Salesforce Developer Community

Lajos Kelemen from Tampere
NEWBIE
45 Points
Member since 2016
Mr
Accenture

Chatter

Feed
1

Best Answers
0

Likes Received
0

Likes Given
1

Questions
13

Replies

Unable to complete Trailhead challenge: "Prevent Cross-Site Request Forgery (CSRF)"

Hi all

I am unable to complete this challenge because whenever I am clicking check button, I receive the error message.

"Challenge Not yet complete... here's what's wrong:
It doesn't appear that you've added protection against CSRF. Make sure you re-write the outputlink to a commandlink that is not vulnerable to CSRF, that the action is no longer in the on-load method and the correct method is referenced by the command link"

I don't understand what is wrong. I removed the action handler from the apex:page tag and below the comment "" added command link.

<apex:page controller="CSRF_Challenge" sidebar="false" tabStyle="CSRF_Challenge__tab" > <!-- action="{!approveReq}" -->
<apex:sectionHeader title="CSRF Challenge" />
<apex:form >
    <apex:pageBlock >
        <apex:pageMessages />      
        <apex:pageBlockSection title="Demo" columns="1" id="tableBlock">

            <apex:pageBlockTable value="{!Requisitions }" var="req">
                
                <!-- skipped -->    
                                             
                <apex:column headervalue="Approval Action">
                    <apex:outputLink target="_new" value="/apex/CSRF_Challenge?approve={!req.id}">Approve This Requisition</apex:outputLink>
                </apex:column>
                <apex:column headervalue="Approval Action (NO CSRF)">
                    TBD
                    <!-- complete challenge here -->
                    <apex:commandLink value="Approve This Requisition" action="{!approveReqNOCSRF}"> 
                        <apex:param name="reqId" value="{!req.id}" assignTo="{!approve}"/> 
                    </apex:commandLink>
                </apex:column>                                                                                               
            </apex:pageBlockTable>
       
        </apex:pageBlockSection>
        
        <!-- skipped -->
         
</apex:form>              
</apex:page>

Any advice?

Thanks,
Alex

Alexander Tsitsura
October 07, 2016
Like
0

25 replies

GENERATE A JWT TOKEN for Salesforce Einstein Predictive Vision Service

Hi,

I am at the step Create a custom classifier/Set up authorization/Generate a JWT token.
When I run the script jwt.sh I get a response:
Your access token response:
{"message":"Invalid JWT token"}

I am on win10 64bit but don't have the anniversary update so I don't have bash coming with win10.
I have bash came with git.
As I don't have a valid JWT token I can not continue to "Step 1: Create the Dataset".

Please help.

Here is a more detailed output and my changes to the jwt.sh script:

Script output (with my password changed)

-------------------------------------------------------------------------------------------

$ ./jwt.sh ./00D0Y0000008amn.jks lajos.kelemen@accenture.com 3600 https://api.metamind.io
Enter destination keystore password: my_pass
Enter source keystore password: my_pass
Existing entry alias lkelemen_sf_devcert exists, overwrite? [no]: yes
Entry for alias lkelemen_sf_devcert successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
[Storing privateKey.p12]
MAC verified OK

Generated Assertion:

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJsYWpvcy5rZWxlbWVuQGFjY2VudHVyZS5jb20iLCJzdWIiOiJsYWpvcy5rZWxlbWVuQGFjY2VudHVyZS5jb20iLCJhdWQiOiJodHRwczovL2FwaS5tZXRhbWluZC5pby92MS9vYXV0aDIvdG9rZW4iLCJleHAiOjE0NzYwODAzMTksImlhdCI6MTQ3NjA3NjcxOX0.EcvaPYv3bfA_HNsa_5tNFz6iajvprCee-kNfdSNMPHpgeMgWU3Z0LFt8AojJLNYZIzNydNarDtUbDkqhdpB_c2Ahi2xUhiy_ATnWaUWNrykROsv7dVu_l8smIb9s08N4mcllsDorNWcM9XWmVDlVgq4oegaeQhq2yCOuxn3jAb5IRlurXjSY125FTJs_3oE06vkZYieg6kxQYoeZiWvGfwhdgEB-szutrrXFgUEVKa5U_qj5HFQYlHV7yAcbRTxCc5vOwaAv7qCrjdFCfsmWXPlk-65DSoAFUXK12j6HbB-hHRimNrf-4lLz0mxMmDNC5HuLMHG8BOZMp6PDc19QBg

