I am using the adal node js library 1.22, and trying to authenticate a user with username and password. I am getting a "unable to get local issuer certificate" error. The user is federated and the error happens on realm discovery.
var context = new AuthenticationContext(authorityUrl);
context.acquireTokenWithUsernamePassword(resource, sampleParameters.username, sampleParameters.password, sampleParameters.clientId, function(err, tokenResponse) {
if (err) {
console.log('well that didn\'t work: ' + err.stack);
} else {
console.log(tokenResponse);
}
});
The error stack:
Stack:
Error: unable to get local issuer certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:610:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:440:38)
{ Error: unable to get local issuer certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:610:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:440:38) code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' }
Wed, 14 Jun 2017 08:44:17 GMT:079c7b70-6ae1-461c-b433-cc3fe0c22783 - TokenRequest: VERBOSE: getTokenFunc returned with err
well that didn't work: Error: unable to get local issuer certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:610:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:440:38)
Can you please advise on what certificate i am missing and where to find it.
EDIT
after digging through the code i found that commenting out the global agent.ca part of the code resolved this issue and the library was able to perform a few steps after that, but it had a problem returning the token response from ADFS.
The log:
Wed, 14 Jun 2017 10:39:39 GMT:425e3117-a495-4f8e-8a12-e7e64dd0e37b - OAuth2Client: INFO: Get TokenServer returned this correlationId: 425e3117-a495-4f8e-8a12-e7e64dd0e37b
Wed, 14 Jun 2017 10:39:39 GMT:425e3117-a495-4f8e-8a12-e7e64dd0e37b - OAuth2Client: ERROR: Get Token request returned http error: 401 and server response: {"error":"invalid_client","error_description":"AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.\r\nTrace ID: aadf1560-18ec-46f9-83b6-5932c2131200\r\nCorrelation ID: 425e3117-a495-4f8e-8a12-e7e64dd0e37b\r\nTimestamp: 2017-06-14 10:39:41Z","error_codes":[70002],"timestamp":"2017-06-14 10:39:41Z","trace_id":"aadf1560-18ec-46f9-83b6-5932c2131200","correlation_id":"425e3117-a495-4f8e-8a12-e7e64dd0e37b"}
Is there any configuration that i forgot,
if (!parametersFile) {
sampleParameters = {
tenant : 'tenant.onmicrosoft.com',
authorityHostUrl : 'https://login.microsoftonline.com',
clientId : 'aa461028-1fgf-46e5-ab9b-5adca324febc',
username : 'user#domain.net',
password : 'lamepassword'
};
}
var authorityUrl = sampleParameters.authorityHostUrl + '/' + sampleParameters.tenant;
var resource = '00000002-0000-0000-c000-000000000000';
The resource owner flow is strongly discouraged, and in some cases like federated users or users that require MFA, will just not work. This flow is the one in which your application handles the user's username and password directly and sends those in the request to the identity provider. This approach won't work if there are any extra interactions required as part of authentication such as requiring a second factor or dealing with federation. For these reasons and simple security principles (removing the need for the application to deal with the username and password) it's better to avoid this flow.
Since you are dealing with federated users, the resource owner won't work for you leaving you with the two preferred alternatives:
Use the authorization code flow if you want to authenticate as a user
Use the client credentials flow if you want to authenticate as an application.
See the "Web Application to Web API" scenario in the "Azure AD Authentication Scenarios" documentation for more information about choosing between these two options.
Related
A few months ago I created this script to help me send multiple mails at once instead of sending them one by one, and it was working perfectly till now.
For this script, I've used dotenv, nodemailer, and nodemon (only in development, when I finished it I started using npm run start to run it)
(function main() {
const { contacts } = contacts_list;
try {
const { MAIL_ACCOUNT, MAIL_PASSWORD } = process.env;
const transport = nodemailer.createTransport({
// Uses 'pool' attribute: The same connection is used to send up to 100 mails before being disposed.
pool: true,
// Sets the number of max connections per transport. Microsoft accepts up to 1 parallel connection for the same client.
maxConnections: 1,
logger: true,
debug: true,
service: "hotmail",
auth: {
user: MAIL_ACCOUNT,
pass: MAIL_PASSWORD
},
tls: { rejectUnauthorized: false }
})
// Change mail parameters such as subject, recipients, content, etc
const mailParams = {
from: `test <${MAIL_ACCOUNT}>`,
to: '',
attachments: [],
subject: `test`,
text: `test`,
html: `<h1>test</h1>`
}
// Mail every contact once at a time with its corresponding attachments
contacts.forEach(async (contact) => {
mailParams.to = contact.email;
mailParams.attachments = [...contact.attachments];
await transport.sendMail(mailParams);
})
} catch (err) {
console.error(err);
}
})();
I've already scanned for blocked ports, disabled firewall when trying to use it and antivirus as well. None of these approaches worked.
