nows | poisonous chicken soup
kandi X-RAY | nows Summary
kandi X-RAY | nows Summary
poisonous chicken soup
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of nows
nows Key Features
nows Examples and Code Snippets
Community Discussions
Trending Discussions on nows
QUESTION
I currently work on an legacy app which somewhat loosely implements an OAuth2 flow. In short, when the user logs in with username/password, he receives an access/refresh token pair. The access token expires after 20 minutes whereas the refresh token has a lifetime of 180 days.
Now when the client gets a HTTP 401 Unauthorized due to an expired access token, it will use the refresh token to obtain a new access/refresh token pair. At the same time, we invalidate the old token pair in our backends database (we simply delete the entry).
This has some major issues since our clients are mobile apps and it sometimes can happen that a response from our server is not received by the client. So after our backend saves the new token pair, which the client doesn't receive due to for example network problems, the client no longer can get a new token pair because he still only knows about the old - now invalid - refresh token.
I was wondering if what we are doing is correct or whether we actually should never remove old refresh tokens from the DB as long as they are not expired. Or should we for example remember the last 1 or 2 refresh tokens for a user so even if a new one was created, if the client doesn't receive the response from our server, he can still try one or two times again with the old refresh token.
Or should we simply never send out new refresh tokens when obtaining a new access token and always use the same refresh token?
Is there any best practice to follow or is this all personal taste? I mean we can't be the first ones to run into this issue of mobile clients loosing responses due to network issues, right? :)
...ANSWER
Answered 2022-Mar-11 at 09:08MEASURING MOBILE CONNECTIVITY OCCURRENCES
When there are mobile connectivity problems, I would expect the refresh token grant request
to fail. For the request to succeed and the response
to fail to reach the client (in such a small time window, eg 200ms) feels very much like an edge case.
I would aim to ensure good production logging around what is happening server side, so that you can be clearer about exact causes. It is easy to jump to the wrong conclusions otherwise.
ROTATING REFRESH TOKENS
The preferred behaviour from a security viewpoint is to revoke all tokens for the user when an old one is reused. However, the OIDC Specs indicate that this can cause usability problems in some setups, in which case other measures
may be appropriate.
Exact behavior is provider specific - some Authorization Servers store and flag old refresh tokens and may allow them to be reused for a time period configured against the client application.
SECURITY v USABILITY
If dealing with high worth data I would use the more secure option, but if mobile consumption data is not especially sensitive, using non-rotating refresh tokens might be an appropriate measure.
RELIABLE APPS
In some cases OAuth clients will get a 401 when using a refresh token, and in addition to the case you mention, there are other possible causes:
- Token signing or cookie encryption key renewal (in some setups)
- Infrastructure changes such as a load balancing failover to alternate site (in some setups)
Apps should always be coded reliably to deal with this, eg:
- When an API call fails with a 401, try to refresh the access token
- When a token refresh fails, eg with a 401 or an
invalid_grant
value in theerror
response field, the user must re-authenticate
Note that re-authentication is sometimes a single sign on event. To see how this looks, you can run my Demo Single Page App and click Expire Refresh Token
, then Reload Data
.
SUMMARY
You cannot always guarantee no re-logins for 180 days in a distributed systems world. In terms of next steps, my preference would be to properly identify the cause and frequency of failures, and to see if reliability could be improved in the client application's code.
QUESTION
I'm facing a critical issue right now in Romania. So for almost 24 hours my mobile app which is using Firebase Realtime Database can't be used on some ISPs (like Vodafone, DIGI or Telekom) if you are using mobile data (4G or 5G) the app is working fine, but on Wi-fi (on these ISPs the app is getting timeout). I talked like several hours on the phone with multiple ISPs and the Firebase support (right now the app is working using DIGI, but nobody knows why). The ISPs are saying that problem is not on their end and Firebase is saying that the problem is on the ISP side. Firebase support answer:
As this has been caused by network issues, rather than Google's infrastructure, we can't do much about it from our end. I would recommend that you contact the ISP provider directly as they will be able to check deeper on their side.
As far as we can see, the multiple providers are affected by that issue. Our engineering team is already aware of that and looking for solutions. Like I said before, there is nothing we could do with the providers, but our engineers would find any suitable workaround.
So my question is: what can I do? (I saw that Firebase realtime database deployed in europe-west works) but mine is already on united states.
Is there someone having troubles like me? I tested multiple apps which I know are using Firebase and they are having the same issues, the app being unreachable over this type of network.
So the problem is regarding Ukraine and Russia :(. Many apps using Firebase Realtime Database are not working right now.
Below I posted a fix for this and how I handled in order to make my app functional again
...ANSWER
Answered 2022-Mar-29 at 13:21So for someone who is in Europe and has the same issue like me, this is what i did.
