#!/bin/bash
#
# noodle_datamanager_report_get.sh
#
set -e
U=$1
P=$2
F=$3
R=$4
SITE="https://domain.tld"
COOKIE=noodle_cookie.tmp
if [ "$R" == "" ] ; then
echo NO >&2
exit 1
fi
if [ -f $COOKIE ] ; then
echo "already running"
exit 2;
fi
wget -q "$SITE/HandleLogin.po" --post-data="user_name=$U&user_password=$P" --keep-session-cookies --save-cookies $COOKIE -O /dev/null
wget -q "$SITE/datamanager/ReportView.po?folder=$F&reportHandle=$R&itemsPerPage=99" --load-cookies $COOKIE -O -
rm $COOKIE
User Usage
API
IWA Debug
Microsoft checklist here.
Server list SPNs:
setspn -l %NoodleServiceAccount
Client list cached tickets:
klist get HTTP/%noodle.domain.tld
Client uncache tickets:
klist purge
The following information can be obtained with Wireshark;
[truncated]Authorization: Negotiate YIG...NER GSS-API Generic Security Service Application Program Interface OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation) Simple Protected Negotiation negTokenInit mechTypes: 4 items MechType: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5) MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5) MechType: 1.3.6.1.4.1.311.2.2.30 (NEGOEX - SPNEGO Extended Negotiation Security Mechanism) MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider) mechToken: 6092a864886... krb5_blob: 6092a864886... KRB5 OID: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5) krb5_tok_id: KRB5_AP_REQ (0x0001) Kerberos ap-req pvno: 5 msg-type: krb-ap-req (14) Padding: 0 ap-options: 20000000 (mutual-required) 0... .... = reserved: False .0.. .... = use-session-key: False ..1. .... = mutual-required: True ticket tkt-vno: 5 realm: INTRA.NET sname name-type: kRB5-NT-SRV-INST (2) sname-string: 2 items SNameString: HTTP SNameString: intra.net enc-part etype: eTYPE-ARCFOUR-HMAC-MD5 (23) kvno: 2 cipher: 678ed5435c9ec4d6... authenticator etype: eTYPE-ARCFOUR-HMAC-MD5 (23) cipher: 62a133014138848d900d436...
SAML Debug
The following information can be obtained with Wireshark or with Noodle DEBUG;
https://intranet.onelogin.com/trust/saml2/http-post/sso/699546?SAMLRequest=fVLLbtsw...%2FkD&RelayState=https%3A%2F%2Fintra.net%2FSAML.po
Should be sent to the IdP which before it is deflated and base 64 encoded looks like
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="-5abe3a1a-1671d27aa18--8000" Version="2.0" IssueInstant="2018-11-16T15:33:17Z" ProviderName="Noodle" Destination="https://intranet.onelogin.com/trust/saml2/http-post/sso/699546" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://intra.net/SAML.po">
<saml:Issuer>Noodle</saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted" AllowCreate="true" />
<samlp:RequestedAuthnContext Comparison="false">
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
The IdP should reply with "Content-Type: application/x-www-form-urlencoded" containing "SAMLResponse: PHN...fCg==" which when base 64 decoded looks like
<samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="R6229535893ec8f41746de8cd0bb42fe1008d88a7" Version="2.0" IssueInstant="2018-11-16T15:33:18Z" Destination="{recipient}" InResponseTo="-5abe3a1a-1671d27aa18--8000">
<saml:Issuer>https://app.onelogin.com/saml/metadata/699546</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="pfx95004805-783d-f0ee-f32d-17d50ca7ef90" IssueInstant="2018-11-16T15:33:18Z">