It throws the following error:
node:internal/process/promises:246
triggerUncaughtException(err, true /* fromPromise */);
^
Error: connect ETIMEDOUT xxx.xx.xxx.xxx:587
at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1161:16) {
errno: -4039,
code: 'ESOCKET',
syscall: 'connect',
address: 'xxx.xx.xxx.xxx',
port: 587,
command: 'CONN'
}
Logger prints the following lines:
[2022-02-03 01:39:22] DEBUG Creating transport: nodemailer (6.7.2; +https://nodemailer.com/; SMTP (pool)/6.7.2[client:6.7.2])
[2022-02-03 01:39:22] DEBUG Sending mail using SMTP (pool)/6.7.2[client:6.7.2]
[2022-02-03 01:39:22] DEBUG Sending mail using SMTP (pool)/6.7.2[client:6.7.2]
[2022-02-03 01:39:22] INFO [#1] Created new pool resource #1
[2022-02-03 01:39:22] DEBUG [#1] Assigned message <567cc726-524b-0bda-5a52-698109ae7d78#hotmail.com> to #1 (1)
[2022-02-03 01:39:22] DEBUG [nHXJGQWMbA] Resolved smtp.live.com as xxx.xx.xxx.xxx [cache miss]
[2022-02-03 01:39:43] ERROR [nHXJGQWMbA] connect ETIMEDOUT xxx.xx.xxx.xxx:587
[2022-02-03 01:39:43] ERROR [#1] Pool Error for #1: connect ETIMEDOUT xxx.xx.xxx.xxx:587
[2022-02-03 01:39:43] ERROR Send Error: connect ETIMEDOUT xxx.xx.xxx.xxx:587
[2022-02-03 01:39:43] DEBUG [nHXJGQWMbA] Closing connection to the server using "destroy"
[2022-02-03 01:39:43] INFO [#1] Connection #1 was closed
If you know how to solve it, i'll be very grateful if you lend me a hand!
SOLUTION:
Finally, I found the solution thanks to #Marco Strahilov 's answer in other post. When instantiating the transport, set the service property to 'smtp-mail.outlook.com' instead of hotmail. I don't know for sure why 'hotmail' stopped working nor why 'stmp-email.outlook.com' works now.
go to
Settings => View All Outlook settings => Mail => Sync email
here is info for your correct settings IMAP, POP, SMTP
Finally, I found the solution thanks to #Marco Strahilov 's answer in other post.
When instantiating the transport, set the service property to 'smtp-mail.outlook.com' instead of hotmail. I don't know for sure why 'hotmail' stopped working.
[GET] /auth/signin?callbackUrl=http://localhost:3000
17:22:23:77
2021-10-24T12:22:24.062Z a07d6ace-3b47-4472-a45b-f7ef9989a9b5 ERROR [next-auth][error][CLIENT_FETCH_ERROR]
https://next-auth.js.org/errors#client_fetch_error request to http://localhost:3000/api/auth/providers failed, reason: connect ECONNREFUSED 127.0.0.1:3000 {
error: {
message: 'request to http://localhost:3000/api/auth/providers failed, reason: connect ECONNREFUSED 127.0.0.1:3000',
stack: 'FetchError: request to http://localhost:3000/api/auth/providers failed, reason: connect ECONNREFUSED 127.0.0.1:3000\n' +
' at ClientRequest.<anonymous> (/var/task/node_modules/node-fetch/lib/index.js:1461:11)\n' +
' at ClientRequest.emit (events.js:400:28)\n' +
' at Socket.socketErrorListener (_http_client.js:475:9)\n' +
' at Socket.emit (events.js:400:28)\n' +
' at emitErrorNT (internal/streams/destroy.js:106:8)\n' +
' at emitErrorCloseNT (internal/streams/destroy.js:74:3)\n' +
' at processTicksAndRejections (internal/process/task_queues.js:82:21)',
name: 'FetchError'
},
path: 'providers',
message: 'request to http://localhost:3000/api/auth/providers failed, reason: connect ECONNREFUSED 127.0.0.1:3000'
}
2021-10-24T12:22:24.099Z a07d6ace-3b47-4472-a45b-f7ef9989a9b5 ERROR TypeError: Cannot convert undefined or null to object
at Function.values (<anonymous>)
at SignIn (/var/task/.next/server/pages/auth/signin.js:75:26)
at d (/var/task/node_modules/react-dom/cjs/react-dom-server.node.production.min.js:33:498)
at bb (/var/task/node_modules/react-dom/cjs/react-dom-server.node.production.min.js:36:16)
