[ZendTo] autodropoff and automationUsers allowed to login interactively. Should not be.

Jules Field Jules at Zend.To
Tue Feb 22 17:16:45 GMT 2022


Guy,

The "automationUsers" can *login* to the web interface, but if you try 
actually doing much once logged in, you'll rapidly find most tasks don't 
actually work correctly. Feel free to give it a try...
Hence the need to separate the "real" users from the "automation" users.

You can even create the automation users (you often only need 1) as a 
"local" user, and use SAML or something pretty with MFA for 
authenticating your "real" users. That's how you authenticate the 
automation user while all the real users have to use MFA (which you 
can't automate).

Cheers,
Jules.

On 22/02/2022 4:56 pm, Guy Bertrand via ZendTo wrote:
>
> Hi Zendto users!
>
> I’m trying to use the autodropoff feature for the first time.I’ve got 
> it working nicely, even from Postman.This is great.
>
> I’m confused by one little thing : I was under the impression that 
> « automationUsers » cannot work with the web interface. I just tested 
> it, and yes, I can send via a auto-dropoff, but the user can also 
> login through the web site.
>
> In my preferences file, I have :
>
> 'automationUsers' => array('autodropoff.ravi at nologin.com'),
>
> In my local users, I have : (information removed to protect the innocent)
>
> autodropoff.ravi at nologin.comxxxx 
> <mailto:Ravi.Solanki at exelaonline.com>xxxxxxxxx
>
> TESTING :
>
> ====================================
>
> >>> When I try to auto-dropoff, it works!
>
> 2022-02-22 11:30:26 96.21.229.99 [Uploadit]: Info: authorization 
> succeeded for autodropoff.ravi at nologin.com
>
> 2022-02-22 11:30:26 96.21.229.99 [Uploadit]: Info: Virus scan of 
> dropped-off files'/var/zendto/incoming/php7B9H1O' for 
> autodropoff.ravi at nologin.com passed successfully
>
> 2022-02-22 11:30:27 96.21.229.99 [Uploadit]: Info: Deleting request 
> codeas it has been used
>
> 2022-02-22 11:30:27 96.21.229.99 [Uploadit]: Info: successfully 
> delivered notification email to guy.bertrand at exelaonline.com for 
> claimID ewJmq5AN7yeRQPQ6
>
> 2022-02-22 11:30:27 96.21.229.99 [Uploadit]: Info: new unencrypted 
> dropoff ewJmq5AN7yeRQPQ6 of 1 file created for internal user Guy the 
> IT Guy guy.bertrand at exelaonline.com in language en_US using browser 
> 'PostmanRuntime/7.28.4'
>
> ====================================
>
> >>> And when I try to login to the web interface, it also works!
>
> 2022-02-22 11:40:25 96.21.229.99 [Uploadit]: Info: authorization 
> succeeded for autodropoff.ravi at nologin.com
>
> 2022-02-22 11:42:04 96.21.229.99 [Uploadit]: Info: logged out user 
> 'autodropoff.ravi at nologin.com'
>
> I must be missing something here.Help!!
>
> ZendTo Version 6.11-2
>
> Regards,
>
> Guy
>
> *Guy Bertrand, M.Ing*
> Directeur informatique / IT Manager
>
> Exela Technologies <http://www.exelatech.com/>
>
> 1155, boulevard Robert-Bourassa, suite 500 •  Montréal (Québec) 
> •  CANADA H3B 3A7
> B / O: +1 514.392.4999 •  M: +1 514.265-9754
> exelatech.com <https://www.exelatech.com/ca/> •About EXELA 
> <https://www.exelatech.com/ca/about-us> •Instagram 
> <https://www.instagram.com/exelatechnologies> •LinkedIn 
> <https://www.linkedin.com/company/exela-technologies>
>
> ------------------------------------------------------------------------
> Attention : le présent message et toutes les pièces jointes sont 
> confidentiels et établis à l'attention exclusive du ou des 
> destinataire(s) indiqué(s). Toute autre diffusion ou utilisation non 
> autorisée est interdite. Si vous recevez ce message par erreur, 
> veuillez immédiatement en avertir l'expéditeur par e-mail en retour, 
> détruire le message et vous abstenir de toute référence aux 
> informations qui y figurent afin d'éviter les sanctions attachées à la 
> divulgation et à l'utilisation d'informations confidentielles. Les 
> messages électroniques sont susceptibles d'altération. Exela 
> Technologies et ses filiales déclinent toute responsabilité en cas 
> d'altération ou de falsification du présent message.
> ------------------------------------------------------------------------
> Please consider the environment before printing or forwarding this 
> email. If you do print this email, please recycle the paper.
>
> This email message may contain confidential, proprietary and/or 
> privileged information. It is intended only for the use of the 
> intended recipient(s). If you have received it in error, please 
> immediately advise the sender by reply email and then delete this 
> email message. Any disclosure, copying, distribution or use of the 
> information contained in this email message to or by anyone other than 
> the intended recipient is strictly prohibited. Any views expressed in 
> this message are those of the individual sender, except where the 
> sender specifically states them to be the views of Exela Technologies, 
> Inc. or its subsidiaries.
>
> This email does not constitute an agreement to conduct transactions by 
> electronic means and does not create any legally binding contract or 
> enforceable obligation against Exela in the absence of a fully signed 
> written agreement.
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

IMPORTANT: This email is intended for the use of the individual
addressee(s) named above and may contain information that is
confidential, privileged or unsuitable for overly sensitive persons
with low self-esteem, no sense of humour or irrational religious
beliefs. If you are not the intended recipient, any dissemination,
distribution or copying of this email is not authorised (either
explicitly or implicitly) and constitutes an irritating social faux
pas.

Unless the word absquatulation has been used in its correct context
somewhere other than in this warning, it does not have any legal
or no grammatical use and may be ignored. No animals were harmed
in the transmission of this email, although the kelpie next door
is living on borrowed time, let me tell you. Those of you with an
overwhelming fear of the unknown will be gratified to learn that
there is no hidden message revealed by reading this warning backwards,
so just ignore that Alert Notice from Microsoft.

However, by pouring a complete circle of salt around yourself and
your computer you can ensure that no harm befalls you and your pets.
If you have received this email in error, please add some nutmeg
and egg whites, whisk and place in a warm oven for 40 minutes.

www.Zend.To
Twitter: @JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20220222/ed7ca4d8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 35601 bytes
Desc: not available
URL: <http://jul.es/pipermail/zendto/attachments/20220222/ed7ca4d8/attachment-0001.png>


More information about the ZendTo mailing list