So, I'm doing some CTF challenges and I'm stuck at this web problem. I've got source code for the web and here is those code that I'm struggle with:
rick_uname = 'admin'
rick_pw = 'admin'
local_addr='127.0.0.1'
...
if username == rick_uname and password == rick_pw and request.remote_addr == local_addr:
I'm fine username and password, but I dont know how to deal with local_addr. I've tried to use burp suite but it didn't work.
Related
I started to use SQLModel that is created by the same person as FastAPI, but I cannot seem to find how to combine authentication/authorization to get the logged-in user and then get current user from that with SQLModel.
I can authenticate a user by just checking it against a database as below, but then how can I keep this session alive so that I can do other stuff with it such as get current user?
I am purely testing with localhost:8000/docs, so I thought maybe I need to create some Jinja2 templates to test it out in a browser, but not sure?
def login_test(input_email: str, input_password: str, session: Session = Depends(get_session)):
# Check if user exists or not
if not check_user_exists(input_email=input_email):
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST,
detail="User does not exist, please create an account")
# Check if password is ok
if not check_hashed_password(input_password, session.query(User).filter(User.email == input_email).first().password):
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST,
detail="Password is incorrect")
# Login based on email and password if both ok
return {"Message": "Login successful"}```
I'm working on authorizing a new Twitter standalone app.
For this, I'm using python script from Github:
from birdy.twitter import UserClient
key = "..."
secret = "..."
client = UserClient(key, secret)
token = client.get_signin_token()
access_key = token.oauth_token
access_secret = token.oauth_token_secret
print(token.auth_url)
pin = input("PIN: ")
client = UserClient(key, secret, access_key, access_secret)
client.get_access_token(pin)
print(token)
So this get me a authorization URL, and if I paste the URL to the browser I got stuck at 'Redirecting you back to the application. This may take a few moments.' forever.
Thinking it could be a problem of call-back URL, I tried every solution on this stackoverflow Page. such as localhost, localhost.me, 127.0.0.1, 127.0.0.1:xxxx(where xxx is port number), tlocalhost.com and so on. But none of them have worked. Those call back even failed at taking me to this page: 'Redirecting you back to the application. This may take a few moments.'
As far as now only www.twittersdk:// found on Github took me that page.
Also tried to apply solution from here, but It couldn't help
I can't figure out what I am doing wrong, and how to fix it.
Please can anyone help me with this?
Many Thanks
I am trying to do basic authentication with the help of Python-jira and written the following code
from jira import JIRA
SERVER="https://jira.company.com"
user = user#company.com
apikey='api_token'
class create_issue:
def check_authentication(self):
print("inside the check authentication method#######")
jira = JIRA(options, basic_auth=(user, apikey)) # username is email-ID and apikey is the JIRA api-token
ci= create_issue()
ci.check_authentication()
I am getting following error
WARNING:root:Got recoverable error from GET https://jira.company.com/rest/api/2/serverInfo, will retry [1/3] in 13.772170596345521s. Err: 401
Earlier tried with deprecated username and password, later changed to api_key instead of password. But still getting the issue. Can anybody help on this. When I use the same authentication using the website it is working.
Thanks,
Punith
Their documentation indicates that you should be using a username and password when using basic auth, not an apikey.
https://developer.atlassian.com/server/jira/platform/basic-authentication/
Stick to something simple to make sure it works, before introducing classes.
from jira import JIRA
SERVER="https://jira.company.com"
user = "username"
password = "password"
jira = JIRA(SERVER, basic_auth=(user, password))
I'm currently setting up a gitlab server using a LDAP backend.
When I try to login as a user present in the LDAP db, I get the following error:
"Could not authorize you from LDAP because: "Undefined method 'persisted?' for #"
Peeking into the source code (specifically app/controllers/omniauth_callbacks_controller.rb) the villain seems to be:
#user = Gitlab::LDAP::User.find_or_create(oauth)
#user.remember_me = true if #user.persisted?
It is totally correct for him to fail here because there is no method persisted? (neither in lib/gitlab/ldap/user.rb nor lib/gitlab/oauth/user.rb). Changing the second line to
#user.remember_me = false #true if #user.persisted?
doesn't work either since remember_me is an invalid function for ruby.
I really have no clue about ruby, let alone Ruby On Rails, so I stopped digging here.
Since I certainly am not the first person to try using LDAP auth in gitlab I consider this an error on my side. Since authentication seems to work (if I enter a false password for the user gitlab happily tells me so), I don't have any idea where to start looking.
I appreciate any help from you guys,
Best Richard
Edit: My gitlab.yml is here.
Solved the problem myself. The database lookup yielded a nil object due to the user creation failing (whenever a ldap user logs in, gitlab uses the ldap data to fill its own database).
During creation of the user database entry the query got an invalid email entry resulting in a failed insert query. Unfortunately this was very hard to debug.
In case anyone should have this problem, try changing the following code in lib/gitlab/oauth/user.rb:
begin
user.save!
rescue ActiveRecord::RecordInvalid => e
raise_error ("(OAuth) Error #{e.to_s}") # <-- add this line
log.info "(OAuth) Email #{e.record.errors[:email]}. Username #{e.record.errors[:username]}"
return nil, e.record.errors
end
This will - in case gitlab is not able to add your user - print the error message the database backend returned as the usual red error banner when trying to log in. Keep in mind to remove this line when you no longer need it.
