• Lajos Kelemen from Tampere
  • NEWBIE
  • 45 Points
  • Member since 2016
  • Mr
  • Accenture


  • Chatter
    Feed
  • 1
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
    Questions
  • 13
    Replies
Hi all

I am unable to complete this challenge because whenever I am clicking check button, I receive the error message.
User-added image
"Challenge Not yet complete... here's what's wrong: 
It doesn't appear that you've added protection against CSRF. Make sure you re-write 
the outputlink to a commandlink that is not vulnerable to CSRF, that the action is no longer in the on-load method and the correct method is referenced by the command link"

I don't understand what is wrong. I removed the action handler from the apex:page tag and below the comment "<!-- complete challenge here -->" added command link. 
 
<apex:page controller="CSRF_Challenge" sidebar="false" tabStyle="CSRF_Challenge__tab" > <!-- action="{!approveReq}" -->
<apex:sectionHeader title="CSRF Challenge" />
<apex:form >
    <apex:pageBlock >
        <apex:pageMessages />      
        <apex:pageBlockSection title="Demo" columns="1" id="tableBlock">

            <apex:pageBlockTable value="{!Requisitions }" var="req">
                
                <!-- skipped -->    
                                             
                <apex:column headervalue="Approval Action">
                    <apex:outputLink target="_new" value="/apex/CSRF_Challenge?approve={!req.id}">Approve This Requisition</apex:outputLink>
                </apex:column>
                <apex:column headervalue="Approval Action (NO CSRF)">
                    TBD
                    <!-- complete challenge here -->
                    <apex:commandLink value="Approve This Requisition" action="{!approveReqNOCSRF}"> 
                        <apex:param name="reqId" value="{!req.id}" assignTo="{!approve}"/> 
                    </apex:commandLink>
                </apex:column>                                                                                               
            </apex:pageBlockTable>
       
        </apex:pageBlockSection>
        
        <!-- skipped -->
         
</apex:form>              
</apex:page>



Any advice?

Thanks,
Alex
Hi,

I am at the step Create a custom classifier/Set up authorization/Generate a JWT token.
When I run the script jwt.sh I get a response:
             Your access token response:
              {"message":"Invalid JWT token"}

I am on win10 64bit but don't have the anniversary update so I don't have bash coming with win10.
I have bash came with git.
As I don't have a valid JWT token I can not continue to "Step 1: Create the Dataset".

Please help.


Here is a more detailed output and my changes to the jwt.sh script:

Script output (with my password changed)


-------------------------------------------------------------------------------------------

$ ./jwt.sh ./00D0Y0000008amn.jks lajos.kelemen@accenture.com 3600 https://api.metamind.io
Enter destination keystore password:  my_pass
Enter source keystore password:  my_pass
Existing entry alias lkelemen_sf_devcert exists, overwrite? [no]:  yes
Entry for alias lkelemen_sf_devcert successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
[Storing privateKey.p12]
MAC verified OK

Generated Assertion:

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJsYWpvcy5rZWxlbWVuQGFjY2VudHVyZS5jb20iLCJzdWIiOiJsYWpvcy5rZWxlbWVuQGFjY2VudHVyZS5jb20iLCJhdWQiOiJodHRwczovL2FwaS5tZXRhbWluZC5pby92MS9vYXV0aDIvdG9rZW4iLCJleHAiOjE0NzYwODAzMTksImlhdCI6MTQ3NjA3NjcxOX0.EcvaPYv3bfA_HNsa_5tNFz6iajvprCee-kNfdSNMPHpgeMgWU3Z0LFt8AojJLNYZIzNydNarDtUbDkqhdpB_c2Ahi2xUhiy_ATnWaUWNrykROsv7dVu_l8smIb9s08N4mcllsDorNWcM9XWmVDlVgq4oegaeQhq2yCOuxn3jAb5IRlurXjSY125FTJs_3oE06vkZYieg6kxQYoeZiWvGfwhdgEB-szutrrXFgUEVKa5U_qj5HFQYlHV7yAcbRTxCc5vOwaAv7qCrjdFCfsmWXPlk-65DSoAFUXK12j6HbB-hHRimNrf-4lLz0mxMmDNC5HuLMHG8BOZMp6PDc19QBg

Your access token response:

{"message":"Invalid JWT token"}

-------------------------------------------------------------------------------------------

my script changes:

openssl pkcs12 -in privateKey.p12 -nocerts -nodes -out private_key
 
changed to (added -passin pass at the end)

openssl pkcs12 -in privateKey.p12 -nocerts -nodes -out private_key -passin pass:my_pass

-------------------------------------------------------------------------------------------
curl -H "Content-type: application/x-www-form-urlencoded" -X POST "$4/v1/oauth2/token" -d \
"grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=$jwt3.$jwt5" ; echo

changed to (added -k parameter to accept self signed certs?)

curl -k -H "Content-type: application/x-www-form-urlencoded" -X POST "$4/v1/oauth2/token" -d \
"grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=$jwt3.$jwt5" ; echo


 
Hi,

I am at the step Create a custom classifier/Set up authorization/Generate a JWT token.
When I run the script jwt.sh I get a response:
             Your access token response:
              {"message":"Invalid JWT token"}

I am on win10 64bit but don't have the anniversary update so I don't have bash coming with win10.
I have bash came with git.
As I don't have a valid JWT token I can not continue to "Step 1: Create the Dataset".

