Jenkins Github Branch Source Plugin Failing with Github Token after today’s Github auth changes

I am currently facing an issue with Jenkins <> Github integration due to today’s Github auth changes deprecating user/pass auth and the current Github branch source plugin.

Deprecation info: https://developer.github.com/changes/2020-02-14-deprecating-password-auth/#removal

Plugin: https://github.com/jenkinsci/github-branch-source-plugin

  • Jenkins: 2.249.3
  • Github branch source plugin 2.9.1 (latest)
  • This jenkins install is private only (not public facing)
  • The repo being accessed is private (not public facing)
  • The Github token has full repo access

Issue:

The plugin forces user/pass auth which Github no longer accepts. The instructions state to put the TOKEN in the password field but it still complains after I’ve done that:

The API can’t be accessed using username/password authentication

https://developer.github.com/changes/2020-02-14-deprecating-password-auth/#removal

Instructions state: “Only username/password credentials are supported” and instructs to add the Token in the password field (screenshot shows this)

The attached screenshot shows the debacle clearly:

enter image description here

Questions to ServerFault:

  • Am I entering the token wrong for the credentials? I’ve tried:
    • a null user, with the token as the password
    • The token as the user & pass
    • The token description as the user, with the token as the password
  • Normally I would submit a Github issue to a developer about an app issue. However since there is no “Issues” component to submit issues to the plugin developer, I wanted to ask my question here, in case others have hit this.

When I enable basic http auth in squid proxy .conf file it fails to start the squid service

I have setup squid proxy in my AWS linux instance and it is working as expected. here is the working squid.conf file.

acl artifactory dstdomain xyz.abc.defg.com
acl codebuild_us_east_1 src 34.228.4.208/28
acl localnet src 1.2.3.4/5     # RFC1918 possible internal network

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow artifactory
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|?) 0     0%      0
refresh_pattern .               0       20%     4320

But I am struggling to add basic http/s authentication to my squid proxy. I am adding below code at the very start of the config also I tried it at other places in conf but no luck

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 24 hours
auth_param basic casesensitive off
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
http_access deny all
dns_v4_first on
forwarded_for delete
via off

When I add auth related config to this squid.conf file it fails to start the service with below error

sh-4.2$ sudo service squid restart
Redirecting to /bin/systemctl restart squid.service
Job for squid.service failed because the control process exited with error code. See "systemctl status squid.service" and "journalctl -xe" for details.

Detailed error

sh-4.2$ systemctl status squid.service
● squid.service - Squid caching proxy
   Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2020-11-11 07:39:39 UTC; 55s ago
  Process: 1241 ExecStop=/usr/sbin/squid -k shutdown -f $SQUID_CONF (code=exited, status=0/SUCCESS)
  Process: 1250 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=1/FAILURE)
  Process: 1244 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
 Main PID: 1138 (code=killed, signal=TERM)

sharepoint server – 2019 Search config with Azure AD auth issues

So I have converted SP2019 from NTLM to Azure AD auth, setup azureCP etc. To do this I extended the webapp from “servername:80” -default to “https://myurl.com” – intranet. The default zone “servername:80” has NTLM setup, and no azure ad. The intranet URL “https:myurl.com” has Azure AD setup with no NTLM. Search is crawling the default zone, and I have in a server name mapping. The issue is that the links in library / list alerts are pointing to the default URL “servername:80” and not the the intranet URL. URL links in workflows are correct.

authentication – Is caching the credentials hash and auth result secure?

I have an API that is handling a lot of volume and is using Basic authorization. This is causing me some performance issues and I’d like to move to token based auth but for various reasons, including problems forcing integrated parties to migrate to a new API version, I am unable to do so.

So, for the time being I’m stuck running Basic authorization on each request. Because I use bcrypt this takes a considerable amount of time (on average 70ms out of 350ms total response time). I understand that this is the correct way to hash passwords from a security standpoint so this is definitely something I want to keep but at the same time I’d like to optimize this so that I don’t have to pay this 70ms penalty on my response times.

What I have so far is that I’d compute a SHA512 of the credentials combined with 2 peppers, use this as a cache key and check it for a record. If there’s no record under the given hash then I would run the bcrypt authentication code and if successful save the result in the cache with 15 mins expiry. This way I’d save a considerable chunk of the response time when creds are valid and cached but force all invalid requests into bcrypt.

There are some issues around password resets/changes but they are not a huge deal and I have a solution for them. What I’m wondering is what are potential issues to this approach, especially from a security standpoint? If a malicious party was to obtain some of these hash values from my cache how hard would it be to bruteforce the credentials, assuming they cannot access the peppers?

apache2 – htaccess: Directory Listing and Basic Auth?

I would like to combine Directory Listing and Basic Auth for a single directory, only having access to the .htaccess file (not any server-wide apache configurations).

