mdeggies

def validate_request_source(request):
    """Validate that the incoming request is from our own slack instance in Python3
       Returns True if the request is valid, False otherwise"""
    try:
        if 'X-Slack-Request-Timestamp' in request.headers and 'X-Slack-Signature' in request.headers:
            timestamp = request.headers['X-Slack-Request-Timestamp']
            expected_signature = request.headers['X-Slack-Signature']
            # Reject replay attacks
            if (int(timestamp) + (60 * 5)) < int(time()):
                return False

mdeggies

Quick bash script that shows how to use the gon CLI tool on a remote OSX box to sign, package, staple, and notarize a product from releases.hashicorp.com. It also validates that the binary has been signed and notarized properly and can run on OSX 10.15.

Pre-reqs:

• Your OSX box should have OSX 10.15+, wget, Xcode 11.1+, and SSH access enabled
• Create a developer ID cert and add it to your login keychain on your OSX box
• Set the following environment variables locally: SSH_USER, SSH_PWD, and REMOTE_IP
• Edit config.json locally and replace the variables with real values
• Ensure config.json, script.sh, and remote_script.sh are all in the same local dir

To run:

mdeggies

<!doctype html>
<html lang="en-us">
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <title>Example Okta Sign-In Widget</title>

  <!--[if lt IE 9]>
  <script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.2/html5shiv.min.js"></script>

mdeggies

// GIST shows how to validate a shiro1 password hash in Java. 
// The original mcf_string was created via the Shiro Command Liner Hasher: https://shiro.apache.org/command-line-hasher.html
// With these args: java -jar shiro-tools-hasher-1.3.2-cli.jar --algorithm SHA-512 --nogensalt --saltbytes <BASE64_ENCODED_SALT> --iterations 500000 --password Jenydoby6! 

import org.apache.shiro.crypto.hash.Sha512Hash;
import java.util.Base64;

// Extract the password hash. Below is an example hash
String mcf_string = "$shiro1$SHA-512$500000$ctYP52a2Sp2yIjzzlJAuPg==$ctZ4gQtNd7bKI0SWtktRAiP4Xzgk66sabg3pj0pQBmKZmgG7KAXZqAhBJJ3cCTqenfqi4LTgeZnh4waL6oMH+w==";

mdeggies

<?php

// GIST shows how to validate a shiro1 password hash in Java. 
// The original mcf_string was created via the Shiro Command Liner Hasher: https://shiro.apache.org/command-line-hasher.html
// With these args: java -jar shiro-tools-hasher-1.3.2-cli.jar --algorithm SHA-512 --nogensalt --saltbytes <BASE64_ENCODED_SALT> --iterations 500000 --password Jenydoby6! 
// Extract the password hash. Below is an example hash

$mcf_string = '$shiro1$SHA-512$500000$ctYP52a2Sp2yIjzzlJAuPg==$ctZ4gQtNd7bKI0SWtktRAiP4Xzgk66sabg3pj0pQBmKZmgG7KAXZqAhBJJ3cCTqenfqi4LTgeZnh4waL6oMH+w==';

$parts = \explode('$', $mcf_string);

mdeggies

"""
    password-import.java
    ~~~~~~~~~
    A super basic script that shows how to import a user with a freshly SHA-1 hashed password into Stormpath 
    and authenticate him using the Java SDK (version 1.5.5): https://github.com/stormpath/stormpath-sdk-java
    
    NOTE: You will need to add the apache commons codec jar (version 1.10) to your project in order to use DigestUtils
"""

public class Quickstart {

mdeggies

"""
    password-import.py
    ~~~~~~~~~
    A super basic script that shows how to import a user with a freshly SHA-1 hashed password into Stormpath 
    and authenticate him using the Python SDK: https://docs.stormpath.com/python/ 
"""

from base64 import b64encode
from hashlib import sha1
from stormpath.client import Client

mdeggies

/*** Sources: https://github.com/stormpath/stormpath-sdk-node/blob/master/lib/resource/Application.js#L122
              https://docs.stormpath.com/rest/product-guide/latest/idsite.html ***/

'use strict';

var stormpath = require('stormpath');
var http = require('http');
var Router = require('router');
var finalhandler = require('finalhandler');