Allowed To Read Statuses Even With Permission Denied? - facebook-graph-api

I'm following a tutorial on programming with Flash / Flex and Facebook (see http://www.adobe.com/devnet/facebook/articles/flex_fbgraph_pt1.html). This is a desktop app that connects to Facebook, rather than a web app.
When first testing the ability to read statuses I allowed the app to read them (obviously) when asked, so that worked just fine.
For the hell of it, I then revoked permission and when it asked me again, said Skip. It was still allowed to read them! (result object was valid, fail object was null).
So I then tried again (and it asked me again, since it still did not have permission), and this time I specifically clicked the cross to deny permission... and it was still able to read them!
Have I perhaps missed something? This is the code I'm using:
private function showStatus(): void
{
FacebookDesktop.requestExtendedPermissions(onGetStatusGranted,"read_stream");
}
private function onGetStatusGranted(resultData: Object, failData: Object): void
{
FacebookDesktop.api("/me/statuses", onGotStatus);
}
private function onGotStatus(resultData: Object, failData: Object): void
{
if (failData != null && failData.error.code == 200)
{
// User didn't allow it.
return ; **** Doesn't get here! ****
}
if (failData == null && resultData != null && resultData.length > 0)
this.userStatusLabel.text = "Status: " + resultData[0].message ; **** Always gets here ***
}

You most likely encountered a bug. Statuses require read_stream permission, unless you are a public page.

Related

Retrieving specific data from Active Directory via LDAP in C++ (getting lockout threshold)

I'm improving some code that helps test whether password sprays are properly monitored.
Here is the source code of the injected DLL:
https://github.com/outflanknl/Spray-AD/blob/master/Src/Spray-AD/Spray-AD/ReflectiveDll.cpp
The current issue in this DLL is that it might lock out users (since some users might already have some badPwdCount to their username), so I need to properly check what is the current badPwdCount of the user and what is the thresholdLockout for each user before attempting to authenticate as that specific user (since different users might have different password policies).
Fortunately, the badPwdCount was not difficult to implement and I've modified the LDAP filter properly:
WCHAR* pszPropertyList[3] = { L"sAMAccountName" , L"badPwdCount" , L"lockoutThreshold"};
and properly configured the ExecuteSearch function:
else
{
// Return specified properties
hr = pContainerToSearch->ExecuteSearch(pszSearchFilter,
pszPropertyList,
3,
&hSearch);
}
And the switch case so it'll catch the badPwdCount properly:
case ADSTYPE_INTEGER:
for (x = 0; x < col.dwNumValues; x++) {
if (_wcsicmp(col.pszAttrName, L"badPwdCount") == 0) {
if (col.pADsValues->Integer >= 4 || col.pADsValues->Integer == 0) {
/*some code*/
break;
}
}
}
But since I want to compare the badPwdCount to that specific user's lockout threshold (and not 4 as the example above), I tried to extract the lockoutThreshold attribute as can be viewed here:
https://learn.microsoft.com/en-us/windows/win32/adschema/a-lockoutthreshold
Though I can't seem to get any result back for the threshold lockout.. the code doesn't even return me the unknown type error:
default:
wprintf(L"[!] Unknown type %d.\n", col.dwADsType);
Which is very strange to me as I can retrieve other attributes (such as badPasswordTime) without issues.
How do I properly retrieve the lockoutThreshold? code samples will be awesome.
In the documentation for lockoutThreshold that you linked to, look at "Classes used in", which lists:
Domain-Policy
Sam-Domain
Sam-Domain-Base
Note that it does not include "User".
You won't find this attribute on a user account. You will find it on the root node of the domain.
But yes, as you found, the lockoutThreshold can be overridden by a fine-grained password policy.

PhpUnit unable to access external url

On my local windows PC I am running XAMPP and it is serving a testpage on it (e.g. http://localhost/testsite/testpage.html)
Now on the same machine I have an instance of laravel 5.2 running and I have one named route in it called testroute.
I write a phpunit test cases
public function testBasicExample1() {
$this->visit('testroute')->see('Something'); //Passes
}
public function testBasicExample2() {
$this->visit('http://www.google.com')->see('Google'); //Passes
}
public function testBasicExample3() {
$this->visit('http://localhost/testsite/testpage.html')->see('Something Else');
//Fails as it is unable to reach the desired page (Received status code [404])
}
in TestCase.php
$baseUrl = 'http://localhost:8000';
and in .env APP_URL=http://localhost:8000
Is it know that localhost sites cannot be accessed in phpunit?
Update:
I figured out even http://www.google.com is not working, it is redirecting to the laravel's welcome route. (test passed as there was text 'Google' in that page as well). Basically it was trying to assess http://localhost:8000/www.google.com and that redirects to welcome page.
I am not sure how in laravel's phpunit I can access external url.
I banged my head against a wall for a long time with this. I don't believe it is possible / functional to test external sites with the Laravel click() or visit() methods. If it is, I'm not seeing it.
Though my need was to just check all my links, perhaps this hack may be helpful to you. I went back to basic php to assert the sites returned properly.
$sites = \App\Website::pluck('website');
foreach($sites as $site) {
$file_headers = #get_headers($site);
if (strpos($file_headers[0], '404 Not Found') || $file_headers[0] == null) {
$exists = false;
echo " Failed on: ".$site." ";
}
else {
$exists = true;
}
$this->assertTrue($exists);
}
It doesn't quite get you all the way to what you want (seeing something), but for me it was good enough to be able to see the link was live and successful.
Testing is slow as it is going out to x # of sites.
HTH

