Specify self signed certificate in pact provider testing - node.js

I am currently testing my pact contracts using the below provider options
let opts = {
provider: "api",
providerBaseUrl: "https://my-domain.com",
pactUrls: [
path.resolve(
process.cwd(),
"./pacts/pact-api.json"
),
],
validateSSL: false,
changeOrigin: true,
providerVersion: "1.0.0"
}
return new Verifier(opts).verifyProvider().then(output => {
console.log("Pact Verification Complete!")
console.log(output)
})
When I give the base url as https I get the below error:
Uncaught Error: write EPROTO 140574248376192:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:
at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:92:16)
If I change the url to have http: it does a redirect (I get redirect status code 308).
The https url is a self signed url, and the self signed certificate is present in all our servers. I have no issues accessing the url from any browser or curl or via express.js.
But if I provide the url directly in provider options, I get the error. I went through the pact documentation and I was not able to find any additional arguments.
Any help to overcome this issue is highly appreciated.
Thanks.
Update:
The issue was running pact inside a docker container. The requests from the container were being blocked by an internal proxy. Once the proxy was bypassed, it worked.

Under the hood, pact-js uses the "pact-ruby-standalone". You can set the certificate for the pact-ruby-standalone using the environment variables SSL_CERT_FILE as documented here: https://github.com/pact-foundation/pact-ruby-standalone/releases#pact-provider-verifier

UPDATE:
The issue was due to VPN/proxy settings on the host which was intercepting the request and presenting an invalid certificate.
ORIGINAL POST:
Whilst Beth is correct in that we do use that Ruby library under the hood, Pact JS actually spins up a proxy which the Ruby standalone actually interacts with - i.e. Ruby talks to a local JS server running http, and the proxy re-issues the request to the service. So the issue is most likely in the Pact JS framework.
There could be a few things happening here:
There is an issue in the library somewhere
There is a configuration issue somewhere we need to get to the bottom of
There is something special about the TLS certificate
Could you please update the bug report at https://github.com/pact-foundation/pact-js/issues/429 ?
We're going to need logs and other information to get to the bottom of it (see https://github.com/pact-foundation/pact-js/blob/master/.github/issue_template.md for how to help us help you).

Related

500(Internal Server Error): Forge deployed on Azure

I am new to this topic. I have deployed my app to Azure (following the tutorial from Autodesk). When I try to press to the login to BIM360 is return an error 500 (internal Server Error). I have changed the FORGE_CALLBACK_URL = "htttp://forgeSample1234.azurewebsite.net/api/forge/callback/oauth"
The code has no problem when in localhost.
Does anyone has the same problem?
Please note that when updating the callback URL, you actually have to change it in two places:
in your code (that's typically the FORGE_CALLBACK_URL)
in your Forge app page in https://forge.autodesk.com/myapps
And of course, the URL has to match exactly in both places.
Also, it looks like there might be a typo in your URL: you say htttp instead of http, and I'm also wondering if you shouldn't be using https?

How to configure keycloak-(nodejs-)connect to use PKCE?

I have an express app that I want to secure with keycloak-connect. I have not found any documentation or examples of how to set up an Authorization Code Flow with PKCE in this middleware.
I think I have configured Keycloak (IDP) correctly, because authentication from the app fails due to the middleware not transmitting neither code_challenge nor code_challenge_method parameters, which the auth server rejects:
auth_callback
1
error
invalid_request
error_description
Missing parameter: code_challenge_method
state
b720bdf4-daf8-4aa7-8525-be02404396a6
Middleware configuration:
{
realm: 'SomeRealm',
'auth-server-url': 'https://auth-server.url/auth/',
'ssl-required': 'all',
resource: 'Some-client-ID',
'public-client': true,
'confidential-port': 0,
}
Is keycloak-connect even capable of utilising this flow?
keycloak-connect does not support PKCE as of now.
See the discussion I found at https://keycloak.discourse.group/t/keycloak-connect-node-js-pkce/8285 There someone suggests to switch to another library, which supports PKCE (i.e. node-openid-client)
Regarding the server configuration, I guess you followed https://www.keycloak.org/docs/latest/server_admin/#advanced-settings and section about PKCE, so that should be working as expected.

