Firebase custom auth token with debug set to true not being verbose - python

I am trying to get the verbosity level that the Admin Console Simulator gives but using python on a server. Using the firebase_token_generator suggested in the Firebase docs I wrote some tests.
from firebase_token_generator import create_token
create_token("<secret>", { "uid": "simplelogin:test" },
{ "debug": True, "simulate": True })
Running the token with curl results in the simple "Permission denied" error with no details about which rule failed.
$ curl https://<myapp>.firebaseio.com/.json?auth=<token>
{
"error" : "Permission denied"
}
To make sure that my secret key was correct and I was setting the options in the correct place I generated a token with admin set to true and it was successful.
create_token("<secret>", { "uid": "simplelogin:test" }, { "admin": True })
Why can't I get the verbosity level that is in the simulator?

You must be using a Firebase client library in order to receive verbose security rule logging when using a token with the debug flag set - whether that client be the JS client (Web or Node.js), ObjC (iOS or OS-X), or Java (Android or JVM). Alas, the REST API is not supported.

Related

GCP structured logging, works locally but not on kubernetes

I'm trying to create structured logging on GCP from my service. When I run it locally I manage to get JsonPayload in the correct format as shown bellow:
jsonPayload: {
exception: {
Message: ""
StackTrace: ""
TargetSite: ""
Type: "value_error"
}
logging.googleapis.com/labels: {2}
logging.googleapis.com/spanId: "94ecf8a83efd7f34"
logging.googleapis.com/trace: "dc4696d790ab643b058f87dbeebf19a3"
message: "Bad Request"
severity: "ERROR"
time: "2022-10-05T14:38:52.965749Z"
but when I run the service on Kubernetes I only get the following in the logging:
jsonPayload: {
exception: {
Message: ""
StackTrace: ""
TargetSite: ""
Type: "value_error"
}
message: "Bad Request"
Why is GCP removing logging.googleapis.com/labels, logging.googleapis.com/spanId,logging.googleapis.com/trace, severity from the logging JsonPayload when I run the service on GCP kubernetes?
This may be working-as-intended (WAI) but it's unclear from your question.
Google Structured Logging attempts to parse log entries as JSON and extracts specific fields including logging.googleapis.com/labels.
However (!) when it does this, some of these fields including logging.googleapis.com/labels are relocated from the jsonPayload field to another LogEntry field.
See:
labels
spanId
trace
So, you should not look for these values in jsonPayload in Cloud Logging but in e.g. labels, spanId and trace:
PROJECT=...
# Filter by entries that contain `jsonPayload`
gcloud logging read "jsonPayload:*" \
--project=${PROJECT} \
--format="value(jsonPayload,labels,spanId,trace)"

InfluxDB Unauthorized 401 - with localhost access

When try to write the data into influxDB using influxDB client. i am getting the below error. I was able to login to the influxDB web browser using http://localhost:8086 with the same credentials provided in the code. But facing with the unauthorized message when using python code. any help would be appreciated.
Error:
raise InfluxDBClientError(err_msg, response.status_code)
influxdb.exceptions.InfluxDBClientError: 401: {"code":"unauthorized","message":"Unauthorized"}
Code:
from influxdb import InfluxDBClient
from datetime import datetime
client = InfluxDBClient('localhost', 8086, 'username', 'password', 'bucket_name')
for row in df.iterrows():
influxJson = [
{
"measurement":"testing123",
"time" : datetime.utcnow().isoformat() + "Z",
"tags": {
'ResiliencyTier':'targetResiliencyTier',
'lob' : 'abcdefgh'
},
"fields": {
columns[0][0] : str(row[1][0]),
columns[1][0] : str(row[1][1]),
}
}
]
client.write_points(influxJson)
print("InfluxDB injection DONE")
startProcess()
Thanks
Error code 401 (unauthorized) can be avoided in dev env by enabling http access in influx config file:
[http]
# Determines whether HTTP endpoint is enabled.
enabled = true
genarally config file can be found at:
/etc/influxdb/influxdb.conf

Firebase Auth + Python backend

I am going to use Firebase Auth and Database modules to create my web app. However, not all things that I want my app to do is possible to achieve on only front end. So I want to also use backend with Python's Bottle framework to handle requests and Pyrebase to get access to Firebase Database.
Let's say that after logging in I need to go to mainpage and see personalized content, for example my notes. They are structured this way in DB:
{
"notes": [{
"id": "1",
"title": "X",
"author": "user1"
},
{
"id": "2",
"title": "Y",
"author": "user2"
} and so on... ]
}
So how it's possible to implement showing only my articles on main page?
I understand that I need to filter my notes based on author value, but how to let Bottle understand who is currently logged in?
I've read there, that I should somehow send unique token to backend server to authenticate current user, but how to do that? Inserting Token in every link as GET parameter seems to be silly, but I see no other way to implement that.
Start by organizing your database so that each note becomes a child object:
{
"notes": {
"id1": {
"id": "id1",
"title": "X",
"author": "user1",
},
"id2": {
}
}
}
Then this particular interaction can be implemented entirely in the client-side. Just execute a query to filter the notes you want. For example in a JS client:
var uid = firebase.auth().currentUser.uid;
var query = ref.orderByChild('author').equalTo(uid);
// Listen for query value events
If you want to run this on a backend server, and you want to ensure that only logged in users are allowed to execute it, then you must pass the ID token from the client app to the server on each request. Here's how to implement the server-side logic using the Python Admin SDK:
import firebase_admin
from firebase_admin import auth
from firebase_admin import db
token = '....' # Extract from the client request
try:
decoded = auth.verify_id_token(token)
uid = decoded.uid
ref = db.reference('path/to/notes')
notes = ref.order_by_child('author').equal_to(uid).get()
# Process notes response
except ValueError as ex:
print(ex)
# Send error to client