Please help.


Here is a more detailed output and my changes to the jwt.sh script:

Script output (with my password changed)


-------------------------------------------------------------------------------------------

$ ./jwt.sh ./00D0Y0000008amn.jks lajos.kelemen@accenture.com 3600 https://api.metamind.io
Enter destination keystore password:  my_pass
Enter source keystore password:  my_pass
Existing entry alias lkelemen_sf_devcert exists, overwrite? [no]:  yes
Entry for alias lkelemen_sf_devcert successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
[Storing privateKey.p12]
MAC verified OK

Generated Assertion:

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJsYWpvcy5rZWxlbWVuQGFjY2VudHVyZS5jb20iLCJzdWIiOiJsYWpvcy5rZWxlbWVuQGFjY2VudHVyZS5jb20iLCJhdWQiOiJodHRwczovL2FwaS5tZXRhbWluZC5pby92MS9vYXV0aDIvdG9rZW4iLCJleHAiOjE0NzYwODAzMTksImlhdCI6MTQ3NjA3NjcxOX0.EcvaPYv3bfA_HNsa_5tNFz6iajvprCee-kNfdSNMPHpgeMgWU3Z0LFt8AojJLNYZIzNydNarDtUbDkqhdpB_c2Ahi2xUhiy_ATnWaUWNrykROsv7dVu_l8smIb9s08N4mcllsDorNWcM9XWmVDlVgq4oegaeQhq2yCOuxn3jAb5IRlurXjSY125FTJs_3oE06vkZYieg6kxQYoeZiWvGfwhdgEB-szutrrXFgUEVKa5U_qj5HFQYlHV7yAcbRTxCc5vOwaAv7qCrjdFCfsmWXPlk-65DSoAFUXK12j6HbB-hHRimNrf-4lLz0mxMmDNC5HuLMHG8BOZMp6PDc19QBg

Your access token response:

{"message":"Invalid JWT token"}

-------------------------------------------------------------------------------------------

my script changes:

openssl pkcs12 -in privateKey.p12 -nocerts -nodes -out private_key
 
changed to (added -passin pass at the end)

openssl pkcs12 -in privateKey.p12 -nocerts -nodes -out private_key -passin pass:my_pass

-------------------------------------------------------------------------------------------
curl -H "Content-type: application/x-www-form-urlencoded" -X POST "$4/v1/oauth2/token" -d \
"grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=$jwt3.$jwt5" ; echo

changed to (added -k parameter to accept self signed certs?)

curl -k -H "Content-type: application/x-www-form-urlencoded" -X POST "$4/v1/oauth2/token" -d \
"grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=$jwt3.$jwt5" ; echo


 
Hi all

I am unable to complete this challenge because whenever I am clicking check button, I receive the error message.
User-added image
"Challenge Not yet complete... here's what's wrong: 
It doesn't appear that you've added protection against CSRF. Make sure you re-write 
the outputlink to a commandlink that is not vulnerable to CSRF, that the action is no longer in the on-load method and the correct method is referenced by the command link"

I don't understand what is wrong. I removed the action handler from the apex:page tag and below the comment "<!-- complete challenge here -->" added command link. 
 
<apex:page controller="CSRF_Challenge" sidebar="false" tabStyle="CSRF_Challenge__tab" > <!-- action="{!approveReq}" -->
<apex:sectionHeader title="CSRF Challenge" />
<apex:form >
    <apex:pageBlock >
        <apex:pageMessages />      
        <apex:pageBlockSection title="Demo" columns="1" id="tableBlock">

            <apex:pageBlockTable value="{!Requisitions }" var="req">
                
                <!-- skipped -->    
                                             
                <apex:column headervalue="Approval Action">
                    <apex:outputLink target="_new" value="/apex/CSRF_Challenge?approve={!req.id}">Approve This Requisition</apex:outputLink>
                </apex:column>
                <apex:column headervalue="Approval Action (NO CSRF)">
                    TBD
                    <!-- complete challenge here -->
                    <apex:commandLink value="Approve This Requisition" action="{!approveReqNOCSRF}"> 
                        <apex:param name="reqId" value="{!req.id}" assignTo="{!approve}"/> 
                    </apex:commandLink>
                </apex:column>                                                                                               
            </apex:pageBlockTable>
       
        </apex:pageBlockSection>
        
        <!-- skipped -->
         
</apex:form>              
</apex:page>



Any advice?

Thanks,
Alex
Having trouble with the sign-up process for the new Predictive Vision Service?  Please let us know here and we will work to help you through the process.  

Thanks!
 
Part of the questions asks for the following:

"Change the 'UUID' field on the 'Phone__x' external object to be an indirect lookup relationship to the 'User' standard object. Use the 'Phone_UUID__c' field as the matching key for this indirect lookup relationship."

Every time I create this Indirect Relationship, it just allows me to select the "Accounts" Object, not the User object. Why is this happening? Can anyone help me with this issue?

Thanks!
  • April 06, 2016
  • Like
  • 0