at a.b.render (/var/task/node_modules/react-dom/cjs/react-dom-server.node.production.min.js:42:43)
at a.b.read (/var/task/node_modules/react-dom/cjs/react-dom-server.node.production.min.js:41:83)
at Object.exports.renderToString (/var/task/node_modules/react-dom/cjs/react-dom-server.node.production.min.js:52:138)
at Object.renderPage (/var/task/node_modules/next/dist/server/render.js:596:45)
at Function.getInitialProps (/var/task/.next/server/pages/_document.js:601:19)
at Object.loadGetInitialProps (/var/task/node_modules/next/dist/shared/lib/utils.js:69:29) {
page: '/auth/signin'
}
RequestId: a07d6ace-3b47-4472-a45b-f7ef9989a9b5 Error: Runtime exited with error: exit status 1
Runtime.ExitError
I am using vercel for hosting and after a week of coding and finally uploading the build when I try to login it gives me this error I don't understand this and would really appreciate if any of you could help me this is the URL https://insta-2-0-ebon.vercel.app/ of the app
If you are using .env(process.env) file check your variable must have prefix NEXT_PUBLIC_ if not check your URL back-end you are currently using localhost
I had the same issue, and it is not only about the NEXTAUTH_URL to be added if you are using an adapter, for me it was MongoDB don't forget to add MONGODB_URI variable, but I also spent a lot of time and the error message was misleading but finally after adding the connection URI of mongo it works
If you using next.js, try adding NEXT_PUBLIC_VERCEL_URL.
https://vercel.com/docs/concepts/projects/environment-variables#
Recently receiving the following error when trying to look up either Stripe customers or accounts via Node.js.
I'm using stripe.accounts.retrieve and stripe.subscriptions.retrieve.
{
"type": "StripeConnectionError",
"stack": "Error: An error occurred with our connection to Stripe\n at Constructor._Error (/var/www/w3bbi/node_modules/stripe/lib/Error.js:12:17)\n at Constructor (/var/www/w3bbi/node_modules/stripe/lib/utils.js:124:13)\n at Constructor (/var/www/w3bbi/node_modules/stripe/lib/utils.js:124:13)\n at ClientRequest. (/var/www/w3bbi/node_modules/stripe/lib/StripeResource.js:206:9)\n at emitOne (events.js:96:13)\n at ClientRequest.emit (events.js:189:7)\n at TLSSocket.socketErrorListener (_http_client.js:358:9)\n at emitOne (events.js:96:13)\n at TLSSocket.emit (events.js:189:7)\n at emitErrorNT (net.js:1280:8)\n at _combinedTickCallback (internal/process/next_tick.js:74:11)\n at process._tickDomainCallback (internal/process/next_tick.js:122:9)",
"message": "An error occurred with our connection to Stripe",
"detail": {
"code": "ECONNRESET"
},
"raw": {
"message": "An error occurred with our connection to Stripe",
"detail": {
"code": "ECONNRESET"
}
}
}
Any idea on what may be causing this? I just upgraded my OpenSSL package on my Ubuntu server but that didn't seem to fix the issue.
This error doesn't seem to occur every time, but only every few attempts. Most times I successfully retrieve the Stripe subscription or account, but every so often, I get this error instead.
Also my node.js code is very simple--
stripe.subscriptions.retrieve(STRIPE_SUB_ID, function(err, subscription) {
//want to do something with subscription here, but i get err instead (only ever so often)
})
Thank you so much!!
Can you try curling the stripe API?
You can
Login into you stripe account
Go to https://stripe.com/docs/api/curl#retrieve_customer
Copy paste the request from sample. it will some thing like curl https://api.stripe.com/v1/customers/cus_DbAXqdmjzVPz2I \ -u
<your private api key>
Paste your response here
Let me know if it is working,
Also can you share your node js code (omitting your key) if it is ok.
