DEV Community: jeromesch

How to set up Postman to troubleshoot Google API

jeromesch — Thu, 20 Jan 2022 15:38:33 +0000

FAQ:
Why are we using the Google API?

We're trying to automate the Usermanagment such as Roles in the Company, Calendar Events, Groups, Chatrooms

In which cases does it make sense to use the Google API?

In every case the Google API offers a solution (and you want to automate)

What is an Oauth 2.0 Token?

OAuth 2.0 is an authorization protocol and NOT an authentication protocol. As such, it is designed primarily as a means of granting access to a set of resources, for example, remote APIs or user’s data.

Starting off with POSTMAN

How to generate an OAuth 2.0 token:

Ensure that the Google APIs are enabled

Go to the API Console.
Select a project or create a new one.
Select APIs & services
Select Library
Click the API you want to enable
Click ENABLE.

Create an OAuth 2.0 client ID

Go to Google Console 
-> API 
-> OAuth consent screen
Add `getpostman.com` to the Authorized domains.
Click Save.

Go to Google Console 
-> API 
-> Credentials
Click 'Create credentials' 
-> OAuth client ID 
-> Web application

Name: 'getpostman'
Authorized redirect URIs: https://www.getpostman.com/oauth2/callback
Copy the generated Client ID and Client secret fields for later use
In Postman select Authorization tab and select "OAuth 2.0" type.
Click 'Get New Access Token'

Fill the GET NEW ACCESS TOKEN form as following
Token Name: 'Google OAuth getpostman'
Grant Type: 'Authorization Code'
Callback URL: https://www.getpostman.com/oauth2/callback
Auth URL: https://accounts.google.com/o/oauth2/auth
Access Token URL: https://accounts.google.com/o/oauth2/token
Client ID: Client ID generated in the step 2 (also shown in downloadable JSON)
Client Secret: Client secret generated in the step 2 (also shown in downloadable JSON)
Scope: see the Google docs for the required OAuth scope (e.g., https://www.googleapis.com/auth/cloud-platform)
State: -
Client Authentication: "Send as Basic Auth header"
Click 'Request Token' and 'Use Token'

The generated Token is only usable for the Scope you intended it to be. If you need another Scope you might want to Request another token. Otherwise you might face access right problems.

Usefull Links for API Documentations:

Google Projects and Userroles (GCP):
https://cloud.google.com/iam/docs/viewing-grantable-roles
Manage Google Users (GW):
https://developers.google.com/admin-sdk/directory/v1/guides/manage-users
Add Members to Groups:
https://developers.google.com/admin-sdk/directory/v1/guides/manage-group-members

How to recover the firmware of a NAS

jeromesch — Wed, 01 Dec 2021 11:46:53 +0000

QNAP Firmware Recovery

Check Hardware

Turn Off NAS.
Unplug Harddrives.
Use HDMI / USB plugs to control the nas manualy. (Keyboard / Mouse / Monitor)
Turn On NAS.

If the Bios won't boot without Harddrives the internal storage most likely has a Problem.

A.) This might be the case if you just updated the Firmware Version

B.) or the Hardware might be broken.

In Case B you can just send in the NAS and get a new one since the internal Storage is soldered. (Sh*t happens)

If the BIOS boots up, check the Harddrives.
Unusual that both Harddrives break at the same time, but just in case..

If the BIOS shows "Uncompressing Linux..." tries to bring up the DOM.

In general thats a good sign, if it keeps beeing stuck there thats a bid sign. Means we need to fix the DOM.

Recover DOM

Make a bootable USB Stick

Download unetbootin utility & the matching iso for your NAS

Unetbootin: http://unetbootin.sourceforge.net/

DSL: http://distro.ibiblio.org/damnsmall/current/dsl-4.4.10-initrd.iso

DSL = "DAMN SMALL LINUX"

Plug in USB Stick and format (Min. 1 GB / Fat32)

Install Software (unetbootin) and pick "Damn Small Linux" in Distro.

Flash the USB Stick the System/Distro

little excourse
Download the right System Image

in my case:
System Image (TS-251+)
TS-x51+ Series
(where the 'X' stands for the amount of installable hard drives)

http://eu1.qnap.com/Storage/tsd/fullimage/F_TS-X51_20150605-1.3.0.img

Copy the image to the root folder of the usb stick and rename the file to dom.img.

Use USB Stick to repair the DOM

1.Turn Off NAS.
2.Unplug Harddrives.
3.Use HDMI / USB plugs to control the nas manualy.
(Keyboard / Mouse / Monitor)
4.Turn On NAS & Press F2 or DEL on StartUp
5.Choose the USB flash drive as boot device
(If there are 2 USB Boot devices, dont choose “USB DISK MODULE PMAP”)

Open Command Line Ctrl + Alt + Del
and enter the following:

sudo su
fdisk –l
/dev/sda (should be your flash drive)
/dev/sdb or /dev/hda (should be your DOM drive)

The Size should be 128 MB or 512 MB

after understanding that, we follow with:

mkdir usbdrive
mount /dev/sda1 /home/dsl/usbdrive
cd /home/dsl/usbdrive
cp dom.img /dev/sdb
"dom.img" (as mentioned earlier, is your firmware image)
reboot

After that the NAS should boot normaly.
If the Firmware Version is at 1.x.x the firmware need to run updates, otherwise the Hard drives cant be recognized.

If None of this helped, your harddrive might be broken.

Change Harddrive

If only one Harddrive is broken you can simply unplug the broken one and get a new one (in the same storage size)

At the moment you plug in the new one the NAS automaticly starts to synchrosize the Data from the First Harddrive to the new one.

Raid Magic

Learn to secure your app while coding it ...

jeromesch — Fri, 17 Sep 2021 10:05:29 +0000

Every Dev considers his Application as "safe" until he get's proven wrong.
Look up at the OWASP Top10 and tell me what you can check as "done" in your current project state:
-Broken Access Control
-Cryptographic Failures
-Injection
-Insecure Design
-Security Misconfiguration
-Vulnerable and Outdated Components
-Identification and Authentication Failures
-Software and Data Integrity Failures
-Security Logging and Monitoring Failures
-Server-Side Request Forgery

If you want to test your "secure coding skills", there's currently an tournament about exactly that:

https://community.cloudogu.com/t/secure-coding-tournament-how-to-take-part/189

SCW is reviewing your written Code automaticly against the (listed above) vulnerabilities, rates your overall score and shows where and how you can improve your skills.

Languages:
Kubernetes
Java
C# / MVC
JavaScript / React
Go
PHP
Python