Staying logged out of youtube in android tv

I’m logged in on my android tv’s google play for all my apps and such, but I share my nvidia shield tv with my entire family and I do not want them to see all my youtube history, recommendations, etc. Every so often I go to the TV and find myself logged in on youtube, I log out, but then I go back a week later and I’m freaking logged in again. How do I make sure I stay logged out?

vulnerability – Can python be used to retrieve a session ID to mimic logged in user at periodical times?

Let me quickly explain and then ask the question. I’m developing a Web Vulnerability assessment scanner for a project, and I’m learning python as I go, so forgive me if it might sound like a dumb question. The idea is to allow a user to run periodical scans against their website and report SQL injection findings, XSS vulnerabilities for the beginning and further develop from there. They could then go back and view all the scans and keep track of their website’s security performance.

The pre-requisite is for the user to be logged in when they run the scan to grab the Session ID to mimic the user. But I want the scan to be able to run once a day in the background. How would that be possible? Is the Session ID used initially still being valid for the next scans? Is there a better approach I could take to it, maybe?

Thanks for taking the time to read so far. Hopefully might get some advice from someone more knowledgeable than me :]

PS: If you have any recommendation to make me consider other vulnerabilities/libraries, I’m all ears

hooks – SharePoint online search query from Drupal in logged in user context, which is connected through SIMPLESAML SSO (Azure AD IDP) with PHP application

Below is problem description – I have sharepoint online and its URL is like – https://abc.sharepoint.com

Above sharepoint is connected through SSO (Office 365 Azure AD IDP and SAML)

I have another Drupal 8 application like – https://drupalapp.something.com

It is also connected through same SSO (Office Azure AD and SAML) so that if user login through either of application through SSO then he is allowed to login in another application as well. It means application is Single sign on enabled. and its working fine.

Now as a user, i am able to login through drupalapp.something.com using SSO (office 365 azure AD and SAML ). Now after user login being developer, i need to show recent modified SharePoint document from SharePoint online using SharePoint REST query but condition is that, it should fetch only documents on which logged in user has permission to show.

Brief requirement –

The requirements is to be able to make REST queries to SharePoint online but when the REST query is made, the person the query is for must only see the results based on their security context.

So if user1 has access to a SharePoint folder but user2 has not, then when the REST call is made they will each see a different set of results.

Example: user1 has access to abc.sharepoint.com/abcfolder/afile.pdf. User2 does not have access to the folder abc.sharepoint.com/abcfolder/ and so he will not have access to abc.sharepoint.com/abcfolde/afile.pdf.

If some updates this document it becomes a “Latest Update”. User1 will see it in the Latest documents but User2 will not.

I tried using PHPSPO library (https://github.com/vgrem/phpSPO) and it giving me result but this library is giving me result based on admin credential which I pass to connect SharePoint. So this is giving me all the documents regardless of logged in user permission.

How can we achieve this in logged in user context. Considering user is already login through SSO in Drupal application through SSO.

I also tried to make AJAX request with credential query from Drupal app but it always giving me CORS and CORB error. I don’t know if this is right way of solution. Below is code –

var urlval = “https://abc.sharepoint.com/_api/search/query?querytext=’isdocument:1’&selectproperties=’Title,Size,Name,Path,FileExtension’&rowlimit=5&sortlist=’created:descending’&refiners=’fileextension'”;

    $.ajaxSetup({
      xhrFields: {
        withCredentials: true
      }
    });
    
    $.ajax({
      type: 'GET',
      crossDomain: true,
      dataType: 'jsonp',
      url: urlval,
      cache: false,
      headers: {
        "accept": "application/json",
        "Access-Control-Allow-Origin": "https://abc.sharepoint.com",
      },
     
      success: function( response ) {
        console.log( response ); // server response
      }
    });

Please help me to solve this problem.

Thanks

windows 10 – Getting logged out of Google and Reddit after a few weeks for no reason

First of all, I’m using the latest Firefox on the latest Windows 10, and I have 2FA turned on for my accounts that’s why it’s a pain to log back in every time. Also, the problem only occurs on Google and Reddit websites.

The problem still persists even after:

  • using ipconfig commands to reset and renew
  • resetting Winsock
  • reinstalling Firefox (and also deleting leftover profile data and other files)
  • scanning with AdwCleaner, Malwarebytes and Windows Defender (no threats found with any of them)
  • verifying Windows system files
  • verifying disk files

If someone could help me identify what’s causing the problem, that would be great.

entities – Current Logged In user id not working properly Drupal 8

First, I want to disclose that I am a beginner in Drupal.

I’m having trouble getting to work the current logged in user id. I’m creating a menu link programmatically and adding the uri to go to ‘/user/userid/edit’. First of all, I should mention that it works at first, but then I get a bizarre behavior. I have two users for this test account. user1 has an id of 7, and user2 has an ID of 8. When I log in as user1, everything seems to be working properly, I hover over the menu link and it shows ID of 7. But then when I log out, and log in as user2 and when I hover over the menu link, I still see ID of 7 instead of ID of 8. I don’t know why that is.

