Get username using javascript in pdf - javascript

I was wondering if it was possible to grab the username of the account logged into the computer. I wanted to print the username of the person that is printing out the pdf file.
I was thinking about trying to grab the %username% environment variable. Does not seem to be possible.

In Acrobat JavaScript, many local system parameters are considered privileged. The user's login name is one of these. In order to access the "identity" object the JavaScript code has to be executed from a trusted context. Code inside a PDF doesn't qualify. Or at least it doesn't normally. If the local system user has given explicit permission to the PDF, then it can access privileged data. But obviously this isn't a general purpose solution. Typically the "identity" object is only accessible to Folder Level Automation scripts.
Thom Parker
www.pdfscripting.com

take a look a the identity object.
name = identity.name; //gives you the user name that the user entered in the Identity preferences panel
userName = identity.loginName; //login name as registered by the operating system

This may be possible to some extent server-side. Here's an NTLM auth module for Apache/Unix, and here's one for Apache/Windows.

Related

Scheduler Job did not have enough permission to write to the svn

I have a job script that is executed every 5 minutes by the scheduler. This script search for specific Workitems and change them. The script is working well if I execute it manually because then I am the "current User" and have enough permissions to write in the svn. BUT if the scheduler execute it the current user is: "polarion" and he did not have write acces to the svn which is a bit strange but ok.
The error is:
Caused by: com.polarion.platform.service.repository.driver.DriverException: Sorry, you do not have access to the Subversion Repository. Please contact your Polarion or Subversion administrator if you need access.
at com.polarion.platform.repository.driver.svn.internal.JavaSvnDriver.handleSVNException(JavaSvnDriver.java:1732)
at com.polarion.platform.repository.driver.svn.internal.JavaSvnDriver.endActivityImpl(JavaSvnDriver.java:1564)
at com.polarion.platform.repository.driver.svn.internal.JavaSvnDriver.endActivity(JavaSvnDriver.java:1496)
at com.polarion.platform.internal.service.repository.Connection.commit(Connection.java:736)
... 42 more
Caused by: org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: CHECKOUT of '/repo/!svn/ver/54/Sandbox/7023/.polarion/tracker/workitems/100-199/7023-193/workitem.xml': 403 Forbidden (http://localhost)
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:68)
I can´t find the user "polarion" in the user Management so I could not give him more rights.
Is it possible to execute the write access from a other user or something similar?
the user "polarion" is used internally for reading information from Polarion's SVN Repository. It usually not writing ("committing") into the repository as this is usually done under the useraccount of the logged-in user.
There are two solutions to your problem:
The quick and easy fix: modify the svn access file, so that polarion user has write access to the repository. This is quite easy doable from Polarion itself with the build-in access editor under administration->user management->access management. This is potentially unsafe as the password of the polarion user is in cleartext in a config file on the server so anybody with access to the server can modify the SVN-Repository.
use the ISecurityService.doAsUser(..) function to perform your action as a different user. Usually you can put the credentials into the Polarion Vault to retrieve them without exposing usernames and passwords.
Here is an example:
subject = securityService.loginUserFromVault(vaultKey, vaultKey);
retVal = securityService.doAsUser(subject, new PrivilegedAction<Object>() {
public Object run() {
Object ret = null;
try {
ret = doAction();
return ret;
}
}
});
Needless to say the second method is the safer way to work, but it is more work as well :)

Embeddable js interpreter for user's code?

