I am building a web app where, basically, one user can pay to meet another user in a Google Meet. This would then create a Google Meet Calendar Event where the two users + one user from the company would be invited to a video meeting.
Basically, domain is example.com. This email address (service account), must invite attendee1#companyX.com and attendee2#companyY.com. When I put the event with no attendee, no problemo. As soon as I put the other attendees, I get:
{ "error": { "errors": [ { "domain": "calendar", "reason": "forbiddenForServiceAccounts", "message": "Service accounts cannot invite attendees without Domain-Wide Delegation of Authority." } ], "code": 403, "message": "Service accounts cannot invite attendees without Domain-Wide Delegation of Authority." } }
I want to use a service account since it's the company (example.com), it never changes and I don't want the website to break if the password/whatever changes.
Here is my code:
$client = new Google\Client();
$client->useApplicationDefaultCredentials();
$client->addScope(Google_Service_Calendar::CALENDAR);
$service = new Google_Service_Calendar($client);
$event = new Google_Service_Calendar_Event(array(
'summary' => 'Entretien vidéo',
'start' => array(
'dateTime' => '2015-05-28T09:00:00-07:00',
'timeZone' => 'America/Los_Angeles',
),
'end' => array(
'dateTime' => '2015-05-28T17:00:00-07:00',
'timeZone' => 'America/Los_Angeles',
),
'recurrence' => array(
'RRULE:FREQ=DAILY;COUNT=2'
),
'attendees' => [
[
'email' => "attendee#email.com"
]
],
"conferenceData"=> [
"createRequest" => [
"conferenceSolutionKey"=> [
"type"=> "hangoutsMeet"
],
"requestId"=> "7qxalsvy0exxaje"
]
],
));
$calendarId = 'primary';
$event = $service->events->insert($calendarId, $event);
printf('Event created: %s\n', $event->htmlLink); });
Can anybody help me about this?
Thanks!
To use the Google Calendar with your domain you need sign up for Gsuite
see https://support.google.com/a/answer/39410?hl=en
Prices plans: https://support.google.com/a/answer/1247360?hl=en
Related
I have a laravel project which provides over rest api some public data on the other hand logged in users can manage some membership related datas.
Now in this dashboard I have couple of react components. Some of theme are simply fetching async datas and there are some which are interacting with the database in the meaning they patch, create, delete datas in function of user role. This endpoints should be protected.
I read about sanctum but I think for this scenario would be overhead. Is there any other approach to protect this api routes?
You can make it easy with laravel Auth. You need to add api_token field to your users table, if you don't have it. Generate access_token on register of the user. For protection of the route as middleware use auth:api.
In app\Http\Kernel.php you need to add api key to the $middlewareGroups
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
'bindings',
],
];
After that add middleware guard to the route
Route::group(['middleware' => 'auth:api'], function () {}
When you are making request you need to add api_token param to your url ex: http://localhost/update?api_token=1234. This is the easiest way that I know. You can also send api_token as part of the body of the request to be secure.
You need to change also config/auth.php inside of guards key add this
'api' => [
'driver' => 'token',
'provider' => 'users',
],
Your config need looks similar to this
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
],
I'm trying to implement the Microsoft Graph for OneDrive access in PHP. I'm going by this documentation.
I've registered my app at https://apps.dev.microsoft.com/ and got an App ID and a secret back.
