ERRORS
•This page has an error. You might just need to refresh it. Error in $A.getCallback() [Error during LWC component connect phase: [Cannot read properties of undefined (reading 'name')]] Failing descriptor: {ltng:outApp}
•No component definition for c:b2bBuildToPar in the client registry - for best performance add <aura:dependency resource="c:b2bBuildToPar"/> to your extension of c:b2b_BuildToParApp.
o The error that it’s throwing doesn’t make sense because the <aura:dependency resource="c:b2bBuildToPar"/> is inside of the b2b_BuildToParApp.
<aura:application access="GLOBAL" extends="ltng:outApp" description="b2b_BuildToParApp">
-->
-->
<aura:dependency resource="c:b2bBuildToPar"/>
</aura:application>
•SecureElement does not allow access to charset
I'm trying to debug an issue we are having on our storefront in B2B commerce. We have a build to par page that you can add and remove products from. We have a CSR flow that Allows a user to access a contacts storefront with their user credentials. Then we have a User Experience flow that allows users to imitate contacts user and access the storefront as if they were that user. User Experience works fine, but when using the CSR flow and adding or deleting products from the build to par list in that instance we are given an error with the above logs/warnings. I'm not familiar with LWC and could use help breaking down what these errors mean and hopefully Identifying the issue.
Related
OpenUI5 version: 1.86
Browser/version (+device/version): Chrome Dev
Upon the authentication I validate the user session:
if (isUserSessionValid) {
const oRouter = UIComponent.getRouterFor(this);
oRouter.navTo("overview");
} else {
this.getOwnerComponent().openAuthDialog();
}
If isUserSessionValid is true, then I forward an user to the internal page, otherwise I show the login dialog.
The problem is, however, that an user can change the value of isUserSessionValid in DevTools and then getting forwarded to the UI5 app internal page. Of course, due to a lack of a valid session, no piece of the business data will be displayed, just an empty UI5 app template, but I would like to prevent even such screen.
If it would be a classical webapp, I would just send an appropriate server response with a redirect to the login page (e.g. res.redirect(403, "/login");). But, if I understand it correctly, since I'm sending am asynchronous request, a plain res.redirect won't work out and I'm required to implement a redirection logic on the UI5-client, which can be manipulated and bypassed by user.
How to prevent a manipulation of a view navigation in UI5 and ensure that unauthorized user can't get any piece of the UI5-app code?
The answer from SAP:
If you want to prevent an unauthorized user from accessing the client-side code (e.g. view/controller) you need to enforce
authorization on the server also for those static files. When bundling
the application code you also need to ensure that those files are
separate from the "public" files. One approach would be to have 2
separate components, one for the public page/auth dialog and one for
the actual application.
After installing the spartacus with SAP CC 2011 backend, when I have tried to open asm with URL
https://localhost:4200/powertools-spa/en/USD/?asm=true
and then login as asagent for a b2b customer ()
the request for the cart has user as 'undefined' in the url
Request URL:
https://localhost:9002/occ/v2/powertools-spa/users/undefined/carts?fields=carts(DEFAULT,potentialProductPromotions,appliedProductPromotions,potentialOrderPromotions,appliedOrderPromotions,entries(totalPrice(formattedValue),product(images(FULL),stock(FULL)),basePrice(formattedValue,value),updateable),totalPrice(formattedValue),totalItems,totalPriceWithTax(formattedValue),totalDiscounts(value,formattedValue),subTotal(formattedValue),deliveryItemsQuantity,deliveryCost(formattedValue),totalTax(formattedValue,%20value),pickupItemsQuantity,net,appliedVouchers,productDiscounts(formattedValue),saveTime,user,name)&lang=en&curr=USD
And the following error is displayed in the hybris logs
ERROR [hybrisHTTP26] [RestHandlerExceptionResolver]
de.hybris.platform.servicelayer.exceptions.UnknownIdentifierException:
Cannot find user with propertyValue 'undefined'
Is there anything I am missing as part of setup?
And why do the users are going as undefined?
Update: issue was caused by a user which didn't had customerId set.
Spartacus issue to follow this bug: https://github.com/SAP/spartacus/issues/10244
I tested the scenario you mentioned with basic spartacus (no customization) and the userId was never set to value of undefined and all requests to API contained correct userId.
Do you have any customizations on top of spartacus? In this case that we be mostly related either to auth services or to the ActiveCartService.
I've just started using loopback4 and I would like to protect the /explorer from being public. The user would initially see a page where username and password must be entered. If successful, the user is redirected to /explorer where he can see all API methods (and execute them). If user is not authenticated, accessing the path /explorer would give a response of "Unauthorized". Is there a way to easily implement this?
There is issue talking about a GLOBAL default strategy is enabled for all routes including explorer in https://github.com/strongloop/loopback-next/issues/5758
The way is to specify a global metadata through the options:
this.configure(AuthenticationBindings.COMPONENT).to({
defaultMetadata: {
strategy: 'JWTStrategy'
}
})
this.component(AuthenticationComponent);
registerAuthenticationStrategy(this, JWTAuthenticationStrategy)
But in terms of enabling a single endpoint added by route.get(), it's not supported yet, see code of how explorer is registered. #loopback/authentication retrieves auth strategy name from a controller class or its members, but if the route is not defined in the controller, it can only fall back to the default options, see implementation
I'm trying to use the example project, but I keep getting this message:
DocuSign Exception!
Reason: 0
Error Reponse: null
I have configured everything following the instructions in the repository page.
I have tried debugging the class responsible for the HTTP Post, but so far I got nothing.
Probably you need to grant consent for the integration key to impersonate the user.
See https://github.com/docusign/docusign-java-client/issues/111#issuecomment-513537950
By default apiconnect adds security to be required on all the paths. How can I allow a hit on a path without requiring authentication first?
I've tried unchecking the "Use API security definitions" in the Security section of on my User.count path, but when I use the browser on the URL https://localhost:4002/api/Users/count I get back
Error
401 Authorization Required
code: AUTHORIZATION_REQUIRED
Error: Authorization Required
at D:\PeteSoft\node\test3\node_modules\loopback\lib\application.js:433:21
at D:\PeteSoft\node\test3\node_modules\loopback\lib\model.js:359:7
at D:\PeteSoft\node\test3\node_modules\loopback\common\models\acl.js:536:16
at D:\PeteSoft\node\test3\node_modules\async\dist\async.js:3888:9
at D:\PeteSoft\node\test3\node_modules\async\dist\async.js:473:16
at iteratorCallback (D:\PeteSoft\node\test3\node_modules\async\dist\async.js:1064:13)
at D:\PeteSoft\node\test3\node_modules\async\dist\async.js:969:16
at D:\PeteSoft\node\test3\node_modules\async\dist\async.js:3885:13
at D:\PeteSoft\node\test3\node_modules\loopback\common\models\acl.js:518:17
at D:\PeteSoft\node\test3\node_modules\loopback\common\models\role.js:447:21
at process._tickCallback (internal/process/next_tick.js:61:11)
How can I get the count returned instead of the Authorization Required error?
If you are using the free version, you have to include the IBM client Id (and IBM client secret is optional)..
However, the Authorization error can be catched, so if you properly configure the catch to capture that error, you could work withouth the IBM Client id.. (it is a bad practice, but might solve your problem).
Catch Auth Error
If you want to work with out those keys, you have to buy the product, and in the Design Tab, it will allow you to remove it...