Imagine website, where user can generate content via js.
For example.
User clicks button
It requests our api (not user's api)
Api returns object with specific fields.
We show select with user's defined options generated by user's code or some calculated result based on data we sent.
The idea is to give user an ability to edit visible content (using our structures, we know beforehand which fields in returned object do what things).
First solution "developed" in 5 minutes.
Users clicks button
It send all required data as context to our api.
We fetch from database user's defined code
// here is the code which we write (not user) and we know this code is safe
const APP_CONTEXT = parseInput(); // this can be parameters from command line
const ourLibrary = require('ourLibrary');
// APP_CONTEXT is variable which contains data from frontend. We control data inside APP_CONTEXT, user can not write to it
// here is user defined code
const someVar = APP_CONTEXT['fieldDescribedInOurDocumentation'];
const anotherVar = APP_CONTEXT['anotherFieldFromDocumentation'];
ourLibrary.sendToFrontend(someVar + anotherVar);
In this very simple example once user clicked on button, we sent api request to our api, user's code has been executed, we show result of execution. ourLibrary abstract the way the handling is completed.
The main problem as I think is the security. I think about using restricted nodejs process. No network access, no file system access.
Is it possible to deny any import/require in nodejs process? I want to let user only call all builtin js function (Math.min, Math.max, new Date(), +, -), declare functions and so on. So it will work like a sophisticated calculator. And also we should have an ability to send it back to frontend. For example, via rabbitmq + nodejs + websockets. We can use simple console.log if former is the problem.
Some possible solution (not secure, of course) using nodejs interpreter. We execute interpreter every time when action is required.
const APP_CONTEXT = parseInput();
const ourLibrary = require('ourLibrary');
const usersCode = getUsersCode();
eval(usersCode);
Inside usersCode they use ourLibrary.sendToFrontend to produce the result. But this solution allows user to use any builtin nodejs functions, like const fs = require('fs'). Of course access will be restricted using linux system (selinux or similar) but can I configure/setup nodejs to run as simple js interpreter? May be there is some other js interpreter exists which is safe to use? Safe means: only arithmetic, Date function, Math functions and so on. No filesystem access, no network access.

Node-Red Multiple Contexts

I have a Node-Red Application.
A user logs in with credentials stored in a sqlite database.
Based on the information returned from the database it sets a bunch of variables for use in other flows.
flow.set('sid', userid);
flow.set('fname',forename);
flow.set('sname',surname);
However, if another user logs in at the same time, all of these variables are reset to belong to the User 2 and therefor, user 1 now has all of user 2's information.
Is there a way to set variables, so that both can exist at the same time, so that each time a user visits the application they have their own context of it?
Any help here would be appreciated
A node-red flow has no inherent knowledge of 'who' is triggering it. That is an application level detail.
Assuming you have a way to identify the user that has triggered a flow, you can use that information to build unique context keys for them.
For example, let's say msg.req.user contains a unique id for the user. You could then do:
flow.set(msg.req.user+':sid', userid);
flow.set(msg.req.user+':fname',forename);
flow.set(msg.req.user+':sname',surname);

Is it possible to post to chat.postMessage as any user in a Slack team?

I'm building a Slack integration that is intended to modify some text and then post it to a Slack channel as though the user who triggered the command had said it.
e.g. /makeFace disapproval
#Ben 3:45pm
ಠ_ಠ
I ask for the client permission scope, which adds the chat:write:user permission. But when I hit the chat.postMessage endpoint, it only seems to allow you to post as the user who added the integration because the token it returns seems to be individuated for that user.
I know that giphy, for instance, sends its gif messages as though you are the originator, but I can't find out how they manage it. Is there any documentation for sending messages as other members of the team?
There are 2 ways to achieve this:
A. Overwriting username and icon
When you send a message with chat.postMessage it is possible to set a user name with the property username. The message will then appear as being send by that user (same for icon with icon_url).
However, this is not meant to impersonate real users, so even if you use the same username and icon as the real user the message will have the app tag, so that they can be distinguished from a real user.
Here is an example how it looks like (from a gamer Slack about flying and killing space ships):
But depending on what your requirements are that might work for you.
If you want to use it make sure to also set the as_user property to false (yes, really) and it will not work with a bot token, only with a user token.
See here for more details on how it works.
This also works for the legacy version of Incoming Webhooks, not with the current version of incoming webhooks though. (You can still get the legacy version, see this answer)
B. Having the user's token
Another approach is to always use the token from the respective user for sending the message. In combination with as_user = true messages sent by your app will look exactly as if they would come from the respective user (no APP tag).
To make that happen your app would need to collect tokens from all users on your workspace and store them for later use. This can be done by asking every user to install your app (called adding a "configuration") through the Oauth process (same you use to install your app to a workspace), which allows your app to collect and store those tokens for later use.
Update: This doesn't work. It impersonates the user who installed the app, so it merely seems to work... until another user tries to use it (and they end up impersonating you).
Go to your App's management page. Select "OAuth & Permissions".
Add the chat.write OAuth Scope to your app as a User Token Scope, not a Bot Token scope.
Take note of your User OAuth Token at the top of this page (not your But User OAuth Token).
Call chat.postMessage with
username = user id of the user you'd like to post on behalf of
token = the token from step 3. above
The resulting post will be 100% impersonated. Not just the name and icon as mentioned in other answers, but it'll 100% function as if it came from the user.
I hope this will help those who are still facing this issue.
First give the chat:write and chat:write.customize scope to your bot. The scope chat:write.customize Send messages as #your_slack_app with a customized username and avatar
From "OAuth & Permissions" settings get the bot OAuth token or even bot access token (both will work).
Then set the arguments like the following.
username to specify the username for the published message.
icon_url to specify a URL to an image to use as the profile photo alongside the message.
icon_emoji to specify an emoji (using colon shortcodes, eg. :white_check_mark:) to use as the profile photo alongside the message.
You can visit the docs from here

