Getting `invalid_token` error for a seemingly valid `/messages` call - azure

I am getting a strange invalid_token error when doing GET on https://outlook.office.com/api/v2.0/me/messages even though the access_token I supply is fresh and valid.
#<Faraday::Response:0x007f842a55d9c0 #on_complete_callbacks=[], #env=#<Faraday::Env #method=:get #body="" #url=#<URI::HTTPS https://outlook.office.com/api/v2.0/me/messages> #request=#<Faraday::RequestOptions (empty)> #request_headers={"User-Agent"=>"Faraday v0.9.2", "Authorization"=>"Bearer XXXXX_my_access_code_goes_hereXXXXX"} #ssl=#<Faraday::SSLOptions verify=true> #response=#<Faraday::Response:0x007f842a55d9c0 ...> #response_headers={"content-length"=>"0", "server"=>"Microsoft-IIS/8.5", "set-cookie"=>"exchangecookie=da79bef43acf4d1aa5f0bb00988f6629; expires=Sat, 09-Sep-2017 18:34:51 GMT; path=/; HttpOnly", "www-authenticate"=>"Bearer client_id=\"my_client_id\", trusted_issuers=\"00000001-0000-0000-c000-000000000000#*\", token_types=\"app_asserted_user_v1 service_asserted_app_v1\", authorization_uri=\"https://login.windows.net/common/oauth2/authorize\", error=\"invalid_token\",Basic Realm=\"\",Basic Realm=\"\",Basic Realm=\"\"", "request-id"=>"28ed7077-b92c-470a-b062-0f5f2a54d74a", "x-calculatedfetarget"=>"DM3PR12CU001.internal.outlook.com", "x-backendhttpstatus"=>"401, 401", "x-feproxyinfo"=>"DM3PR12CA0039.NAMPRD12.PROD.OUTLOOK.COM", "x-calculatedbetarget"=>"DM2PR12MB0315.namprd12.prod.outlook.com", "x-ms-diagnostics"=>"2000010;reason=\"ErrorCode: 'PP_E_RPS_CERT_NOT_FOUND'. Message: 'Certificate cannot be found. Certificate required for the operation cannot be found.%0d%0a Internal error: spRPSTicket->ProcessToken failed.'\";error_category=\"invalid_msa_ticket\"", "x-diaginfo"=>"DM2PR12MB0315", "x-beserver"=>"DM2PR12MB0315", "x-feserver"=>"DM3PR12CA0039, BY1PR13CA0015", "x-powered-by"=>"ASP.NET", "x-msedge-ref"=>"Ref A: A8A103D34AD84EC089A59EFDA0AF5385 Ref B: 740314A1C3A73205090D30CCB559AAA0 Ref C: Fri Sep 9 11:34:51 2016 PST", "date"=>"Fri, 09 Sep 2016 18:34:50 GMT", "connection"=>"close"} #status=401>>

I found the answer. Apparently, scope https://graph.microsoft.com/mail.read (that I was requesting) is not the same as https://outlook.office.com/mail.read. Once I switched over to using outlook.office.com in the scope, my API call worked too.

Related

{"message": "Cannot send an empty message", "code": 50006} gitlab

I want to integrate a bot via a weebhook between Gitlab and discord, so I've configured the bot first, copied his url and put it into the gitlab weebhook configuration input and set it for sending push updates to the Discord server.
With a real push test, I have (with the body)
Request headers:
Content-Type: application/json
X-Gitlab-Event: Push Hook
and as response
Response headers:
Date: Tue, 26 May 2020 18:46:48 GMT
Content-Type: application/json
Content-Length: 58
Connection: close
Set-Cookie: __cfduid=d374998c2f84e3e20b75bbdec88fb63d91590518808; expires=Thu, 25-Jun-20 18:46:48 GMT; path=/; domain=.discordapp.com; HttpOnly; SameSite=Lax, __cfruid=418f7199379a53d23012d37b15f2ac5a3aac36b6-1590518808; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Ratelimit-Bucket: 3cd1f278bd0ecaf11e0d2391374c011d
X-Ratelimit-Limit: 5
X-Ratelimit-Remaining: 4
X-Ratelimit-Reset: 1590518811
X-Ratelimit-Reset-After: 2
X-Envoy-Upstream-Service-Time: 12
Via: 1.1 google
Cf-Cache-Status: DYNAMIC
Cf-Request-Id: 02f3e816a1000004823d920200000001
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
Cf-Ray: 5999a9376a790482-CDG
but got the error:
Response body:
{"message": "Cannot send an empty message", "code": 50006}
or also
Hook executed successfully but returned HTTP 400 {"message": "Cannot send an empty message", "code": 50006}
Thanks for help
You need to use the "Integrations" feature for "Discord notifications" instead of regular webhook.
See documentation here