I made a new instance of a realtime database on europe-west (because this one works on every ISP). I migrated my old database to the new one. I pushed for release a new iOS and Android build using the new database. I disabled my old instance in order to not have any syncing problems. I made all of this at night hours like 24:00.
I the morning all users would have the new update. If someone is not going to have the update until 10 AM I have set a push notification to announce this changes.
QUESTION
While I googled to understand the Unary associations, I got the following two explanations:
the first is:
A unary relationship is when both participants in the relationship are the same entity. For Example: Subjects may be prerequisites for other subjects, or one employee manages many Employees.
and the second is:
Class B knows about ClassA.
Class A does not know about ClassB.
Now lets look at the following example:
You can see the Person and Address relationship below. We call this relationship as has-a relationship since person has a address. So Person knows the address but address does not know anything about person
Am I misunderstanding something?
...ANSWER
Answered 2022-Feb-17 at 13:42The arity of an association is about how many classes are associated. This is an ambiguous concept since some understand different classes, whereas others understand instances.
When applied to unary, the first interpretation would mean reflexive association (or self-association, i.e. a class associated with iteself), whereas the second would mean a class associated with nothing (not very useful: any class could be associated with nothing else).
UML perspectiveFortunately, the UML specifications are much more precise than the common language:
An Association specifies a semantic relationship that can occur between typed instances. It has at least two memberEnds represented by Properties, each of which has the type of the end. More than one end of the Association may have the same type.
So in UML there is no "unary association". It's binary, ternary, or n-ary (terms used in the specs). There is no special term in UML for a binary association with the same class at both ends. But reflexive or self-association are terms which are more popular than unary.
E/R modelingThe term "unary" is popular in the context of entity-relationship modeling, to describe a relation in a relational database. Relations correspond more or less to an association in UML, and entities to classes, but there are some subtle semantic differences. E/R has its foundation in the set theory. And if a relation is between the same entities, it means in fact that only one set is involved. This is probably why unary is more popular in this context.
QUESTION
It is my understanding that NumPy dropped support for using the Accelerate BLAS and LAPACK at version 1.20.0. According to the release notes for NumPy 1.21.1, these bugs have been resolved and building NumPy from source using the Accelerate framework on MacOS >= 11.3 is now possible again: https://numpy.org/doc/stable/release/1.21.0-notes.html, but I cannot find any documentation on how to do so. This seems like it would be an interesting thing to try and do because the Accelerate framework is supposed to be highly-optimized for M-series processors. I imagine the process is something like this:
- Download numpy source code folder and navigate to this folder.
- Make a
site.cfg
file that looks something like:
ANSWER
Answered 2021-Nov-07 at 03:12I actually attempted this earlier today and these are the steps I used:
- In the
site.cfg
file, put
QUESTION
We have a NestJS project with several modules. Suddenly, some tests stopped working with errors all like
FAIL libs/backend/nest/pipes/src/lib/iso-date-validation.pipe.spec.ts
● Test suite failed to run
ENOENT: no such file or directory, open D:\git\my-nest-project\libs\backend\nest\pipes\src\lib\iso-date-validation.pipe.spec.ts'
It knows what test to run, but then it claims it can't find the test file. Sometimes we get a couple of these errors, sometimes dozens.
These errors are happening randomly (not always on the same tests) locally on my machine as well as on our Jenkins server and on other developer environments as well. I can reproduce this on Windows/Mac/Linux.
There were no changes to the test or project configuration files that would have triggered this change. In fact, I have checked out previous versions of the codebase that built reliably in Jenkins and now they have the same random test errors.
I have tested on clean nodejs environments with nothing installed globally except npm.
Using the jest --verbose flag gives me no further details.
The jest config in a NestJS project is multi-layered, so it's hard to display the whole thing here, but I don't understand how this could be a configuration issue because the tests used to run fine and the configuration files have not changed.
I have tried clearing the jest cache, but the results are not consistent. On some occasions I can get a clean test run after clearing the cache.
More often than not, the test failures occur in a module that has some React .tsx templates, but not always. Sometimes a pure Typescript module will fail.
...ANSWER
Answered 2021-Aug-31 at 14:18It turns out I shot myself in the foot on this one, but I'm posting the answer in case it helps anyone else.
Some of our jest tests were using the mock-fs package to simulate a path to a managed config file that is present in the production environment. But the tests that used mock-fs neglected to call mock.restore() after the test to disable the mock file system. Apparently the mock file system is quite invasive. What was strange was that introducing mock-fs did not immediately produce the unexpected behavior of breaking other tests. It was also quite unexpected that mock-fs could break jest itself.
https://www.npmjs.com/package/mock-fs
RTFM
QUESTION
There are many questions on StackOverflow, related to this but none answers with logic.