VBScript Locate user in Directory; Return results (Found or Not Found)

I want to begin by apologizing for not including any code. VBScript is completely out of my realm of knowledge and I have been asked to use it for a small program here at work.
The goal: I have been asked to search part of the active directory (I am told that it is an OU in our active directory) and compare the user that is attempting to login to the computer with the OU. If that person DOES exist in the specified OU, I need to do something. If the person DOES NOT exist, I need to do something else.
The specifics: I work at a hospital. The point of this is to keep nurses from using the laptops designated for the physicians on the floors. When a nurse badges in to said computer, if the person logging in exists in the "Physicians" OU (which is my OU), then continue with the login, else log the person out (which would be to key an F4 in Imprivata). This being said, we use a program called Imprivata that logs the user in when they swipe their badge. Imprivata can also perform keystrokes like keying in the user's password, clicking buttons, etc. The Imprivata program allows for code to be written in the background in VBScript, WSH, and I believe JavaScript and then executed when a condition exists (a person logging on a computer). Unfortunately, I know NOTHING about any of these languages.
I have been searching the web and trying different things for a week now with no luck. In fact, I have even got close to anything working so any help would be greatly appreciated and again I apologize for the lack of code.
The easiest thing would be getting the current users OU, which can be done with
Set objSysInfo = CreateObject("ADSystemInfo")
strUserName = objSysInfo.UserName
Now you can check if your physicians OU is part of that. That is of course not the exactly same thing as checking whether that user is in the physicians OU because there could be cases where the same username exists in both OUs. However if the same user in both OUs is something that happens you have problems either way.
After you got the users OU just do a simple string compare. I always use a little helper function for that
Function contains(sourceStr, checkStr)
contains=InStr(1, sourceStr, checkStr, vbTextCompare) > 0
End Function
That does nothing more than a case insensitive check if a string is substring of another. so
contains(strUserName, "OU=Finance,OU=North America,OU=Pacific Coast,dc=fabrikam,dc=com")
with the DN of your OU might already be enough.
If you are new to vbscript a good point to start would be the old "Hey Scripting Guy" blogs where everything is explained in a lot of detail. This one for example is about checking a user's OU.
Windows has settings for this.
Allow log on locally
This logon right determines which users can interactively log on to this computer. Logons initiated by pressing CTRL+ALT+DEL sequence on the attached keyboard requires the user to have this logon right. Additionally this logon right may be required by some service or administrative applications that can log on users. If you define this policy for a user or group, you must also give the Administrators group this right.
Default on workstations and servers:
Administrators
Backup Operators
Users.
Default on domain controllers:
Account Operators
Administrators
Backup Operators
Print Operators
Server Operators.

Categories

Resources