Getting Error while opening hosted KaiOS app

I have a manifest.webapp hosted at my application root (https://localhost:5001/manifest.webapp), when I open it in KaiOS simulator, I get the following error:
Unable to access the app starting document https://localhost:5001/,
got HTTP code 405
Curl of its response is:
HTTP/1.1 200 OK
Date: Wed, 02 Oct 2019 21:18:41 GMT
Content-Type: application/x-web-app-manifest+json
Content-Length: 6097
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Last-Modified: Tue, 01 Oct 2019 07:35:10 GMT
Accept-Ranges: bytes
ETag: "1d5782ac10b5cd1"
Set-Cookie: ClientId=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax
Set-Cookie: ClientId=922A46E87C9646C18555E7E7DE84840F; expires=Mon, 02 Oct 2119 21:18:42 GMT; path=/; samesite=lax
Access-Control-Allow-Origin: *
x-frame-options: allow-from https://example.com/
x-web-server-version: 1.0.0.0
x-besku: UNKNOWN
{
"name": "abc",
"short_name": "abc",
"icons": [..],
"scope": "/",
"start_url": "/abc/?start_url=sss",
"display": "standalone",
"background_color": "#ffffff",
"theme_color": "#0078d7"
...
Any help would be appreciated.
Firefox os/kaios makes a HEAD call, before GET, so that should be implemented on your server, else this error will come.

Use international characters in azure storage metadata?

When I run this request using this azure library:
blobURL.PutBlob(ctx, strings.NewReader("Some text"), azblob.BlobHTTPHeaders{}, azblob.Metadata{"Foo": "/愛知県/bar"}, azblob.BlobAccessConditions{})
I get this error:
===== RESPONSE ERROR (ServiceCode=AuthenticationFailed) =====
Description=Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:daf8a672-001e-000e-2f4b-a033f3000000
Time:2018-02-07T19:38:09.6740273Z, Details:
AuthenticationErrorDetail: The MAC signature found in the HTTP request 'REDACTED' is not the same as any computed signature. Server used following string to sign: 'PUT
9
x-ms-blob-cache-control:
x-ms-blob-content-disposition:
x-ms-blob-content-encoding:
x-ms-blob-content-language:
x-ms-blob-content-type:
x-ms-blob-type:BlockBlob
x-ms-client-request-id:f18fd538-3780-4f62-5236-777ac244affa
x-ms-date:Wed, 07 Feb 2018 19:38:09 GMT
x-ms-meta-foo:/愛知県/bar
x-ms-version:2016-05-31
/MYACCOUNT/MYCONTAINER/ReadMe.txt
timeout:61.
PUT https://MYACCOUNT.blob.core.cloudapi.de/MYCONTAINER/ReadMe.txt?timeout=61
Authorization: REDACTED
Content-Length: [9]
User-Agent: [Azure-Storage/0.1 (go1.9.3; darwin)]
X-Ms-Blob-Cache-Control: []
X-Ms-Blob-Content-Disposition: []
X-Ms-Blob-Content-Encoding: []
X-Ms-Blob-Content-Language: []
X-Ms-Blob-Content-Type: []
X-Ms-Blob-Type: [BlockBlob]
X-Ms-Client-Request-Id: [f18fd538-3780-4f62-5236-777ac244affa]
X-Ms-Date: [Wed, 07 Feb 2018 19:38:09 GMT]
X-Ms-Meta-Foo: [/愛知県/bar]
X-Ms-Version: [2016-05-31]
--------------------------------------------------------------------------------
RESPONSE Status: 403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
Content-Length: [936]
Content-Type: [application/xml]
Date: [Wed, 07 Feb 2018 19:38:09 GMT]
Server: [Microsoft-HTTPAPI/2.0]
X-Ms-Request-Id: [daf8a672-001e-000e-2f4b-a033f3000000]
exit status 1
Is this because "/愛知県/bar" != "/愛知県/bar"?
Do you see any way to set non-ascii character like "/愛知県/bar" as a metadata value?
Since you mentioned Go in the tag, I assume you are looking for using a transliterator, there is this one in github which you should try
: https://github.com/rainycape/unidecode

