hide's memo
7 Apr, 2022

How to get a Refreshtoken. (Refresh token is valid for 365 days) Salesforce.

[日本語]

This is a sample for getting the refresh token from saleforce.

(1)Login Salesforce

(2)Change Classc UI (I am not sure hot to do this by Lightning Expreience)

(3)”Setup” -> “Build – Create – Apps” -> Click “Create Apps New” Button.

(4)Input parameters as brlow.

 

(4.1)Connected App Name …. “sample”

(4.2)API Name ….. “sample”

(4.3)Contact Email …. your email address.

(4.4)Check “Enable OAuth Settings”

(4.5)Set “http://localhost” in “Calllback URL”

(4.6)Selected OAuth Scope … “Full access” + “Perform requests at any time(refresh_token,offline_access)..
warning!! this is sample. you should check this permission carefully.

(4.7)Set your salesforce address in “Start URL”

then, “Save” and Copy next form’s “Consumer Key” and “Consumer Secret”

 

(5)”Setup” -> “Administer – Manage Apps – Connected Apps”
(5.2)select “sample”

(5.1)”Edit Policies”

(5.2)”Refresh token policy” : Set “Expire refresh token after 365 days.”

(6)Input the url bellow on the web broweer which you are currently using(currently accsssing the salesforce(having web session))

https://****.my.salesforce.com/services/oauth2/authorize?response_type=code&client_id=****&redirect_uri=http%3A%2F%2Flocalhost

* Set your salesforce server name.
* client_id …. your “consumer key”

(6.1)You will be confirmed as below message and select “Allow”

 

(7)you will be redirected to the following url.
http://localhost/?code=*****
so, save the code.

(8)write a shell as below.

#!/bin/sh
CLIENT_ID="consumer key"
CLIENT_SECRET="consumer secret"
SERVER="yourserver****.my.salesforce.com"
CODE="the code you got at (7)"

#GET REFRESH TOKEN
curl -X POST https://$SERVER/services/oauth2/token -d "grant_type=authorization_code" -d "client_id=$CLIENT_ID" -d "client_secret=$CLIENT_SECRET" -d "code=$CODE" -d "redirect_uri=http%3A%2F%2Flocalhost"

 

execute the shell above, you can get the response as below.

{"access_token":"***","refresh_token":"***","signature":"****","scope":"refresh_token full","id_token":"","instance_url":"https://***.my.salesforce.com","id":"https://login.salesforce.com/id/******","token_type":"Bearer","issued_at":"*****"}

 

5 Mar, 2022

Get Record with using REST-API(SELECT) Salesforce

[japanese(日本語)]

This is sample for getting record from Salesforce with using REST-API(SELECT).

Get record from User Object.Name with LastUpdated > 2022/3/5 15:03:00(JST).

The “$ACCESS” in the below sample is  a access token that you can get with using this method(Get data from Salesforce using curl Salseforce).

DATE="2020-03-05T15%3A03%3A00%2B09%3A00"
curl -H "Authorization: Bearer $ACCESS" "https://$SERVER/services/data/v50.0/query/?q=SELECT+Name+from+User+where+LastModifiedDate%3E$DATE"

 

Get Name,Fax,Division and Signature.

DATE="2020-03-05T15%3A03%3A00%2B09%3A00"
curl -H "Authorization: Bearer $ACCESS" "https://$SERVER/services/data/v50.0/query/?q=SELECT+NAME%2CFax%2CDivision%2CSignature+from+User+where+LastModifiedDate%3E$DATE"
28 Feb, 2022

NTML Authentication and PROPFIND to DAV sample code for ASP.NET

[japanese(日本語)]

NTML Authentication and PROPFIND to DAV sample code for ASP.NET AST.NET

Imports System.Net
Imports System.IO
Imports System.Configuration
Imports System.Data
Imports System.Text

Partial Class _Default
    Inherits System.Web.UI.Page
    Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
        Dim req As System.Net.HttpWebRequest = CType(System.Net.WebRequest.Create("http://hogehoge.com/hoge/hoge/"), System.Net.HttpWebRequest)
        req.Credentials = New System.Net.NetworkCredential(TextBox1.Text, TextBox2.Text)
        req.Method = "PROPFIND"
        req.ContentType = "text/xml"

        Dim res As System.Net.HttpWebResponse = CType(req.GetResponse(), System.Net.HttpWebResponse)

        Dim st As System.IO.Stream = res.GetResponseStream()
        Dim sr As New System.IO.StreamReader(st)
        Dim txt As String = sr.ReadToEnd()
        sr.Close()
        st.Close()
        TextBox3.Text = txt
    End Sub
End Class
27 Feb, 2022

using a lot of individual accounts on JMeter

[japanese(日本語)]

Prepare a lot of indivisual accounts and each of them access to the web system.