I can suggest a patch (tested on Gitlab 7.1.0). This code sets the gitlab_rails['ldap_uid'] as username when a ldap user is connecting for the first time :
in /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/oauth/user.rb (see INCLUDE START and STOP) :
user = model.build_user(opts)
user.skip_confirmation!
# Services like twitter and github does not return email via oauth
# In this case we generate temporary email and force user to fill it later
if user.email.blank?
user.generate_tmp_oauth_email
elsif provider != "ldap"
# Google oauth returns email but dont return nickname
# So we use part of email as username for new user
# For LDAP, username is already set to the user's
# uid/userid/sAMAccountName.
email_username = email.match(/^[^#]*/)[0]
# Strip apostrophes since they are disallowed as part of username
user.username = email_username.gsub("'", "")
else
# INCLUDE START
# if LDAP config "ldap_uid" is set : we pick this attribute to set the username :
if ldap_conf['uid'].present?
user.username = auth.extra.raw_info.send(ldap_conf['uid'])[0]
end
# INCLUDE STOP
end
begin
user.save!
In my case the problem was importing (copying file) fro old gitlab repositories to new one.
Gitlab wasn't able to create clean folder for the new user.
Solution:
remove imported repositories
create new, empty repository by first login with LDAP credentials
read your PRIVATE-TOKEN
start gitlab server on your repository ie. 'git daemon --verbose --export-all'
import data from old gitlab using API:
curl -X POST --header "PRIVATE-TOKEN: xxxxxffxxxyyxxxxzzz" http://testserver07.lq/api/v3/projects"?name=project01&import_url=git://localhost/var/opt/gitlab/git-data/repositories-old/repos/project01.git"
First, check if your email address in Gitlab DB is correct:
# login to Gitlab DB (MySql)
mysql -u gitlab gitlabhq_production -p
# check user email address
select email from users where username like 'foo';
Then remove stored LDAP objects from Gitlab DB for the user:
# clear ldap data
update users set extern_uid = '' where username = 'foo';
On next login Gitlab write a new extern_uid.
I have an interesting issue I've been trying to resolve for a few days.
I'm currently working with an Windows Server 2003 machine that is running a standard instance of Active Directory.
The directory contains two domain components (DCs) that both house users that are going to be authorizing against the directory, via my application.
I'm using :
The IP address of the server as the host name
An SSL connection via port 3269
The GSS Negotiate Auth Mechanism
A BaseDN that is a parentDN of both DC's
The sAMAccountName as the login name
The problem is, I cannot successfully authorize any users from DC1, yet all of the ones who belong to DC2 are completely fine and work great. I get this error on DC1 :
8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece
System.DirectoryServices.Protocols.LdapException: The supplied credential is invalid.
However, using Softerra's LDAP Broswer, I can connect in and authorize the same exact user without any issue, so I know the credentials are correct.
From what I can tell, both of these DC's are configured the same... I've browsed both of them for something, anything that is different... but have found nothing that really stands out.
I posted something months ago about this particular setup, and the code I'm using is in that thread as well.
Set callback for System.DirectoryServices.DirectoryEntry to handle self-signed SSL certificate?
Any help here would be much appreciated.
Thanks!
I was able to get this working, but for the life of me I cannot figure out why this was the case. Basically, this error...
8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece System.DirectoryServices.Protocols.LdapException: The supplied credential is invalid.
...was dead on. The issue was that users logging in under what I called DC2 needed to issue the bind with the domain AND sAMAccountName (Ex. LIB\JSmith), as opposed to DC1, which allowed just the sAMAccountName to be entered.
I figured the best way to make this programmatic was to use the principal binding account to query for the DN of the user. From that DN, using some crafty RegEx, I'm able to capture the domain they inherit from, and issue two separate binds.
SearchResultEntry ResultEntry = userResponse.Entries[0];
//Let's get the root domain of the user now using our DN RegEx and that search result
Regex RegexForBaseDN = new Regex(config.LdapAuth.LdapDnRegex);
Match match = RegexForBaseDN.Match(ResultEntry.DistinguishedName);
string domain = match.Groups[1].Value;
//Try binding the user with their domain\username
try
{
var thisUser = new NetworkCredential{
Domain = domain,
UserName = username,
Password = Pin
};
//If this goes well, we'll continue forward
ldapconn.Bind(thisUser);
}
//If that doesn't work, try biding them with the highest level domain
catch (LdapException ex)
{
if (ex.ErrorCode.Equals(LdapErrorCodes.LDAP_INVALID_CREDENTIALS))
{
var thisUserOnce = new NetworkCredential{
Domain = config.LdapAuth.LdapDomain,
UserName = username,
Password = Pin
};
//If this goes well, we'll continue forward
ldapconn.Bind(thisUserOnce);
}
}
It's not nearly as elegant as I would have wanted, but it does work for this particular scenario.
However, I'm still really interested in why the naming conventions are different depending on which DC the user inherit's from.