Not receiving cookie that was previously set

I have a very mysterious puzzle here. I monitor user activity, and record their actions to user profiles, simple. I use a cookie, as the user's id. If I've never seen the user before, I issue a random value as a cookie. After that, if/when I see that guy again, I rewrite their cookie value on all subsequent visits. Pretty standard stuff so far. Mysteriously, after a few requests, very rarely, the inbound cookie is just not there as a part of the request. Here is a truncated view of my access logs for a given user:
2015-02-19 12:14:06 ip:108.45.172.178 cookie:tx7Xd8e8InQNyceDFPgWHS1424376343 /path1 "othercookie=nk1bwo:fxx-2gop9,nk1btk:fxx-2gop8; userid=tx7Xd8e8InQNyceDFPgWHS1424376343; HASESSION=8888; AWSELB=<LONGSTRING>"
2015-02-19 12:14:07 ip:108.45.172.178 cookie:tx7Xd8e8InQNyceDFPgWHS1424376343 /path2 "othercookie=nk1bwo:fxx-2gop9,nk1btk:fxx-2gop8; userid=tx7Xd8e8InQNyceDFPgWHS1424376343; HASESSION=8888; AWSELB=<LONGSTRING>"
2015-02-19 12:14:07 ip:108.45.172.178 cookie:tx7Xd8e8InQNyceDFPgWHS1424376343 /path3 "othercookie=nk1bwo:fxx-2gop9,nk1btk:fxx-2gop8; userid=tx7Xd8e8InQNyceDFPgWHS1424376343; HASESSION=8888; AWSELB=<LONGSTRING>"
2015-02-19 12:14:08 ip:108.45.172.178 cookie:ybJRVsoDVxzJJ6SsdaaZSS1424376845 /path4 "HASESSION=8888; AWSELB=<LONGSTRING>"
2015-02-19 12:14:09 ip:108.45.172.178 cookie:ybJRVsoDVxzJJ6SsdaaZSS1424376845 /path5 "HASESSION=8888; AWSELB=<LONGSTRING>; userid=ybJRVsoDVxzJJ6SsdaaZSS1424376845"
2015-02-19 12:14:10 ip:108.45.172.178 cookie:ybJRVsoDVxzJJ6SsdaaZSS1424376845 /path6 "HASESSION=8888; AWSELB=<LONGSTRING>; userid=ybJRVsoDVxzJJ6SsdaaZSS1424376845"
2015-02-19 12:14:11 ip:108.45.172.178 cookie:ybJRVsoDVxzJJ6SsdaaZSS1424376845 /path7 "HASESSION=8888; AWSELB=<LONGSTRING>; userid=ybJRVsoDVxzJJ6SsdaaZSS1424376845"
2015-02-19 12:14:12 ip:108.45.172.178 cookie:ybJRVsoDVxzJJ6SsdaaZSS1424376845 /path8 "HASESSION=8888; AWSELB=<LONGSTRING>; userid=ybJRVsoDVxzJJ6SsdaaZSS1424376845"
In order, you can see a timestamp, then ip, then the cookie value I'm using for that request, then the obfuscated path (lots of ugly irrelevant GET params), and then finally a dump of the inbound cookies on the request.
On the first request, this user has a userid cookie set, along with another irrelevant cookie, a cookie set by HAProxy for sticky sessions, and a cookie set by AWS ELB (138 characters long).
Then go to #4, I still have the haproxy cookie, and the awselb cookie, but the userid and the othercookie aren't part of that request? Where did they go? Consequently, I generate a new userid value, write it as part of the response, and that is subsequently received for all further requests. What's going on?