 

 

 

1.Prepare a text file including ID,Passwod

This file is delimitered by “tab” as follows.

user001 passwd001
user002 passwd002
user003 passwd003

 

2. Set JMeter As follows

 

(1)User Defined Variable

Add uid,passwd.

(2)Add HTTP Cookie Manager.

(3)Add Transaction Controller.

(3.1.)Add BeahShell PreProcessor. Write code as follows.

int threadNum = ${__threadNum}; 
String filename = "users.txt"; // wirte file name as full path.

String data;
BufferedReader br = new BufferedReader(new FileReader(filename));
String uid="";
String passwd="";

int num=0;
while((data = br.readLine())!=null){
  String[] token = data.split("t");
  uid = token[0];
  passwd = token[1];

  num++;
  if(num == threadNum){
    break;
  }
}
br.close();

vars.put("uid",uid);
vars.put("passwd",passwd)

 

(3.2) Add HTTP Request

This example assumed to login with posting uid and passwd .

Access URL:http://localhost/cgi-bin/login.cgi

HTTP Request:POST

Add Parameters  as follows

uid    ${uid}

passwd    ${passwd}

 

(4)Add Loop Controller

(4.1)Add HTTP Request

(4.2)Add HTTP Request

 

You can increse the number of Threads as many as the “user.txt” files line.

 

 

 

 

26 Feb, 2022

Despite SSL offroading on the Load balancer, Spoofing Web Applications as being accessed by HTTPS . (URLRewrite,IIS)

[japanese(日本語)]

Despite SSL offroading on the Load balancer, Spoofing Web Applications as being accessed by HTTPS .

 

 

  1. Install URLRewrite module to IIS
  2. on the URL Rewrite module setting, Add “HTTPS” on “server variables”
  3. write web.config as follows.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<rewrite>
   <rules>
       <rule name="backend" patternSyntax="Wildcard">
           <match url="*" />
           <serverVariables>
               <set name="HTTPS" value="on" />
               </serverVariables>
           <action type="None" />
       </rule>
   </rules>
</rewrite>
</system.webServer>
</configuration>


20 Feb, 2022

apache+perl+cgi on termux

[japanese(日本語)]

 

1.Install temrux

Install termux on PlayStore.

 

2.install apache,perl

apt update
apt upgrade
apt install apache2
apt install perl

 

3. modify httpd.conf

file:/data/data/com.termux/files/usr/etc/apache2/httpd.conf

<Directory /data/data/com.termux/files/usr/lib/cgi-bin>
</Directory>

Add options to the  above section as follows.

Options +ExecCGI

 

uncomment the following line.

AddHandler cgi-script .cgi

 

modify httpd.conf  to load mod_cgi module as follows.

<IfModule mpm_prefork_module>
    #LoadModle cgi_module libexec/apache2/mod_cgi.so
</IfModule>

#<IfModule mpm_prefork_module>
    LoadModle cgi_module libexec/apache2/mod_cgi.so
#</IfModule>

 

4. confirmation (confirm to work printenv)

4.1. add execute permisision

chmod ugo+x /data/data/com.termux/files/usr/lib/cgi-bin/printenv

4.2.add the line as follows into printenv

#!/usr/bn/perl

 

5. start apache

apachectl

 

6. access to the local web server on android as follows.

http://localhost:8080/

http://localhost:8080/cgi-bin/printenv

 

 

 

 

 

 

20 Feb, 2022

Create Web Server Filter by apache module

[japanese(日本語)]

You can controll Web server (IIS, apache) with adding module as follows.

 

This is a exsample that display  “overtime” when it was accessed except from 8:00 to 18:00.

 

1. Environment

OS: CentOS7.7

apache: 2.4.6

 

2. Install apxs

yum install httpd-devel

 

3. Create template

cd /tmp/work/

apxs -g -n sample01

 

4. modify source code.