Cypress can't access a website from its automated browser (used to work normally and other browsers access normally)

I was hoping one of you could help me out here. I ran out of ideas already.
I have a script with Cypress.io that basically access a website and clicks on a link for LOGIN. I have reduced the code to only access the LOGIN page directly, which was working perfectly for the past 1-2 months, but in the past week I ran the script and it's no longer working.
When it tries to access the URL https://sso.tce.sp.gov.br/cas-server/login it gives the error below.
The most weird thing is that I can access this URL manually from the other non-automated (EDGE, Chrome), but when I try to do it with the Cypress automated browser it doesn't work.
cy.visit() failed trying to load:
https://sso.tce.sp.gov.br/cas-server/login
We attempted to make an http request to this URL but the request
failed without a response.
We received this error at the network level:
Error: Parse Error: Duplicate Content-Length
Common situations why this would fail:
you don't have internet access
you forgot to run / boot your web server
your web server isn't accessible
you have weird network configuration settings on your computer
Apparently it's doesn't look like a proxy thing nor a code thing, do you guys have any idea of what it could be?
Code:
describe('Test', () => {
it('Access AUDESP Website', function () {
Cypress.config('chromeWebSecurity',false);
//cy.visit('https://www.tce.sp.gov.br/audesp')
//cy.get('.menu-superior-itens > [href="https://sso.tce.sp.gov.br/cas-server/login"]').click()
cy.visit('https://sso.tce.sp.gov.br/cas-server/login')
})
})
Any ideas would be very helpful!!
Thank you!
UPDATE:
Guys, I'm still with this error, but I have found out that the website is sending a duplicate header, but cypress is not able to process it. The browser, outside of Cypress, ignores it apparently... any ideas on how to fix it on Cypress?

"There was an error connecting to https://localhost:3443/users/login."

I'm attempting the final assignment for my course but not getting anywhere due to Oauth2 authentication difficulties. I'm having a great deal of difficulty resolving this! I think it may be due to the fact I'm using a work laptop which is SOE'd and pretty locked down.
I just don't know where to look to resolve this. Any suggestions?
Steps to replicate
1. I've set my Oauth2 application up in Facebook and with Site URL setting as https://localhost:3443/users/facebook/callback
2. When I attempt ANY method (get, post, put etc) on this url, I get the below.
I've tried:
1. bypassing my company's firewall and hotspotting my phone; note that this a workaround I use to install NPM packages as my company seems to block NPM
2. my course's forum\Stack exchange. It seems that I'm the only person in the galaxy that this has affected.
3. F12 in CHrome - there are no messages in the console
4. inserting debug clues in the user route, viz;
router.get('/facebook', passport.authenticate('facebook'),
function(req, res){
console.log('routergetfacebook');//------------------------debug
});
router.get('/facebook/callback', function(req,res,next){
console.log('router.get-facebook-callback');//------------------------debug
In Chrome
This site can’t be reached
In Postman:
Could not get any response
There was an error connecting to https://localhost:3443/users/login.
Why this might have happened:
The server couldn't send a response: Ensure that the backend is working properly
Self-signed SSL certificates are being blocked: Fix this by turning off 'SSL certificate verification' in Settings > General
Client certificates are required for this server: Fix this by adding client certificates in Settings > Certificates
Proxy configured incorrectly Ensure that proxy is configured correctly in Settings > Proxy
Request timeout: Change request timeout in Settings > General

Using SSL with the python-instagram and localhost on sample-app.py

I plan on using the sample-app.py as a baseline of what I am building out and then expanding it from there. Just want to get comfortable with the instagram API and build out from there.
I am trying to use the sample-app.py provided with python-instagram. I have registered an application on instagrams website. I set it up using the default redirect uri from sample-app.py:
http://localhost:8515/oauth_callback .
I was able to authorize my instagram account to use the app, but when I click on any of the links, I get an error about the acccess-token.
When you look at the python command-line window that stays open, I get the following error:
"check_hostname needs a SSL context with either CERT_OPTIONAL or CERT_REQUIRED"
It appears that when the sample app is processing the lines below, it is trying to connect to instagram, but is not able to because SSL in local host is not set up properly. How do I set up SSL so i do not get the above error?
access_token, user_info = unauthenticated_api.exchange_code_for_access_token(code)
if not access_token:
return 'Could not get access token'
api = client.InstagramAPI(access_token=access_token)
request.session['access_token'] = access_token
print ("access token="+access_token)
There are a few steps to solve this problem (it appears that it is actually several problems in aggregate causing this issue):
use openssl to create a ssl certificate and save cert to the same location as your python script. Download open ssl here: http://slproweb.com/products/Win32OpenSSL.html
You need to tweak bottle so that it will support ssl. Do so by adding the following lines in run in class WSGIRefServer(ServerAdapter):
import ssl
srv.socket = ssl.wrap_socket (
srv.socket,
certfile='server.pem', # path to certificate
server_side=True)
There is a bug in python 3 and above(https://github.com/jcgregorio/httplib2/issues/173). I am using 3.4, so the bug could be fixed in 3.5. In the instagram/oauth2.py file, change all disable_ssl_certificate_validation=False to True.

Resources