<saml:Issuer>https://app.onelogin.com/saml/metadata/699546</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#pfx95004805-783d-f0ee-f32d-17d50ca7ef90">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>uCsDHp/wXNnMIz7nkq2D7OF81zY=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>QbDsbkTMULdxYmiV8lu64jUE4BNj7ETQvUhjlgHrbaUKMaUdnluJma8T9jh8WOUEQw+Of/MGP4hMJE18f2XOJJK3X3VQnlggE5z98xjHrP0SugRH+elgQpOVkB9ht685UXtzRF6SVAIwstOGphOgqgGRwrG9fPQpN6DAKr00IOc6ItM7cbhVnA+EA8iHP8WP0n+VZXkdub9Sb/tgVkimih3/7DZPIWi6FpmlsTN88mlxBXJKnslr1Iw0ZLqLjR5dJSFz7SHrkBijirFf/kOydoQeOQrRS+6XzOmXayWCP2hHWXVvr5Ye1GbDZyjKTxMpObc+Lv6nj7llC1Mal2M0cw==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIEFzCCAv+gAwIBAgIUUVsi+5GzFHp5EeCzav01iiNyreEwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB1ZpYWxlY3QxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEgMB4GA1UEAwwXT25lTG9naW4gQWNjb3VudCAxMDkzNzAwHhcNMTcwNjI1MTYzMjM5WhcNMjIwNjI2MTYzMjM5WjBYMQswCQYDVQQGEwJVUzEQMA4GA1UECgwHVmlhbGVjdDEVMBMGA1UECwwMT25lTG9naW4gSWRQMSAwHgYDVQQDDBdPbmVMb2dpbiBBY2NvdW50IDEwOTM3MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFTuHcxpp8/hhD8BepAo8EI9AT7dACYFfISZo9IEcBMI1af3p/mm+lV9Iz1ZvoFTddIxHQMVe686segtdkg+p/LA+bWETyRv59yDfH8B3avZkbZkXR7lYq+noMMpQwoA3JYDcJGp9Hoh7FHuhCEZZQCGMuUbGaHMTMaMipzPB7AI9Bg6nZpTmDRqzPEd6SzKJHs18W2dZxJA+lDfze2tfyBaAuC2VFqJ3R2NZhZtpUE7IqCG67zv3ItLNk0sDqPEU3/LSIGyT0+fYcVEraBpIMkLp4MQDcihyTWZSVfhdxaOr0Fn4fUV9aTS/a1a5gybK/zat0cs6pJDgBSfoh9xRUCAwEAAaOB2DCB1TAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQFLDFhCLxjqc6f+cwpm7YnNZH2PTCBlQYDVR0jBIGNMIGKgBQFLDFhCLxjqc6f+cwpm7YnNZH2PaFcpFowWDELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB1ZpYWxlY3QxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEgMB4GA1UEAwwXT25lTG9naW4gQWNjb3VudCAxMDkzNzCCFFFbIvuRsxR6eRHgs2r9NYojcq3hMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAG/YWVdBSvyUjpO8s97Z7KPo843putSf0jgiDHtD8FGddNmdRbAwPbzWBnFupZGyPPgogoEoTRqgRalPvV0xP4PmBMJuAYssI+vwqsj9cqr4pXzpqcsGzJct8SeWSvBqbzBbu+OMbSJ5hm3RvbzSjY6nNAHY7gMe0+7V5Cd+0vzGvmSeXFnKgW7HGlP/98gmDf7KpJYmQmFDITMFc0IS0BQb13SWd7FHVchIXukqqUFFpczWx2cwUmNq1TqcGZESA3XEGbtiJ0HoEmSIQA2RLGSgEPSUgMV+UM8MhYf/bQx6VAInizM/10IokZaAQn2fzz0m5uIbf2qSMXBBoYWWWng==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">tim@intra.net</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2018-11-16T15:36:18Z" Recipient="{recipient}" InResponseTo="-5abe3a1a-1671d27aa18--8000" />
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2018-11-16T15:30:18Z" NotOnOrAfter="2018-11-16T15:36:18Z">
<saml:AudienceRestriction>
<saml:Audience>{audience}</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2018-11-16T15:33:17Z" SessionNotOnOrAfter="2018-11-17T15:33:18Z" SessionIndex="_c9a77760-cbdb-0136-fc65-0233ce1b6e10">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>
Integration
Noodle supports the following integrations:
- Authentication
- Media
- Unsplash
- Youtube
- Vimeo
- Files
- Google Drive (OAuth)
- Calendars (iCal)
- Microsoft
- Scripting (bash)
- email (SMTP)
- Postfix
- MS Exchange
- etc
- RDBMS (SQL)
- PostgreSQL
- MS SQL
- MareaDB
- MySQL
- CockroachDB + Ceph
- Oracle
- Web Browsers
- Firefox
- Chromium
- Indexing (CLI)
- TensorFlow
- MS Office
- Adobe
- LibreOffice
- OpenAI Whisper
- Tesseract
- etc
- UI Customization (JS/CSS)
- Weather
- RSS
- etc
Drive
- Create a drive key and secret
- Put them in "System Tools > Settings > General > Google Drive OAuth"
- Note that OAuth requires your Noodle server to be accessed via a public domain
- Enable in the "Administration > Properties" of the folder you want to connect.
