Issue with Keycloak and nestjs - nestjs

I have been trying to include Keycloak authentication with my NestJS app and this is driving me crazy. I keep getting an error
"WARN [Keycloak] Cannot validate access token: Error: Grant validation failed. Reason: failed to load public key to verify token. Reason: connect ECONNREFUSED ::1:8080"
My Keycloak.json file is:
{
"realm": "my-realm",
"auth-server-url": "http://localhost:8080/",
"ssl-required": "external",
"resource": "test",
"verify-token-audience": false,
"credentials": {
"secret": "my-secret"
},
"policy-enforcer": {}
}
This is being imported in Apps.module.ts as:
KeycloakConnectModule.register('./dist/keycloak.json', {
policyEnforcement: PolicyEnforcementMode.PERMISSIVE,
tokenValidation: TokenValidation.ONLINE,
}),
I am using Keycloak version 19.0.1 and nest-key cloak-connect v 1.9.0.
When I tried debugging. Grant-manager.js's public key is undefined. I checked with the well-known config and jwks-uri was defined as:
http://localhost:8080/realms/my-realm/protocol/openid-connect/certs
Any ideas on what might be wrong?

Related

RethinkDB pub/sub ReqlPermissionError

I'm using Publish-Subscribe with RethinkDB.
For exchange I use one db named 'RPI_messages' with three tables:
Connector_messages
MAC_messages
Orders
I want to introduce some basic authentication on producer and consumer sides like this:
r.db('rethinkdb').table('users').insert({id: 'lis', password: 'somepassword'})
r.db('rethinkdb').table('users').insert({id: 'rpi', password: 'someotherpassword'})
r.db('RPi_messages').grant('lis', {read: false, write: true, config: true}) //producer
r.db('RPi_messages').grant('rpi', {read: true, write: false, config: true}) //consumers
r.db('rethinkdb').table('permissions')
shows this:
{
"database": "RPi_messages" ,
"id": [
"lis" ,
"007928e5-c654-4311-b3aa-a834c62dcf88"
] ,
"permissions": {
"config": true ,
"read": false ,
"write": true
} ,
"user": "lis"
}
Problem:
When I try to publish or to subscribe to exchange it throws an exception:
ReqlPermissionError: User `lis` does not have the required `config` permission in:
r.db_create('RPi_messages')
rethinkdb.errors.ReqlPermissionError: User `rpi` does not have the required `config` permission in:
r.db_create('RPi_messages')
Does this mean that my users need to have global permissions?
Any help greatly appreciated.
So, with fairly bit of try and error I made it work.
For anyone else: You need config permission on global scope for every user in your pub-sub system like this:
r.grant('lis', {read: false, write: false, config: true});
r.grant('rpi', {read: false, write: false, config: true});
...and following permissions on table(s) or, in my case, on database scope:
r.db('RPi_messages').grant('lis', {read: true, write: true, config: true}); //publisher
r.db('RPi_messages').grant('rpi', {read: true, write: false, config: true}); //sunscriber
Correct me if I'm wrong but this doesn't look very secure to me. Those permissions are needed because Exchanger class in rethink's pub-sub system looks if exchange table exists and creates on if it doesn't. Which means that anyone who gets one of your client subscriber devices can create as many tables in your db as they want.

Log all failed attempts in testcafe quarantine mode?

I have quarantine mode enabled in my testcafe configuration.
"ci-e2e": {
"browsers": [
"chrome:headless"
],
"debugOnFail": false,
"src": "./tests/e2e/*.test.ts",
"concurrency": 1,
"quarantineMode": true,
"reporters": [
{
"name": "nunit3",
"output": "results/e2e/testResults.xml"
},
{
"name": "spec"
}
],
"screenshots": {
"takeOnFails": true,
"path": "results/ui/screenshots",
"pathPattern": "${DATE}_${TIME}/${FIXTURE}/${TEST}/Screenshot-${QUARANTINE_ATTEMPT}.png"
},
"video": {
"path": "results/ui/video",
"failedOnly": true,
"pathPattern": "${DATE}_${TIME}/${FIXTURE}/${TEST}/Video-${QUARANTINE_ATTEMPT}"
}
},
Now when some attempt fails I have entry in log (nunit xml logfile) with information about failed runs and only one stack-trace. I have screenshot for each failed run.
<failure>
<message>
<![CDATA[ ❌ AssertionError: ... Run 1: Failed Run 2: Failed Run 3: Failed ]]>
</message>
<stack-trace>
here we have stack-trace for only one failed run
</stack-trace>
</failure>
I want to have log entry with stack-trace for each failed run for each failed test. Is it possible to configure testcafe this way? If not what I need to do?
There is a mistake in the config file. The name of the option for reporters should be reporter, but it is reporterS. It means that Testcafe doesn't use these reporters at all and maybe now you just see an outdated file with results.

