javascript – Checking if the access token is valid or expired

Basically, the server gives me a token object. I am planning to check the token on the client if it is expired/valid before making a request to the server.

The function below works as expected. I just want to know if my code catch-all edge cases? I don’t want, even 1 second that will request will fail due to an expired access token.

I am using moment for comparing dates. I also converted the current date and expiry date to UTC so that I’m making sure that they are in the same timezone before comparing them.

const moment = require('moment');

/**
The token object passed in the function looks like this:
{
  access_token: '2hbssMdXDpwQX5WcnZ-iJlO754MLkEeDCmF-f1A-MaU',
  token_type: 'Bearer',
  expires_in: 604800,
  refresh_token: 'VxnN9uBVIcNMpuwRVpvXo2YxWuNFEayHqfnCM7aCTSI',
  scope: 'public',
  created_at: 1603604241
}
*/

export default function tokenValid(token = {}) {
  const currentDate = moment().utc();
  const expiryDate = moment.unix(token.created_at).add(token.expires_in, 'seconds').utc();

  return currentDate < expiryDate;
}

EDIT (based on @hjpotter92’s comment)

export default function tokenValid(token = {}) {
  const currentDate = moment().unix();
  const expiryDate = token.created_at + token.expires_in;

  return currentDate < expiryDate;
}

azure – CustomScriptExtension failed with “Operation is not valid due to the current state of the object”

I’m using CustomScriptExtension with ManagedIentity and sometimes it fails with

"Failed to download all specified files. Exiting. Error Message: Operation is not valid due to the current state of
the object."rnrnMore information on troubleshooting is available at
https://aka.ms/VMExtensionCSEWindowsTroubleshoot "

What does this error really mean?

document – How will you manage this step inside a wizard? Hard level: external plugins and valid signatures certificates needed

I’ll try to explain myself as best as I can:

I need to create a flow for sign documents in bulk. I mean, the user selects in a table a number of documents, and then the user applies the sign to all these documents.

How am I managing that? With a fullscreen wizard:

1 step: choose the sign type (without certification -easy, add only your name; and with certification -the complex way, using plugins and this stuff)

2 step review the selection of the documents (the list with the documents ready to be signed, nothing complex)

3 step result of the action (signed or error)

So, my problem is in the first step, with when you select the “sign with certificate” option because:

-First, we check (automatically) if there is a browser extension installed. If not, we should redirect to the extension install.

-Second, if we found the previous extension, we show a list of valid sign certificates previously installed by the user. So the user selects one and continues with the wizard. OR, if the user doesn’t have the signature certificate, we show the URLs to install one of the supported certificates

You can see here where all this should happen (low fidelity, sorry, haha):
Step 1 in the wizard

I’m not sure how to add these things inside a selection inside a step. I thought of adding a spinner ie: “checking certificates”. The result of this operation will be:

-No extension found: “You need to install X extension”
-Extension found, but no certificates found: “You need to add any of these valid sign certificates”
-Extension and certificates found: “Select a valid certificate”

In summary: spinner + required action.

spinner

spinner2

What do you think about this approach? I feel that this is a complex situation :/

PS: Sorry for my English

Probability of hash yielding a valid block

I read today in a paper that for BTC every hash has a probability formula of yielding a valid block and that this is approximated by formula most of the time. Can someone explain to me how to come up with this formula? Is this something specific to BTC?

Valid B1/B2 "R" (regular) on expired diplomatic passport

Can I use my valid regular (non diplomatic visa) issued in my old and expired diplomatic passport with my new regular passport?

I’m 16, I’m stuck outside of Australia with an expired Australian passport and my mother is refusing to give me my valid one. What can I do?

My parents are divorced and still in a custody battle over my sister and I so we need signatures from both of them for me to get a passport. We got a passport earlier this year but because my dad isn’t in Australia they couldn’t give it to him so they gave it to my mum. Now she’s refusing to give me my passport. I’ve got recordings of her saying she won’t give it to me. Is there anything I can do to get my passport so I can come back home? I do have an Afghan passport but my Aussie passport and afghan passport are under different names. What can I do? Please help. I want to go home.