Your access token response:

{"message":"Invalid JWT token"}

-------------------------------------------------------------------------------------------

my script changes:

openssl pkcs12 -in privateKey.p12 -nocerts -nodes -out private_key

changed to (added -passin pass at the end)

openssl pkcs12 -in privateKey.p12 -nocerts -nodes -out private_key -passin pass:my_pass

-------------------------------------------------------------------------------------------
curl -H "Content-type: application/x-www-form-urlencoded" -X POST "$4/v1/oauth2/token" -d \
"grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=$jwt3.$jwt5" ; echo

changed to (added -k parameter to accept self signed certs?)

curl -k -H "Content-type: application/x-www-form-urlencoded" -X POST "$4/v1/oauth2/token" -d \
"grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=$jwt3.$jwt5" ; echo

Lajos Kelemen from Tampere
October 10, 2016
Like
0

25 replies

GENERATE A JWT TOKEN for Salesforce Einstein Predictive Vision Service

Lajos Kelemen from Tampere
October 10, 2016
Like
0

SOLVED

4 replies

Unable to complete Trailhead challenge: "Prevent Cross-Site Request Forgery (CSRF)"

Hi all

I am unable to complete this challenge because whenever I am clicking check button, I receive the error message.

I don't understand what is wrong. I removed the action handler from the apex:page tag and below the comment "" added command link.

<apex:page controller="CSRF_Challenge" sidebar="false" tabStyle="CSRF_Challenge__tab" > <!-- action="{!approveReq}" -->
<apex:sectionHeader title="CSRF Challenge" />
<apex:form >
    <apex:pageBlock >
        <apex:pageMessages />      
        <apex:pageBlockSection title="Demo" columns="1" id="tableBlock">

            <apex:pageBlockTable value="{!Requisitions }" var="req">
                
                <!-- skipped -->    
                                             
                <apex:column headervalue="Approval Action">
                    <apex:outputLink target="_new" value="/apex/CSRF_Challenge?approve={!req.id}">Approve This Requisition</apex:outputLink>
                </apex:column>
                <apex:column headervalue="Approval Action (NO CSRF)">
                    TBD
                    <!-- complete challenge here -->
                    <apex:commandLink value="Approve This Requisition" action="{!approveReqNOCSRF}"> 
                        <apex:param name="reqId" value="{!req.id}" assignTo="{!approve}"/> 
                    </apex:commandLink>
                </apex:column>                                                                                               
            </apex:pageBlockTable>
       
        </apex:pageBlockSection>
        
        <!-- skipped -->
         
</apex:form>              
</apex:page>

Any advice?

Thanks,
Alex

Alexander Tsitsura
October 07, 2016
Like
0

34 replies

Predictive Vision Service Sign Up

Having trouble with the sign-up process for the new Predictive Vision Service? Please let us know here and we will work to help you through the process.

Thanks!

Michael Machado 22
October 04, 2016
Like
1

SOLVED

7 replies

Use Lightning Connect to link an External Object with Salesforce Users Issue

Part of the questions asks for the following:

"Change the 'UUID' field on the 'Phone__x' external object to be an indirect lookup relationship to the 'User' standard object. Use the 'Phone_UUID__c' field as the matching key for this indirect lookup relationship."

Every time I create this Indirect Relationship, it just allows me to select the "Accounts" Object, not the User object. Why is this happening? Can anyone help me with this issue?

Thanks!

Yazz_K
April 06, 2016
Like
0