Here's another log showing what I'm writing to the header on outgoing responses for a different guy. I'm logging this immediately before my res.setHeader('Set-Cookie', cookie_list) line:
2015-02-18 17:47:47 ip:66.56.52.46 cookiessetting: ["userid=HxfmJNtK7rSXUB1vOnGDkC1424310323; Domain=.mydomain.net; Path=/; Expires=Sat, 18 Feb 2017 01:47:47 GMT"]
2015-02-18 17:47:48 ip:66.56.52.46 cookiessetting: ["userid=HxfmJNtK7rSXUB1vOnGDkC1424310323; Domain=.mydomain.net; Path=/; Expires=Sat, 18 Feb 2017 01:47:48 GMT"]
2015-02-18 17:47:49 ip:66.56.52.46 cookiessetting: ["userid=HxfmJNtK7rSXUB1vOnGDkC1424310323; Domain=.mydomain.net; Path=/; Expires=Sat, 18 Feb 2017 01:47:49 GMT"]
2015-02-18 17:47:50 ip:66.56.52.46 cookiessetting: ["userid=HxfmJNtK7rSXUB1vOnGDkC1424310323; Domain=.mydomain.net; Path=/; Expires=Sat, 18 Feb 2017 01:47:50 GMT"]
2015-02-18 17:47:51 ip:66.56.52.46 cookiessetting: ["userid=X0AF14Lbz6sJ8nh45C7Tws1424310463; Domain=.mydomain.net; Path=/; Expires=Sat, 18 Feb 2017 01:47:51 GMT"]
2015-02-18 17:47:53 ip:66.56.52.46 cookiessetting: ["userid=X0AF14Lbz6sJ8nh45C7Tws1424310463; Domain=.mydomain.net; Path=/; Expires=Sat, 18 Feb 2017 01:47:53 GMT"]
2015-02-18 17:47:54 ip:66.56.52.46 cookiessetting: ["userid=X0AF14Lbz6sJ8nh45C7Tws1424310463; Domain=.mydomain.net; Path=/; Expires=Sat, 18 Feb 2017 01:47:54 GMT"]
2015-02-18 17:47:56 ip:66.56.52.46 cookiessetting: ["userid=X0AF14Lbz6sJ8nh45C7Tws1424310463; Domain=.mydomain.net; Path=/; Expires=Sat, 18 Feb 2017 01:47:56 GMT"]
This shows the same thing, the request at 17:47:51 came in without that inbound cookie, so it generated a new one and that got used for all subsequent requests. How does the cookie setting look? I'm pretty sure that how it works ....
My set up is that I have AWS ELB directing requests to a fleet of ec2 instances, on each ec2 instance, I have HAProxy as a reverse proxy going to a bunch of different open ports. The ports/processes are node.js/express. Pretty standard technologies.
Do cookies like this sometimes just get lost? Do other players on the internet (isp's) do bad things like this? Why would they drop my userid cookie and not the AWSELB one? I'm really stumped on this one, and I would really appreciate some help here ....
EDIT
This is my code to do the cookie setting, I know there are newer ways to do it in express, but this should work right?:
var futuredate = new Date().getTime() + 2*365*24*60*60*1000;
var datestring = new Date(futuredate).toUTCString()
var cookie_list = []
cookie_list.push('userid ='+cookieval+'; Domain=.mydomain.net; Path=/; Expires='+datestring);
if(someconditional)
cookie_list.push('othercookie ='+val+'; Domain=.mydomain.net; Path=/; Expires='+datestring);
res.setHeader('Set-Cookie', cookie_list)