Adding a sharepoint ArcGis extension is failing due 403 (Ensure Extension Pack is valid and does not already exist)

I’m trying to add one of the samples sharepoint extensions into my ArcGis map. When I try to do that it returns the following error:

Failed to add Extension Pack from the specified address. Ensure Extension Pack is valid and does not already exist.

Samples—ArcGIS Maps for SharePoint | ArcGIS

When I check the browser’s console I see the following error:

ERROR: 403

URL: https://la.arcgis.com/proxy?[FILEURL]/manifest.json.txt

I made the APP, API and everything as open as possible to find out where is the block, even anonymous usage. No success so far.

  • I can confirm that I can access the manifest.json.txt through the URL
  • Arcgis app is registered and I can see redirect URLs from my sharepoint
  • ArcGis is authenticated successfully thought the App configuration button
  • ArcGis map is working with the default configuration connected to a sharepoint list
  • There are plenty of credits available in the organization account

What can I do to solve the issue and add a custom extension?

Why this error is happening?

professional education – The valid role of obscurity

Interesting question. My thoughts on this are that obscuring information is helpful to security in many cases as it can force an attacker to generate more “noise” which can be detected.

Where obscurity is a “bad thing” can be where the defender is relying on that obscurity as a critical control, and without that obscurity, the control fails.

So in addition to the one you gave above, an effective use of obscurity could be removing software name and version information from Internet facing services. The advantages of this are:

  • If an attacker wants to find out if a vulnerable version of the service is in use they will have to make multiple queries (eg. looking for default files, or perhaps testing timing responses to some queries). This traffic is more likely to show up in IDS logs than a single request which returned the version. Additionally fingerprinting protocols aren’t well developed for all services, so it could actually slow the attacker down considerably
  • The other benefit is that the version number will not be indexed by services like Shodan. This can be relevant where an automated attack is carried out for all instances of a particular version of a service (eg. where a 0-day has been discovered for that version). Hiding this from the banner, may actually prevent a given instance of the service from falling prey to that attack.

That said, it shouldn’t ever be the only line of defense. In the above example, the service should still be hardened and patched to help maintain its security.

Where I think that obscurity fails is where it’s relied on. Things like hard-coded passwords that aren’t changed, obfuscating secrets with “home grown encryption”, or basing a risk decision on whether to patch a service on the idea that no-one will attack it. So the kind of idea that no one will find/know/attack this generally fails, possibly because the defenders are limiting their concept of who a valid attacker might be. It’s all very well saying that an unmotivated external attacker may not take the time to unravel an obscure control, but if the attacker turns out to be a disgruntled ex-employee, that hard-coded password could cause some serious problems.

calculus – When does cancelling r as a function of certain parameter $theta$ in parametric equation is valid?

I am solving a question that asks me to graph $(x^{2}+y^{2})^{3}=4x^{2}y^{2}$. And I convert this into polar coordinates equation, becomes $(r^{2})^{3}=4((r cos(theta))^{2}((r sin(theta))^{2}$. After simplifying, it becomes $r^{6}=r^{4}(sin(2theta)^{2}$. And I wonder if I can cancel $r^{4}$ to further simplify it. And actually the answer in the book did. But I am not sure when can this be valid? Is it because ‘r is a function where over its domain, it is not identically zero’ ?

Hope someone can help to answer this.Thank you.

javascript – JS getting undefined from the function but the server is returning a valid JSON

This is the function i am using to get the preferred movie list from the mongodb.

function PreferedMovieData() {
    var init_var = {method: 'POST',
                    mode: 'no-cors',
                    headers: {
                        'Content-Type': 'application/json',
                        'Accept': 'application/json',
                        'Access-Control-Allow-Origin':  'http://127.0.0.1:5001',
                        'Access-Control-Allow-Methods': 'POST',
                        'Access-Control-Allow-Headers': 'Content-Type'
                    },
                    body: JSON.stringify({"page_no": 1})
                };
    fetch("http://127.0.0.1:5001/prefered/movies_list", init_var).then(response => {
        return response.text();
    }).then(data => {
        console.log(data)
    });
}
PreferedMovieData();

i am getting the response back as undefined