If I have a record in /etc/postgresql/9.4/main/pg_hba.conf which specifically trusts my specific user
# TYPE DATABASE USER ADDRESS METHOD
local all myuser trust
Since I'm on debian I restart postgresql like this
sudo /etc/init.d/postgresql restart
Here is my entire source file testing this out:
const pg = require('pg');
const connectionString = "postgres://myuser:mypassword#localhost/mydbname";
const client = new pg.Client(connectionString);
client.connect();
const query = client.query('SELECT * FROM USERS');
query.on('end', () => { client.end(); });
and this is the error I consistently get:
error: password authentication failed for user "myuser"
at Connection.parseE (/home/myuser/webserver/node_modules/pg/lib/connection.js:539:11)
at Connection.parseMessage (/home/myuser/webserver/node_modules/pg/lib/connection.js:366:17)
at Socket.<anonymous> (/home/myuser/webserver/node_modules/pg/lib/connection.js:105:22)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
at readableAddChunk (_stream_readable.js:176:18)
at Socket.Readable.push (_stream_readable.js:134:10)
at TCP.onread (net.js:551:20)
It's also worth noting that doing the following works:
psql -h localhost -U myuser mydb
What am I doing wrong here?
As the documentation states, local is only for UNIX socket connections, while you are establishing a TCP connection to localhost.
Use a line like this:
host all myuser 127.0.0.1/32 trust
to trust all connections from localhost using IPv4 (use the adress ::1/128 for IPv6).
I'm creating a SailsJS application, and I want users to log in only with Steam authentication. I used sails-generate-auth to create some boilerplate code with sails routes, but I'm having trouble plugging passport-steam into it.
https://github.com/kasperisager/sails-generate-auth
https://github.com/liamcurry/passport-steam
The reported error is:
C:\Users\Joe\testProject\node_modules\passport-steam\lib\passport-steam\strategy.js:67
id: result.response.players[0].steamid,
^
TypeError: Cannot read property 'steamid' of undefined
at steamapi.getPlayerSummaries.callback (C:\Users\Joe\testProject\node_modules\passport-steam\lib\passport-steam\strategy.js:67:43)
at IncomingMessage.<anonymous> (C:\Users\Joe\testProject\node_modules\passport-steam\node_modules\steam-web\lib\steam.js:218:7)
at IncomingMessage.emit (events.js:117:20)
at _stream_readable.js:944:16
at process._tickDomainCallback (node.js:486:13)
I have a feeling that this is caused by SteamWebAPI returning an empty response: {"response":{"players":[]}}, which is caused by a bogus SteamID in the request. The offending line is here in passport-steam: https://github.com/liamcurry/passport-steam/blob/master/lib/passport-steam/strategy.js#L53
Looking at identifier parameter to getUserProfile, it appears to be the entire Sails request scope. If I hardcode a good steam id into that array, I get this error:
C:\Users\Joe\testProject\api\services\passport.js:98
return next(new Error('Neither a username nor email was available'));
^
TypeError: undefined is not a function
at Authenticator.passport.connect (C:\Users\Joe\testProject\api\services\passport.js:98:12)
at module.exports (C:\Users\Joe\testProject\api\services\protocols\openid.js:24:12)
at steamapi.getPlayerSummaries.callback (C:\Users\Joe\testProject\node_modules\passport-steam\lib\passport-steam\strategy.js:72:11)
at IncomingMessage.<anonymous> (C:\Users\Joe\testProject\node_modules\passport-steam\node_modules\steam-web\lib\steam.js:218:7)
at IncomingMessage.emit (events.js:117:20)
at _stream_readable.js:944:16
at process._tickDomainCallback (node.js:486:13)
I think that makes sense since the steam response doesn't have a username nor email, but this is the profile: {"emails":[{}],"name":{}}
This is my passport configuration:
steam: {
name: 'Steam',
protocol: 'openid',
strategy: require('passport-steam').Strategy,
options: {
returnURL: 'http://localhost:1337/auth/steam/callback',
realm: 'http://localhost:1337/',
apiKey:'STEAM-API-KEY-REMOVED'
}
}
}
Not sure if there is something simple I'm missing, or I need to write a ton of custom handling. Is my configuration correct?
This is caused by out-of-date source code in npm. Even with the latest 0.1.4 version, the code is not correct. Replacing strategy.js in passport-steam with the latest version will fix this error.
Also, in api\services\passport.js, a little custom handling in passport.connect() needs to be added. The profile does not have a username, but has an id (user steamid) and displayName. These can be used to set the user model properties, e.g.
//steam auth
if (profile.hasOwnProperty('displayName')) {
user.username = profile.displayName;
}
Here is the ticket where the problem was solved: https://github.com/liamcurry/passport-steam/issues/10