Error during couchdb filtered replication with params

I'm trying to run a filtered replication on two different machines, I realized that this only happens when doing a pull replication, if I do a push replication it works fine.
curl -X POST http://localhost:5984/_replicate -d '{\"source\":\"http://MARTIN-NEWPC:5984/pdlib\",\"target\":\"pdlib\",\"filter\":\"replication/SINGLE_COLLECTION\",\"query_params\":{\"key\":\"bb579347-9bfb-4dda-84eb-622b43108872\"}}' -H "Content-Type: application/json"
The cryptic response I get from that request is:
{"error":"json_encode", "reason":"{bad_term, <0.20050.0>}"}
And the debug output in the target couchdb log file is:
[Mon, 17 Oct 2011 01:20:48 GMT] [debug] [<0.476.0>] 'GET' /pdlib/_changes?key=bb579347-9bfb-4dda-84eb-622b43108872&filter=replication/SINGLE_COLLECTION&style=all_docs&heartbeat=10000&since=0&feed=normal {1,
1}
Headers: [{'Accept',"application/json"},
{'Content-Length',"0"},
{'Host',"MARTIN-NEWPC:5984"},
{'User-Agent',"CouchDB/1.0.2"}]
[Mon, 17 Oct 2011 01:20:48 GMT] [debug] [<0.476.0>] OAuth Params: [{"key","bb579347-9bfb-4dda-84eb-622b43108872"},
{"filter","replication/SINGLE_COLLECTION"},
{"style","all_docs"},
{"heartbeat","10000"},
{"since","0"},
{"feed","normal"}]
[Mon, 17 Oct 2011 01:20:48 GMT] [info] [<0.476.0>] 192.168.2.3 - - 'GET' /pdlib/_changes?key=bb579347-9bfb-4dda-84eb-622b43108872&filter=replication/SINGLE_COLLECTION&style=all_docs&heartbeat=10000&since=0&feed=normal 200
[Mon, 17 Oct 2011 01:20:48 GMT] [error] [<0.476.0>] attempted upload of invalid JSON (set log_level to debug to log it)
[Mon, 17 Oct 2011 01:20:48 GMT] [debug] [<0.476.0>] Invalid JSON: <<"bb579347-9bfb-4dda-84eb-622b43108872">>
[Mon, 17 Oct 2011 01:20:48 GMT] [info] [<0.476.0>] 192.168.2.3 - - 'GET' /pdlib/_changes?key=bb579347-9bfb-4dda-84eb-622b43108872&filter=replication/SINGLE_COLLECTION&style=all_docs&heartbeat=10000&since=0&feed=normal 400
[Mon, 17 Oct 2011 01:20:48 GMT] [debug] [<0.476.0>] httpd 400 error response:
{"error":"bad_request","reason":"invalid UTF-8 JSON"}
In case you need to know, this is the filter function:
function (doc, req) {
if (doc.type == 'collection' || doc.type == 'document') {
for (var i in doc.path) {
if (doc.path[i] == req.query.key) {
return true;
}
}
}
return false;
}
Any ideas about the possible cause?
It's common to get a 400 "invalid UTF-8 JSON" error when CouchDB tries to interpret one of your query values as JSON when it's a raw (unquoted) string instead. In this case the replication config results in this HTTP request:
GET /pdlib/_changes?key=bb579347-9bfb-4dda-84eb-622b43108872&filter=replication/SINGLE_COLLECTION&style=all_docs&heartbeat=10000&since=0&feed=normal 400
The _changes feed itself doesn't use a key parameter, but normal CouchDB _view queries do — and there expect it to be a JSON value! — so you might try renaming that query_param to something different.
(Somewhat unfortunately, user-defined filter (and list, etc.) functions share the query parameter namespace with CouchDB itself...you may want to prefix your custom parameters with something that's unlikely to conflict with current or future builtin options, e.g. myapp_key.)
Looks to me like there is something wrong with the way you have your JSON escaped. This works for me:
curl -X POST http://localhost:5984/_replicate -d '{"source":"source_db","target":"target_db","filter":"ddoc/filter-name","query_params":{"key":"some_key"}}' -H "Content-Type: application/json"

Resources