If Index.html runs first.
Main.ts or better say Main.js (after transpilation) can't run by itself as it is a javascript file at the end, and Index.html file is the one that contains the reference of main.js at the bottom before the closing body tag, obviously, the webpack does all this.
Now, let's say from the configuration that is Angular.json file, the angular knows that Index is the main HTML file that should be served first.
Then again, as Main.js is unknown at this point, so there is no way that the angular would know about the root component. And it must throw an error while parsing but it doesn't throw the error. This means, it already knows about app-root, which means Main.js is the entry point. But how is this possible, how a javascript file can be triggered without Html page?
first way:- Angular.json ---> Main.js--->Index.html (but how is this possible? who triggers Main.js?)
second way:- Angular.json--->Index.html---->Main.js (but then how do angular know about ??)
also,
My question is, If I write huge "ts" code inside the App-Component itself, then also it will not be executed even after the flow reaches the as angular has no idea about what
actually is until it finds the Main.js in the body tag and executes it and then only it could know about it.
ANSWER
Answered 2022-Jan-22 at 21:00You can tested it easily. Put console.log(1)
in the index.html
, and console.log(2)
in main.ts
. First console will be 1
, so index.html
runs first.
When application is opened, initially index.html
start to render and it will render with empty - because Angular app is still to be loaded (you can test that easily with
CRTL + U
- that is initial content that browser see). That was the big bottleneck for the SEO of SPA apps.
Once the Angular app is loaded, it will dynamically populate the content to the of the
index.html
.
UPDATE
I missed the part why the error
is not thrown when index.html
comes to tag. @Ashish explained that really well in his answer (and definitely deserves an upvote), so I will just quote his answer here:
Reason is, index.html is not an Angular template file, it is pure html, you can place any element inside it and it will never throw an error. But for Angular template files, during compile time it checks if is defined or not and throws compile time error if not defined.
QUESTION
After Android Studio upgraded itself to version Arctic Fox, I now get these strange sub-windows in my code editor that I can't get rid of. If I click in either of the 2 sub-windows (a one-line window at the top or a 5-line window underneath it (see pic below), it scrolls to the code in question and the sub-windows disappear. But as soon as I navigate away from that code, these sub-windows mysteriously reappear. I can't figure out how to get rid of this.
I restarted Studio and it seemed to go away. Then I refactored a piece of code (Extract to Method Ctrl+Alt+M) and then these windows appeared again. Sometimes these windows appear on a 2nd monitor instead of on top of the code area on the monitor with Android Studio. But eventually they end up back on top of my code editor window.
I have searched hi and low for what this is. Studio help, new features, blog, etc. I am sure that I am just using the wrong terminology to find the answer, so hoping someone else knows.
...ANSWER
Answered 2021-Aug-15 at 15:29Just stumbled upon the same thing (strange windows upon attempting to refactor some code after updating to Arctic Fox). After a lot of searching around the options/menus/internet this fixed it for me:
Navigate to:
File > Settings... > Editor > Code Editing
under
Refactorings > Specify refactoring options:
select
In modal dialogs
Press OK.
Fingers crossed refactoring works.
🤞
Further step: Restart Android Studio
QUESTION
I'm a novice web developer, but experienced python programmer, and Apache dolt. Recently, I've been tinkering with hosting a small website and learning my way through some hosting issues, Flask, html templates, etc.
I've followed several Flask tutorials about controlling access to pages with @login_required
decorators on access-controlled endpoints and using session
to store a logged in k-v pair. This all works perfectly when running locally on Flask's development server on my local machine. However, when I push this onto my hosting service, I'm getting what I believe is cached behavior to many of the access-controlled endpoints and I'm able to see them after logging out (and checking the session data to ensure the key is removed).
Some specifics...
Using
flask
withsession
for the login info, not flask-login.Hosting on a managed VPS that is using Phusion Passenger as a WSGI interface to Apache
I have no config files in use for Apache...just defaults right now.
Website is very low traffic... Prolly just me & the bots right now. :)
My passenger_wsgi
file:
ANSWER
Answered 2021-Dec-30 at 20:31Since 5.0, passenger will "helpfully" add cache-control headers to responses it deems 'cachable'.
In order to stop this, your application should add the header Cache-Control: no-store
.
To do this globally in Flask as described here:
QUESTION
I'm trying to iterate through multiple nodes and receive various child nodes from the parent nodes. Assuming that I've something like the following structure:
...ANSWER
Answered 2021-Dec-09 at 16:39You can use BeautifulSoup
after getting page source from selenium to easily scrape the HTML data.
QUESTION
I have a tuple-like class template like this
...ANSWER
Answered 2021-Nov-25 at 18:24You can do it this way:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install nows
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page