I added a picture down below so that you can see visually of what I’m talking about. The arrow that is pointing to the ‘edit’ link under user2, that link always works and gets the user ID each and every time I log out and log in between the two users. I don’t mind putting that link in my menu, but I don’t know how.

enter image description here

The code below is where I’m creating the menu link and adding the ID of the “currently” logged in user.

<?php

namespace Drupalcurrent_user_idPluginMenu;

use DrupalCoreMenuMenuLinkDefault;
use DrupalCoreMenuStaticMenuLinkOverridesInterface;
use DrupalCoreSessionAccountInterface;
use DrupalCoreUrl;
use SymfonyComponentDependencyInjectionContainerInterface;
use DrupalCoreSessionAccountProxyInterface;
use DrupaluserEntityUser;
class UserOrdersMenuLink extends MenuLinkDefault {

  protected $currentUser;

  public function __construct(array $configuration, $plugin_id, $plugin_definition, StaticMenuLinkOverridesInterface $static_override, AccountInterface $current_user) {
    parent::__construct($configuration, $plugin_id, $plugin_definition, $static_override);

    $this->currentUser = $current_user;
  }

  public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
    return new static(
      $configuration,
      $plugin_id,
      $plugin_definition,
      $container->get('menu_link.static.overrides'),
      $container->get('current_user')
    );
  }

  public function getTitle() {
    return $this->t('Edit Profile');
  }

  public function getUrlObject($title_attribute = TRUE) {

    $con = mysqli_connect("localhost","root","");
    if (!$con){die('Could not connect: ' . mysqli_error());}
    mysqli_select_db($con,"drupal");

    $sid = session_id();
    $userline = mysqli_query($con,"SELECT uid FROM sessions WHERE sid='$sid'");
    $u_row = mysqli_fetch_assoc($userline);
    $uid = $u_row('uid');

var_dump($uid);
    //$current_user_ID = $this->currentUser->id();

    //$account = DrupaluserEntityUser::load(Drupal::service('session')->get('uid'));


    //$user = DrupaluserEntityUser::load(Drupal::service('session')->get('uid'));

    //$uid = $user->get('uid')->value;

    //var_dump(session_id());

    return Url::fromUri('internal:/user/' . $uid . '/edit');
  }

}

The commented code is code that I tried; I got them in drupal stackexchange or stackoverflow basically where people were having similar issue as what I’m facing.

I tried connecting to the database and fetching out the user the old way, and even that failed. I get a ‘NULL NULL’

If you guys can help me out, I’d really appreciate it! Thank you!

Why I can’t wake up my pc with ubuntu 20.04 from sleep mode using wakeonlan if it fall asleep when nobody was logged in?

Sometimes there are power failures and my remote computer tries to boot after being turned off. Then even if I managed to log in via ssh or rdp it stops responding after 20 minutes. If I don’t log in it stops answering anyway (I even can’t ping it). When I am logged in offline – everything is okay. When I came to see what had happened – I saw that my remote was just sleeping. I couldn’t wake up it using wakeonlan. For me wakeonlan works when pc falls asleep with somebody logged in offline or when it is shut down. But in this case it DOESN’T. I wouldn’t like to prevent suspending as in askubuntu.com/questions/1101043. (Desparatly I tried. But answer askubuntu.com/a/1132068 didn’t work with "UNSPECIFIED PROTOCOL" message. The answer askubuntu.com/a/1131749 didn’t provide any errors but didn’t resolve this problem too).
I used this www.techrepublic.com/article/how-to-enable-wake-on-lan-in-ubuntu-server-18-04/ to enable wakeonlan on remote. May be it is not full, but I didn’t find anything better.
So final question is how to configure wakeonlan to work in this situation if possible or some alternatives? Finally if there is no solution I’ll just come back to ubuntu 16.04 where falling asleep doesn’t provide pc freeze.

Using an authentication provider to keep a user permanently logged in eventually causes session problems

Because I got fed up of having to log in to my local development sites every however long, I tried making a simple custom module that just has an Authentication Provider service that always returns user 1, like this:

  /**
   * {@inheritdoc}
   */
  public function applies(Request $request) {
    return TRUE;
  }

  /**
   * {@inheritdoc}
   */
  public function authenticate(Request $request) {
    return $this->entityTypeManager->getStorage('user')->load(1);
  }

The idea being that with this module enabled, every page load considers the authenticated user to be user 1. In theory, I’d be logged in for ever!

However, after a few weeks of this working fine, all my form submissions broke! Every form submission fails with:

The form has become outdated. Press the back button, copy any unsaved work in the form, and then reload the page

This turns out to be because CsrfTokenGenerator::validate() fails. Specifically, the $seed in this bit is just NULL:

  public function validate($token, $value = '') {
    $seed = $this->sessionMetadata->getCsrfTokenSeed();
    if (empty($seed)) {
      return FALSE;
    }

I presume it’s because the session has expired in some way? The time this has taken to stop working is roughly the amount of time it would have taken the site to log me out automatically.

How can I fix this?

plugin development – admin-post.php form handling only working when logged in as admin

I built a custom plugin with a form (with form action=admin-post.php and a hidden input for action being the form handler function name) and form handler function, it works as expected on other sites but on this particular site it only works when logged in as admin.

If not logged in, or logged in as a regular user, form submission redirects to site front page. If logged in as admin the form handler function is fired properly.

Any ideas of how to fix?