/* The sample content handler */
static int sample01_handler(request_rec *r)
{
  time_t timer;
  struct tm *t_st;
  char buff[256];
  time(&timer);
  t_st = localtime(&timer);

  sprintf(buff,"%02d%02d", t_st->tm_hour, t_st->tm_min);
  if(strcmp(buff,"0800")>=0 && (strcmp(buff,"1800")<=0)){
    return DECLINED;
  }
  else {
    r->content_type = "text/html";
    if(!r->header_only){
      ap_rputs("<html><body>overtime</body></html>", r);
    }
    return OK;
  }
}

static void sample01_register_hooks(apr_pool_t *p)
{
  ap_hook_handler(sample01_handler, NULL, NULL, APR_HOOK_FIRST);
}

 

5. Make

apxs -c mod_sample01.c

 

6. copy module to apache modules directory.

cp .libs/mod_sample01.so  /etc/httpd/modules/

 

7. modify apache config.  order to load the module at first.

#                                                                                                                                   
# Dynamic Shared Object (DSO) Support                                                                                               
#                                                                                                                                   
# To be able to use the functionality of a module which was built as a DSO you                                                      
# have to place corresponding `LoadModule' lines at this location so the                                                            
# directives contained in it are actually available _before_ they are used.                                                         
# Statically compiled modules (those listed by `httpd -l') do not need                                                              
# to be loaded here.                                                                                                                
#                                                                                                                                   
# Example:                                                                                                                          
# LoadModule foo_module modules/mod_foo.so                                                                                          
#                                                                                                                                   

LoadModule sample01_module modules/mod_sample01.so                                                                                 
Include conf.modules.d/*.conf

 

8. restart apache

19 Feb, 2022

Get data from ServiceNow using curl

[japanese(日本語)]

1. Using userid and password

#!/bin/sh

MY_INSTANCE="**** your instance ****"
CLIENT_ID="**** your instance ****"
CLIENT_SECRET="**** your instance ****"
USER="** your userid **"
PASSWD="*** your password ***" # !!warning. you might need to escape it.

#----------------------------------------------
# Get Access token from Id,Passwd
#----------------------------------------------
RESULT=`curl -X POST https://$MY_INSTANCE.service-now.com/oauth_token.do -H "Content-type: application/x-www-form-urlencoded" -d "grant_type=password" -d "client_id=$CLIENT_ID" -d "client_secret=$CLIENT_SECRET" -d "username=$USER" -d "password=$PASSWD"`

ACCESS=`echo $RESULT | awk 'BEGIN{FS="access_token\":"}{print $2}' | awk 'BEGIN{FS=","}{print $1}'| sed -s 's/\"//g'`


#----------------------------------------------
#Get Incident with using Access token
#----------------------------------------------
curl -s "https://$MY_INSTANCE.service-now.com/api/now/table/incident?sysparam_query=&sysparam_view=&sysparam_fields=sys_id%2Cshort_description" -H "Authorization: Bearer $ACCESS" -H "Content-Type: application/json"

 

2. Using refresh token

#!/bin/sh

MY_INSTANCE="**** your instance ****"
CLIENT_ID="**** your client id ****"
CLIENT_SECRET="**** your client secret"
REFRESH_TOKEN="****your refresh token ****"

#----------------------------------------------
# Get Access token from Refresh token.
#----------------------------------------------
RESULT=`curl -X POST https://$MY_INSTANCE.service-now.com/oauth_token.do -d "grant_type=refresh_token" -d "scope=useraccount" -d "client_id=$CLIENT_ID" -d "client_secret=$CLIENT_SECRET" -d "refresh_token=$REFRESH_TOKEN"`
ACCESS=`echo $RESULT | awk 'BEGIN{FS="access_token\":"}{print $2}' | awk 'BEGIN{FS=","}{print $1}'| sed -s 's/\"//g'`

#----------------------------------------------
#Get Incident with using Access token.
#----------------------------------------------
curl -s "https://$MY_INSTANCE.service-now.com/api/now/table/incident?sysparam_query=&sysparam_view=&sysparam_fields=sys_id%2Cshort_description" -H "Authorization: Bearer $ACCESS" -H "Content-Type: application/json"

 

3. How to get a refresh token from your servicenow instance.

see the link below.

How to get a refresh token from servicenow