nodemailer with virtualmin and postfix - authentication failed

Im using virtual min. I have a working email account no-reply#mydomain.com
I can login through webmin / virtual min and send emails.
Now I want to send mails from node.js using nodemailer.
Btw this also works from the command line.
mail -s "testing email" mygmail#gmail.com < /dev/null
Here is my nodemailer config:
{
"smtp" : {
"host": "localhost",
"secure": false,
"auth": {
"user": "no-reply#mydomain.com",
"pass": "mypass"
},
"tls": {
"rejectUnauthorized": false
},
"debug" : true
},
"from" : "Resourceful Network <no-reply#resourcefulnetwork.nl>"
}
I found the following config in postfix config file:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtp_tls_security_level = may
This is all set by virtual min.
I get this error
Error: Invalid login: 535 5.7.8 Error: authentication failed: authentication failure
code: 'EAUTH',
response: '535 5.7.8 Error: authentication failed: authentication failure',
responseCode: 535,
command: 'AUTH PLAIN'
I'm 100% sure the password is correct.
If I set "secure" : true in nodemailer config I get this error
errno: 'ECONNREFUSED',
code: 'ESOCKET',
syscall: 'connect',
address: '127.0.0.1',
port: 465,
So that doesn't seem to be the way to go.
Not sure what login protocol to use.. Do I need to set authMethod?
Secure or not secure?
I was able to fix this by removing auth from the nodemailer configuration.
I now realise smtpd_recipient_restrictions = permit_mynetworks means anyone on localhost is automatically allowed to send. And somehow still provider a (correct) username + password tripped things up?

Nodemailer with Gmail on Loopback error - Object #<Object> has no method 'getToken'

I am learning Loopback and I decided to make some email sending. I want to use gmail account.
I created remote method and configured datasources. Here is how it looks:
"myEmailDataSource": {
"name": "myEmailDataSource",
"connector": "mail",
"transports": [
{
"type": "smtp",
"host": "smtp.gmail.com",
"auth": {
"xoauth2": {
"user": "myMail#gmail.com",
"clientId": "myClientId.apps.googleusercontent.com",
"clientSecret": "mySecret",
"refreshToken": "myToken"
}
}
}
]
}
But when I want to send an email, it throws this error:
TypeError: Object #<Object> has no method 'getToken'
at SMTPConnection._handleXOauth2Token (/home/arth95/Projects/firstCMS/node_modules/loopback/node_modules/nodemailer/node_modules/nodemailer-smtp-transport/node_modules/smtp-connection/src/smtp-connection.js:961:67)
at SMTPConnection.login (/home/arth95/Projects/firstCMS/node_modules/loopback/node_modules/nodemailer/node_modules/nodemailer-smtp-transport/node_modules/smtp-connection/src/smtp-connection.js:233:18)
at SMTPTransport.<anonymous> (/home/arth95/Projects/firstCMS/node_modules/loopback/node_modules/nodemailer/node_modules/nodemailer-smtp-transport/src/smtp-transport.js:96:24)
at SMTPConnection.g (events.js:180:16)
at SMTPConnection.EventEmitter.emit (events.js:92:17)
at SMTPConnection._actionEHLO (/home/arth95/Projects/firstCMS/node_modules/loopback/node_modules/nodemailer/node_modules/nodemailer-smtp-transport/node_modules/smtp-connection/src/smtp-connection.js:692:10)
at SMTPConnection._processResponse (/home/arth95/Projects/firstCMS/node_modules/loopback/node_modules/nodemailer/node_modules/nodemailer-smtp-transport/node_modules/smtp-connection/src/smtp-connection.js:511:16)
at SMTPConnection._onData (/home/arth95/Projects/firstCMS/node_modules/loopback/node_modules/nodemailer/node_modules/nodemailer-smtp-transport/node_modules/smtp-connection/src/smtp-connection.js:357:10)
at CleartextStream.EventEmitter.emit (events.js:95:17)
at CleartextStream.<anonymous> (_stream_readable.js:746:14)
Why is that?
I had exact same problem. Did you find any solution for this?
As a workaround I've done following.
create a boot script in server\boot
in the script wrote following code
var email = app.models.Email;
var auth = email.dataSource.connector.transports[0].transporter.options.auth;
auth.xoauth2 = require('xoauth2').createXOAuth2Generator(auth.xoauth2);
This converts the xoauth2 object that you defined in data source to XOAuth2Generator object that is needed by nodemailer.
You need to have xoauth2 module installed.
There should be a better way to handle this. But so far I've not found it, so using this workaround.

'<all_urls>' is not a recognized permission

I request a permission by this code:
chrome.permissions.request({permissions:["<all_urls>"]},function(granted){
if(granted) {
;;
}
});
But I'm getting this error:
Unchecked runtime.lastError while running permissions.request: '<all_urls>' is not a recognized permission.
Is this a bug?
<all_urls> is an origin permission. You have to request the optional permission using "origins" instead of "permissions":
chrome.permissions.request({origins: ["<all_urls>"] }, function(granted) {
// ...
});

Resources