios);
Vue.axios.defaults.baseURL = DEV_URL;
},
setHeader: function() {
const token = `Bearer ${getToken()}`;
Vue.axios.defaults.headers.common["Authorization"] = token;
},
};
and call init() and setHeader() in my main.js so I am confused why this is causing an error only after a refresh.
I haven't be able to find any resources on how to remedy the The specified alg value is not allowed error. Any assistance would be appreciated! :)

I ran into same problem when the JWT token was created in my spring boot auth service but resource service was a flask micro service. I tried the following steps to sort it out,
I pasted the token in jwt.io Debugger.
On the right hand side I found the decoded header where the alg value was the following,
{
"alg": "HS512"
}
I put the alg in the app config in the flask resource server as follows,
app.config['JWT_ALGORITHM'] = 'HS512'
After that the error message was gone and I was able to parse information from the decoded token. So you need to find the algorithm by which the token was generated and set the appropriate algorithm in the flask app.config.

This can happen if the token was created using a different algorithm then app.config['JWT_ALGORITHM']

Django SAML security settings

I am in the process of authenticating my application users using djangosaml2.
Using NAMEID_FORMAT_TRANSIENT in my SAML_CONFIG dict like this:
'service': {
# My SP SP
'sp': {
'name': 'My local SP',
'name_id_format': NAMEID_FORMAT_TRANSIENT,
'endpoints': { ... }
The user is authenticated, but the user name is received encrypted. This is a requirement from the SP. I see in the documentation for pysaml(https://github.com/onelogin/python-saml) that there is a "security" set of settings and one of the parameters there is
"nameIdEncrypted": False
My question:
How to include the "security" parameters in the SAML_CONFIG dictionary in settings.py?
The following does not seem to work:
'service': {
'sp': { ... }
}
'metadata': {
....
}
'security': {
# The nameID of the <saml:logoutRequest> sent by the SP will be encrypted
"nameIdEncrypted": True,
# Indicates whether the <samlp:AuthnRequest> messages sent by this SP
# will be signed. [Metadata of the SP will offer this info]
"authnRequestsSigned": False
}
Edit: Correcting myself: Working with my SP i have made sure that metadata and certificates are correct and my user can authenticate if security is turned off on the SP side. However, when they correctly activate security for my site I see the following in my logs when the initial SAML request goes over:
INFO 2015-10-13 10:00:43,478 response status_ok 3188 Not successful operation:
Signature required
ERROR 2015-10-13 10:00:43,478 client_base parse_authn_request_response 3188 SAML status error: Signature required from urn:oasis:names:tc:SAML:2.0:status:Requester
Still the problem remains how to pass the security settings in the SAML_CONFIG dictionary. I have tried to put them at root level, or under 'sp' to no avail. Another way could be putting them in a separate json file and have djangosaml2 use that file somehow, but I do not see how to do that either.

Take a look on this specific django-saml-extension(https://github.com/KristianOellegaard/django-saml-service-provider).
But at python-saml you can find a django-demo that show you how handle that settings:
https://github.com/onelogin/python-saml/tree/master/demo-django
You can see how settings are read from the saml folder.
nameIdEncrypted false means that the NameID sent from the SP is not sent encrypted.
If you want to throw an exception if a NameID received is from IdP is not encrypted you may set wantNameIdEncrypted to true.
Please read the documentation:
https://github.com/onelogin/python-saml#settings
And if you find any issue, please report it at github :)

as smartin
mentioned, you are looking at the wrong package documentation.
pySAML2 documentation here.
To answer your question:
"service": {
"sp": {
"authn_assertions_signed": "true",
}
}
You need to set authn_assertions_signed to true/false so the IDP knows this sp preference.

Sharepoint/Project Server 2013 Walkthrough: Create a SharePoint-hosted Project Server app

when I follow http://msdn.microsoft.com/en-us/library/office/jj873844.aspx and publish (with F5) my app and function is called:
function getAssignments() {
assignments = PS.EnterpriseResource.getSelf(projContext).get_assignments();
projContext.load(assignments,
'Include(Project, Name, ActualWork, ActualWorkMilliseconds, PercentComplete, RemainingWork, Finish, Task)');
// Run the request on the server.
projContext.executeQueryAsync(onGetAssignmentsSuccess,
// Anonymous function to execute if getAssignments fails.
function (sender, args) {
alert('Failed to get assignments. Error: ' + args.get_message());
});
}
I get following error:
Error: GeneralSecurityAccessDenied
Do you have any idea why? Everywhere I am using my local account that belongs to administrator group.

Have you followed the article up to the end?
There is an AppManifest.xml sample, and it contains 2 permissions:
<AppPermissionRequests>
<AppPermissionRequest Scope="http://sharepoint/projectserver/statusing" Right="SubmitStatus" />
<AppPermissionRequest Scope="http://sharepoint/projectserver/projects" Right="Read" />
</AppPermissionRequests>
If u dont give those permissions to the app, it cant get data from project server and give you Error: GeneralSecurityAccessDenied

Grails Exception: Mapping qname not fond for the package: grails.validation

I am trying to build a simple SOAP web service (basic CRUD) using Grails with Apache Axis2 Plugin.
All works well with methods that have a simple return type (like String, int).
The problem is when I try to retrieve a domain class object:
class Hotel {
static mapping = {
datasource 'hotel'
table 'hotel'
version false
hotelId column:'id', insertable: false, updateable: false
hotelName column:'hotel_name', sqlType:'varchar', name:'hotelName'
}
Integer hotelId
String hotelName
static constraints = {
hotelId(max: 2147483647)
hotelName(size:1..100)
}
}
I have the following methods, inside my service class:
class HotelService {
static expose=['axis2']
boolean transactional = false
String sayHello(String name) {
return "Hello ${name}!"
}
Hotel soapGetHotel(int id){
return Hotel.get(id)
}
}
Executing a curl for soapGetHotel(int id) gives me this error:
| Error 2012-11-13 15:29:46,142 [http-bio-8080-exec-3] ERROR engine.AxisEngine - java.lang.RuntimeException: org.apache.axis2.AxisFault: Mapping qname not fond for the package: grails.validation
Message: java.lang.RuntimeException: org.apache.axis2.AxisFault: Mapping qname not fond for the package: grails.validation
Please, see bellow my soap-xml file:
<soap:Envelope
xmlns:soap="http://www.w3.org/2003/05/soap-envelope"
soap:encodingStyle="http://www.w3.org/2003/05/soap-encoding">
<soap:Body xmlns:m="http://ws.com">
<m:soapGetHotel>
<m:id>13</m:id>
</m:soapGetHotel>
</soap:Body>
</soap:Envelope>
And the curl command:
curl --verbose --request POST --header "Content-Type: application/soap+xml" --data #gethotel.xml http://localhost:8080/wsexample/services/hotel
I believe it has to do with axis that cannot find the mapping for the object. I tried resolving the issue as it is described in the accepted answer here: Axis2 not returning own objects, but no luck, I still get the error.
I followed all steps described in the axis2 grails documentation .
Any thoughts on how to solve this?
Thank you.

The Axis plugin is a rather old one and it seems that it has not been updated for the last 3 years. I would suggest to use the CXF plugin al an alternative. In our projects this worked out great!