So far, my `.htaccess can have either the Directory Listing enabled:

Options +Indexes
IndexOptions FancyIndexing SuppressDescription IconHeight=50 HTMLTable SuppressLastModified
IndexIgnore ..
ServerSignature Off

or the Basic Auth:

Authtype Basic
AuthName "Personal Directory"
AuthUserFile .htpasswd
Require valid-user

Any way to have both at the same time?

8 – How do I restrict GraphQL access with Basic Auth?

According to this Gitbook (near the bottom), its possible to require GraphQL query authentication with Drupal Core’s Basic Auth module. This allows GraphQL to authenticate against a user stored in the Drupal DB.

https://drupal-graphql.gitbook.io/graphql/authentication/authentication

I created an event subscriber that adds the Basic Auth option to the route like this:

use DrupalCoreRoutingRouteSubscriberBase;
use SymfonyComponentRoutingRouteCollection;

class RouteSubscriber extends RouteSubscriberBase {

  /**
   * {@inheritdoc}
   */
  protected function alterRoutes(RouteCollection $collection) {
    if ($route = $collection->get('graphql.query.default:default')) {
      $route->setOptions(('_auth' => ('basic_auth')));
    }
  }
}

However, when I make a curl request without an Authorization header it still goes through:

curl -X POST -H "Content-Type: application/json"   --data '{"query":"{fileById(id: "33") {changed}}","variables":null,"operationName":null}' http://MYLOCALHOST/graphql

Response:

{"data":{"fileById":{"changed":1572374455}}}

I did enable my custom module with the RouteSubscriber information above and also the Basic Auth module. When I visit the /graphql Drupal path in a browser, access is denied but when I make the CURL request it goes through. I was hoping to restrict CURL access as well.

Here is the Drupal 8 documentation on Basic Auth:

https://www.drupal.org/docs/8/core/modules/basic_auth/overview

I am using v3 of the Drupal 8 GraphQL module.

8 – How To Restrict GraphQL Access With Drupal Core’s Basic Auth?

According to this Gitbook (near the bottom), its possible to require GraphQL query authentication with Drupal Core’s Basic Auth module. This allows GraphQL to authenticate against a user stored in the Drupal DB.

https://drupal-graphql.gitbook.io/graphql/authentication/authentication

I created an event subscriber that adds the Basic Auth option to the route like this:

use DrupalCoreRoutingRouteSubscriberBase;
use SymfonyComponentRoutingRouteCollection;

class RouteSubscriber extends RouteSubscriberBase {

  /**
   * {@inheritdoc}
   */
  protected function alterRoutes(RouteCollection $collection) {
    if ($route = $collection->get('graphql.query.default:default')) {
      $route->setOptions(('_auth' => ('basic_auth')));
    }
  }
}

However, when I make a curl request without an Authorization header it still goes through:

curl -X POST -H "Content-Type: application/json"   --data '{"query":"{fileById(id: "33") {changed}}","variables":null,"operationName":null}' http://MYLOCALHOST/graphql

Response:

{"data":{"fileById":{"changed":1572374455}}}

I did enable my custom module with the RouteSubscriber information above and also the Basic Auth module. When I visit the /graphql Drupal path in a browser, access is denied but when I make the CURL request it goes through. I was hoping to restrict CURL access as well.

Here is the Drupal 8 documentation on Basic Auth:

https://www.drupal.org/docs/8/core/modules/basic_auth/overview

I am using v3 of the Drupal 8 GraphQL module.

api – Getting Admin Auth Token

I’m new to Magento 2 software and trying to get some help to my scenario. One of our integration were failing to connect to our store API calls stating the expected response was json but getting HTML.

I tried to to invoke the API from postman to see whether the username and password used are able to get a auth token. API call was successful with the status code 200 however the return was HTML content instead of the auth token. When I checked the HTML content it’s nothing but our admin login page. I’m not sure what I’m missing here. Any help / inputs is really appreciated.

I used the URI https:///admin/rest/V1/integration/admin/token?username=MyAdminUser&password=Password123 to get the auth token.

firebase auth – Como hago para estar logeado cada vez que entre un usuario a la aplicacion – React Native

Usando el siguiente codigo

constructor() {
  super();
  this.state = { 
    email: '', 
    password: '',
  }
}

updateInputVal = (val, prop) => {
  const state = this.state;
  state(prop) = val;
  this.setState(state);
}

userLogin = () => {
  if(this.state.email === '' && this.state.password === '') {
    Alert.alert('Enter details to signin!')
  } else {
    
    firebase
    .auth()
    .signInWithEmailAndPassword(this.state.email, this.state.password)
    .then((res) => {
      console.log(res)
      console.log('User logged-in successfully!')
      this.setState({
        email: '', 
        password: ''
      })
      this.props.navigation.navigate('Home')
    })
    .catch(error => this.setState({ errorMessage: Alert.alert('Denied')    }))

    

Como puedo hacer para que el usuario ya registrado este logeado inmediatamente que entre a la aplicacion, tengo entendido que es con .setPersistance o .setAuthchange usando firebase pero no me queda muy claro como implementarlo en este codigo.

Gracias!