Firebase "message": "PASSWORD_LOGIN_DISABLED" response when trying to authenticate

I'm following exactly the steps mentioned here:
https://github.com/thisbejim/Pyrebase/blob/master/README.md
But I get the following error:
"error": {
"errors": [
{
"domain": "global",
"reason": "invalid",
"message": "PASSWORD_LOGIN_DISABLED"
}
],
"code": 400,
"message": "PASSWORD_LOGIN_DISABLED"
}
}
Firebase has different Authentication methods inside the console such as email, Google, Facebook, Twitter, and more.
Therefore make sure that you have (in this case) the Email/Password sign in method activated:
Go to the console.
Click on the Authentication Menu on the sidebar.
Inside Sign-In Method make sure to have the "Email/Password" option.
Also, make sure you already have the user created on the Users tab.
On the other hand, you can create the user with the same Pyrebase library.
auth.create_user_with_email_and_password(email, password)
Check out the Example Code inside the API.
I just solved this error by copying the firebaseConfig from PROJECT settings and pasted again. Make sure you have enable Email/Password in Sign-in Methods

while creating the runbook as draft using azure REST api in python i am facing the error...!

I need to create Azure Automation account, and I want to create run book under automation account for auto-scheduling the VM's
Steps I followed for creating Azure automation account.
creating cloud service using API
https://management.core.windows.net/sdjgsdgj-abcd-2323-98cd-3bd6bcf93702/cloudServices/cloudsername
Next step, is I am creating Azure automation account under the created cloud service using above api.
https://management.core.windows.net/sdjgsdgj-abcd-2323-98cd-3bd6bcf93702/cloudServices/cloudsername/resources/automation/AutomationAccount/testacc2?resourceType=AutomationAccount&detailLevel=Full&resourceProviderNamespace=automation'
After that, i want to create runbook under that create automation account for this I am using the below API in Python
import adal
import requests
import json
token_response = adal.acquire_token_with_username_password(
'https://login.windows.net/rapiddirectory.onmicrosoft.com',
'test#xyz.onmicrosoft.com',
'abcd'
)
access_token = token_response.get('accessToken')
create_run_draft = 'https://management.core.windows.net/sdjgsdgj-abcd-2323-98cd-3bd6bcf93702/cloudServices/cloudsername/resources/automation/~/automationAccounts/testacc2/runbooks/write-helloworld/draft?api-version=2014-12-08'
param3 = {
"tags":{
"Testing":"show value",
"Source":"TechNet Script Center"
},
"properties":{
"description":"Hello world",
"runbookType":"Script",
"logProgress":"false",
"logVerbose":"false",
"draft":{
"draftContentLink":{
"uri":"https://gallery.technet.microsoft.com/scriptcenter/The-Hello-World-of-Windows-81b69574/file/111354/1/Write-HelloWorld.ps1",
"contentVersion":"1.0.0.0",
"contentHash":{
"algorithm":"sha256",
"value":"EqdfsYoVzERQZ3l69N55y1RcYDwkib2+2X+aGUSdr4Q="
}
}
}
}
}
headers2 = {'x-ms-version' : '2013-06-01','Content-Type' : 'application/json',"Authorization": 'Bearer ' + access_token}
output = requests.put(create_run_draft,headers=headers2,data=param3).text
print output
I am using Python programming language to achieve this for Azure REST API
I am getting the below error
<Error xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.
org/2001/XMLSchema-instance"><Code>InternalError</Code><Message>The server encou
ntered an internal error. Please retry the request.</Message></Error>
Please help me out of this problem I am struggling with error
Could be because you are passing the values of logProgress and logVerbose as strings ("false") instead of as booleans (false).
This worked for me:
Create runbook:
PUT https://management.core.windows.net/90751b51-7cb6-4480-8dbd-e199395b296f/cloudservices/OaaSCS/resources/automation/~/automationAccounts/JoeAutomationAccount/runbooks/testabc?api-version=2014-12-08
Request body:
{
"properties": {
"logVerbose": false,
"logProgress": false,
"runbookType": "Script",
"draft": {
"inEdit": false,
"creationTime": "0001-01-01T00:00:00+00:00",
"lastModifiedTime": "0001-01-01T00:00:00+00:00"
}
},
"name": "testabc"
}
Upload draft content:
PUT https://management.core.windows.net/90751b51-7cb6-4480-8dbd-e199395b296f/cloudservices/OaaSCS/resources/automation/~/automationAccounts/JoeAutomationAccount/runbooks/testabc/draft/content?api-version=2014-12-08
Request body:
workflow testabc {
"hello"
}

Categories