- View the folder and follow the prompts.
Bug Bounty
Vialect Bug Bounty;
- Contact us and let us know you are interested.
- Qualification
- Confine aggressive/damaging testing to a local install
- Keep your findings confidential until the week after we fix the bug (same day we hope)
- We pay whenever we make a change as a result of your bug report.
- Send us a report with enough information for us to reproduce the bug of whatever class
- RCE Remote code execution
- EoP Elevation of privilege
- ID Information disclosure
- DoS Denial of service
- We will reward you (You will not be prosecuted)
- Public credit and thanks
- Payment (varies by severity and location of the bug up to $1,000 USD)
We thank VioPoint and All Covered for Testing Noodle.
Bug Reports
When something unexpected happens Noodle will ask you what you were doing and email a stack trace to Vialect. Bug reports may also be sent to techsupport@vialect.com. Please use saleshelp@vialect.com for any other inquiries.
Please provide the following to help us reproduce and correct issues faster:
- Minimal steps to reproduce the issue from scratch. Possibly relevant details:
- The URL
- The version of Noodle
- The version of Web Browser
- The version of Operating System
- A username and password
- An ordered list of buttons/links clicked
- Sample file/data
- Expected behavior, possible details:
- 720p mockup of desired appearance with min and max sample data.
- Actual behavior, possible details:
- A full resolution screen shot including address and scroll bars
- Web Browser console output
- Web Browser network log (HAR)
- The source of any warning pages (wrong format, missing parameter)
- The source of any email
- A zip of the Noodle/log folder
- Observe email educate
- A short descriptive email subject
- Reply to the email thread only for the same issue
- Don't make new threads for the same issue.
- Avoid requesting thread history review.
- Do not place legal or print notes in signatures or otherwise bloat them.
- Use text in favor of images
- Use attachments not overlays/embeds of images or text
- Be concise.
Leaving out information leads to Vialect spending less time creating solutions and more time attempting to reproduce issues and linking to this page.
ical
Noodle can import and export ical and supportts the non-standard TTY;
X-PUBLISHED-TTL:PT1H
REFRESH-INTERVAL;VALUE=DURATION:P1H
mailto limits
mailto has no defined limit on the number of characters but there are limits in practice (as of 2015)
Web Browsers:
- Apple Safari
- 705000000
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56
- limited by 16GB RAM
- Mozilla Firefox
- 268435455
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0
- limited by maximum string length
- Google Chrome
- 2097132
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
- limited without explanation
- Microsoft Internet Explorer
- 2029
- Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko
- limited without explanation
Email Clients:
- Mozilla Thunderbird
- 2097132 works in 1 second
- 268435455 uses 100% CPU for 2 minutes but fails to render the body and is not usable
- version 38.3.0
- SeaMonkey
- 2097132 works in 5 seconds
- 268435455 uses 100% CPU for a long time (more than 5 minutes)
- version 2.38
- Apple Mail
- 500000 works in 14 seconds
- 2097132 uses 100% CPU for a long time (more than 5 minutes)
- version 8.2
- Microsoft Outlook
- trims any url to 2070 in 1 second
- version 2013