Now, for the token flow, I'm emitting the following link:
$LogonLink =
"https://login.microsoftonline.com/common/oauth2/v2.0/authorize?".
http_build_query(array(
'client_id' => $MSGraphAppID,
'response_type' => 'code',
'redirect_uri' => 'http://www.example.com/ongraph.php',
'response_mode' => 'query',
'scope' => 'offline_access Files.ReadWrite'));
The logon and permissions UI works as expected, my app's name and icon comes up. So the App ID is recognized. Now, ongraph.php gets control with a code, and I emit the following POST:
$cu = curl_init('https://login.microsoftonline.com/common/oauth2/v2.0/token');
$Form = array(
'client_id' => $MSGraphAppID,
'scope' => 'offline_access Files.ReadWrite',
'code' => $_GET['Code'],
'redirect_uri' => 'http://www.example.com/ongraph.php',
'grant_type' => 'authorization_code',
'client_secret' => $MSGraphSecret
);
curl_setopt_array($cu, array(
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => false,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => http_build_query($Form)));
$r = curl_exec($cu);
I'm getting back error 400 and the following response:
{
"error": "unauthorized_client",
"error_description": "AADSTS70001: Application with identifier '0000000048205436' was not found in the directory 9188040d-6c67-4c5b-b112-36a304b66dad\r\nTrace ID: b0f7cba6-42b3-4f37-8438-5e8566ba1300\r\nCorrelation ID: ca51b601-86cb-4801-a330-354ffd3c715f\r\nTimestamp: 2017-11-08 17:12:33Z",
"error_codes": [70001],
"timestamp": "2017-11-08 17:12:33Z",
"trace_id": "b0f7cba6-42b3-4f37-8438-5e8566ba1300",
"correlation_id": "ca51b601-86cb-4801-a330-354ffd3c715f"
}
What am I missing here, please? I've tried creating a brand new app registration, same result.
EDIT: that's what the app registration site looks like:
The problem here is that you've registered your app as a Live SDK application:
For the v2 Endpoint (and Microsoft Graph), you need to register this as a Converged application:
The https://apps.dev.microsoft.com site handles both application types.
I have been working on a CakePHP 3 project that has parts on it that are a bit more complex and it seems that the framework's official documentation does not give me the answer I am looking for. A following thing is needed to be done:
Users can belong to multiple Projects. In each Project each User that belongs to the current Project can access into different sections of the application, this is handled by a table called Resources, which stores the resource ids.
So in short, User A can have access to different amount of Resources in Project A and Project B.
I have setup following associations:
Users belongsToMany Projects through UsersProjects
Users belongsToMany Resources through UsersResources
In users_resources -table I have the following fields:
user_id | resource_id | project_id
project_id -field is added to the table to make the user's resources project-specific.
Association configuration is as follows:
UsersTable:
$this->belongsToMany('Resources', [
'foreignKey' => 'user_id',
'targetForeignKey' => 'resource_id',
'joinTable' => 'users_resources',
'through' => 'UsersResources'
]);
ResourcesTable:
$this->belongsToMany('Users', [
'foreignKey' => 'resource_id',
'targetForeignKey' => 'user_id',
'joinTable' => 'users_resources',
'through' => 'UsersResources'
]);
UsersResourcesTable:
$this->belongsTo('Users', [
'foreignKey' => 'user_id',
'joinType' => 'INNER'
]);
$this->belongsTo('Resources', [
'foreignKey' => 'resource_id',
'joinType' => 'INNER'
]);
$this->belongsTo('Projects', [
'foreignKey' => 'project_id',
'joinType' => 'INNER'
]);
There is also a buildRules-function implemented in the UsersResourcesTable-class to help with the data integrity:
public function buildRules(RulesChecker $rules)
{
$rules->add($rules->existsIn(['user_id'], 'Users'));
$rules->add($rules->existsIn(['resource_id'], 'Resources'));
$rules->add($rules->existsIn(['project_id'], 'Projects'));
$rules->add($rules->isUnique(['user_id', 'resource_id', 'project_id']));
return $rules;
}
The data is saved like this:
$usersTable = TableRegistry::get('Users');
$user = $usersTable->get(129);
$data = [
'resources' => [
[
'id' => 48,
'_joinData' => [
'project_id' => 2
]
]
]
];
$user = $usersTable->patchEntity($user, $data, ['associated' => ['Resources']]);
if ($usersTable->save($user)) {
$this->out('success');
} else {
$this->out('fail');
}
The entity data after patchEntity:
{
"id": 129,
"email": "john.doe#example.com",
"created": null,
"modified": "2016-02-05T20:50:06+0000",
"firstname": "John",
"lastname": "Doe",
"type": 1,
"resources": [
{
"id": 48,
"type": "r",
"_joinData": {
"project_id": 2
}
}
]
}
When the data is saved with project id 2, the save works as expected. When I save the same data but I change the project id to 1 (user_id and resource_id will remain the same), the previous row with project id 2 is deleted from the table. The desired behaviour would obviously be that the older record would remain in the table. I noticed though that adding a saveStrategy-option with value 'append' to UsersTable's Resources-association definition will make the save go through correctly (the row with project_id 2 will not be deleted). But when I try to save an existing record while append-strategy is used, the save will fail (the save result is false).