A simple command in PAWN

San Andreas Multiplayer (GTA) uses PAWN as its programming language. I'm an owner of a server on SA-MP and I'm not that pro so I'd like to get some help if possible. Basically, I have a command that checks player's statistics when he/she is online, but I'd like to have a command to check them when they're offline. That's the code of the commmand which checks player's statistics when he's online.
CMD:check(playerid, var[])
{
new user;
if(!Logged(playerid)) return NoLogin(playerid);
if(Player[playerid][pAdmin] >= 2 || Player[playerid][pStaffObserver])
{
if(sscanf(var,"us[32]", user, var))
{
SendClientMessage(playerid, COLOR_WHITE, "{00BFFF}Usage:{FFFFFF} /check [playerid] [checks]");
SendClientMessage(playerid, COLOR_GRAD2, "** [CHECKS]: stats");
return 1;
}
if(!strcmp(var, "stats", true))
{
if(!Logged(user)) return NoLoginB(playerid);
ShowStats(playerid, user);
}
}
else
{
NoAuth(playerid);
}
return 1;
}
I use ZCMD command processor and Dini saving system. So I'd like to make CMD:ocheck that would display the stock ShowStats and it'll work like /ocheck [Firstname_Lastname].
Any help? Please help if possible.
Thanks
~Kevin
For the command that you require, you'll have to load data from the player's userfile.
You'll obviously begin with
if(!Logged(playerid)) return NoLogin(playerid);
if(Player[playerid][pAdmin] >= 2 || Player[playerid][pStaffObserver])
{
To check if the player using this is authorized to use this command.
Following this,
if(str, "s[32]", name))
You cannot use 'u' as a formatter here, simply because you're checking an offline player's statistics.
After this, you need to check if the user is actually registered
If he isn't, you return that error the user of this command
If he is, then check if he is online already. If he is online, return error to admin to use this command instead of 'ocheck'
If he's offline, then you can safely proceed to load his statistics (you can use the code used for loading data when a player logs in, except this time it should only be printed
for eg,
format(str, sizeof(str),
"Score: %s, Money: %d",
dini_Int(file, "score"), dini_Int(file, "score") );
Yes, basically, you have to get all the information from the file, so ShowStats will not work, because I suppose it gets all the information from enumerations and such, you have to write a brand new function, of getting all the offline info.

Users receiving multiple notifications (timeline cards) on Glass

I have an app that sends out notifications to users (timeline cards) and some of the users are reporting that they are receiving the same timeline card multiple times (up to 5 times in one instance). Has anyone encountered this? My app is utilizing the Mirror API.
I've reviewed my log files and only see the timeline card produced once. I'm at a loss. I'll provide any code or logs that are needed. My app is written in Python.
Thanks!
This shouldn't be happening. If you're seeing it persist, file a bug in the official issue tracker.
If you do file a bug, there's one thing that might help Google find the root cause. Do a timeline.list on a user who reports the multiple notifications. Does the API show multiple cards? If so, include the JSON representation of them (including the ID)
The specific code to do this list depends on the language you're developing in. Here's an example of how to do it in Java:
public static List<TimelineItem> retrieveAllTimelineItems(Mirror service) {
List<TimelineItem> result = new ArrayList<TimelineItem>();
try {
Timeline.List request = service.timeline().list();
do {
TimelineListResponse timelineItems = request.execute();
if (timelineItems.getItems() != null && timelineItems.getItems().length() > 0) {
result.addAll(timelineItems.getItems());
request.setPageToken(timelineItems.getNextPageToken());
} else {
break;
}
} while (request.getPageToken() != null && request.getPageToken().length() > 0);
} catch (IOException e) {
System.err.println("An error occurred: " + e);
return null;
}
return result;
}

NHibernate Load vs. Get behavior for testing

In simple tests I can assert whether an object has been persisted by whether it's Id is no longer at it's default value. But delete an object and want to check whether the object and perhaps its children are really not in the database, the object Id's will still be at their saved values.
So I need to go to the db, and I would like a helper assertion to make the tests more readable, which is where the question comes in. I like the idea of using Load to save the db call, but I'm wondering if the ensuing exceptions can corrupt the session.
Below are how the two assertions would look, I think. Which would you use?
Cheers,
Berryl
Get
public static void AssertIsTransient<T>(this T instance, ISession session)
where T : Entity
{
if (instance.IsTransient()) return;
var found = session.Get<T>(instance.Id);
if (found != null) Assert.Fail(string.Format("{0} has persistent id '{1}'", instance, instance.Id));
}
Load
public static void AssertIsTransient<T>(this T instance, ISession session)
where T : Entity
{
if (instance.IsTransient()) return;
try
{
var found = session.Load<T>(instance.Id);
if (found != null) Assert.Fail(string.Format("{0} has persistent id '{1}'", instance, instance.Id));
}
catch (GenericADOException)
{
// nothing
}
catch (ObjectNotFoundException)
{
// nothing
}
}
edit
In either case I would be doing the fetch (Get or Load) in a new session, free of state from the session that did the save or delete.
I am trying to test cascade behavior, NOT to test NHib's ability to delete things, but maybe I am over thinking this one or there is a simpler way I haven't thought of.
Your code in the 'Load'-section will always hit Assert.Fail, but never throw an exception as Load<T> will return a proxy (with the Id-property set - or populated from the 1st level cache) without hitting the DB - ie. ISession.Load will only fail, if you access a property other than your Id-property on a deleted entity.
As for your 'Get'-section - I might be mistaken, but I think that if you delete an entity in a session - and later try to use .Get in the same session - you will get the one in 1st level cache - and again not return null.
See this post for the full explanation about .Load and .Get.
If you really need to see if it is in your DB - use a IStatelessSession - or launch a child-ISession (which will have an empty 1st level cache.
EDIT: I thought of a bigger problem - your entity will first be deleted when the transaction is committed (when the session is flushed per default) - so unless you manually flush your session (not recommended), you will still have it in your DB.
Hope this helps.