So if I use replace-strategy, previous data gets deleted and if I use append-strategy, the update of an existing row will result to an error in cake's perspective. I think the error is thrown during rules checking due to the unique-rule.
I think the replace strategy would be the way to go but it seems that the project_id -field value gets ignored and it leads to the situation that previous data (with same user_id and resource_id) will be deleted whenever a new row is added with a different project_id.
So my question is:
Is it possible to add a third id-field to belongsToMany-association's trough-table so that the extra field would also be considered as an id-field so the framework would know when to update or insert records to the join-table?
The idea is that all the three fields in the table would be unique. Now it seems that the framework discards the extra field so inserts and updates do not work as expected. Or is there a design flaw in the database structure that is needed to be fixed?
I would prefer sticking with the CakePHP-conventions but it seems this scenario is quite hard to tackle. Any guidance is appreciated!
I am using basic authentication in my project to access Api. In ApiController, I added below code in beforeFilter:
$this->Auth->config('authenticate', [
'Basic' => [
'fields' => ['username' => 'username', 'password' => 'api_key'],
'userModel' => 'Users'
]
]);
So from chrome postman application, I am sending post request with basic auth credentials. for example like below:
So when I send a request, I get unauthorized error back.
you are sending a post request with a 'password' field
Your application is expecting a 'api_key' field that would contain the password.
I think you missed this one script in your model entity.
use Cake\Auth\DefaultPasswordHasher;
protected function _setPassword($password)
{
if (strlen($password) > 0) {
return (new DefaultPasswordHasher)->hash($password);
}
}
Put this one in Model/Entity/User.php
I'm trying to set up a user access model based on the one in the CakePHP blog tutorial (http://book.cakephp.org/3.0/en/tutorials-and-examples/blog-auth-example/auth.html), but with Roles in a separate table, and linked to users by a UserRoles table.
I currently have the following in Model/Table/UsersTable.php:
$this->belongsToMany('Roles', [
'through' => 'UserRoles'
]);
and the following in Model/Table/RolesTable.php:
$this->belongsToMany('Users', [
'through' => 'UserRoles'
]);
and the following in Model/Table/UserRolesTable.php:
$this->belongsTo('Users', [
'foreignKey' => 'user_id'
]);
$this->belongsTo('Roles', [
'foreignKey' => 'role_id'
]);
I have view, create, and administrator roles created. I'm trying to figure out how to check a user's role or roles in AppController.php. This is the simple example given for when the role incorporated into the user object:
public function isAuthorized($user)
{
// Admin can access every action
if (isset($user['role']) && $user['role'] === 'admin') {
return true;
}
// Default deny
return false;
}
I'm not sure how to access the User object and get the user's role by the user's ID from the AppController file. Since the user is not linked to the role directly, how would I access the role information from an IsAuthorized function? How would I do a lookup to retrieve the user's role when it is linked by another table?
Thank you!
When setting up the AuthComponent in your controller, make sure you tell it to fetch related data:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'contain' => ['Roles']
]
]
]);
}