I am trying to customize my frappe app based on a role.
user with Role Website logs in.
Check if the user has company set
If it is not set then redirect them to a custom page where they can select company.
If the user tries to navigate away to any other URL then redirect them to Step 2.
I believe it can be done with a middleware. But, my question is, where would we invoke the middleware in my custom app?
I tried to to add a custom middleware and tried to invoke in the frappe app but I dont think this is the suggested way.
You should be able to add an auth or login hook to do this for you. Check the user data, set the route location in the flags and raise frappe.Redirect
Refs:
Auth Hooks
Session Hooks
Searches in the Frappe Source Code (keywords: redirect, redirect_location)
Related
I have a Wordpress website and a Chrome Extension. If the user logs in on the website, I want the Chrome Extension to be aware of that (and vice-versa). The Chrome Extension won't have a login form in it; the user will always log in through the website login form.
When you log in on the website, Wordpress by default sets its authentication cookies to identify the user. What I initially had in mind: I would also like to return some kind of access token, which I would store somewhere where the extension can find it and use it to make authenticated requests to the Wordpress REST API. But.. where do I store it (in a safe manner) so I can find it within the extension?
Perhaps I should try a different approach?
Thank you!
What you could do, the simpler way:
create an Ajax action or a REST API route
as you can read in the documentation, the authentication is cookie-based. So once the user is logged in from the WordPress login form, the authentication cookie is added to your browsing session
without overrides, the cookie will also be forwarded when using JS HTTP queries (eg ajax)
your route could check something like is_user_logged_in() or wp_get_current_user() like available methods. And return the result (among other things if needed) to your plugin JS
you may need to change the WordPress cookie configuration, so they can be accessed from anywhere (any domain), check this.
Better way:
would be to use a plugin like this to implement REST API Oauth2 authentication
user should be able to login directly from the extension window (need development), and then use a refresh token feature to keep the user logged in.
I believe you may also need to update your actual login form, if its classic or OAuth rest API login, should be able to send back the required OAuth token (access and refresh tokens), to the frontend (then stored in local storage or else) to be used by the extension. To prevent having to log in twice.
So I am implementing this single sign on feature using Azure AD as the authentication provider. My question is : is it possible to register just one centralized application for potentially multiple deployments?
doc
single sign out
I also want this single sign out feature. i.e. if a user log out of his/her outlook account, my app will react to it and also perform a logout.
The doc specify that I need to set the LogoutUrl field in AAD and do the implementation. The problem is I can only fill out one LogoutUrl for each registered application. I tried move this logout url to the reply urls but the endpoint will not fire.(only work when filled in the logout url field)
Scenario: I have one core app for potentially multiple deployments, and they all have their unique urls.
abc.com
abc1.com
abc2.com
The list will go longer, so it is painful if I need to set up the application for each one. Can I get around by just setting one centralized app?
For the redirect url I think I can set up multiple reply urls. Or can I?
The difficult part is the logouturl: AAD only allow to set up one value, so I need to set up a centralized endpoint (logout.com/logout) to receive the logout call, and then redirect the call to the associated deployment. ( a user log out from abc.com, logout.com/logout is fired, it will then need to identify that the logout happens in abc.com, then it direct the call to abc.com so abc.com can receive and perform cleanups.)
For Azure Active Directory, you can have reply urls spanning multiple domains. So that works. You can also use these reply urls as part of your logout process. The logout url setting is optional, as far as I know.
https://login.microsoftonline.com/{0}/oauth2/logout?post_logout_redirect_uri={1}
(How to signout from an Azure Application?)
Remark: Azure AD B2C only supports reply urls within a single domain.
Edit: It seems I misunderstood your question. Do you want a redirect to abc.com when the user logs out from abc.com? use the redirect url. Do you want to clear the session in abc.com, abc1.com, abc2.com when the user logs out from abc.com? This is more tricky since AAD opens up your logout url in an hidden iframe (=> "Front-channel signout", a GET to the designated URL). If you want this to actually clean up all your domains, you need to get creative... not sure what the best way ist. You could try returning HTML that in itself has iframes to all the domains.. but i don't know if it will be properly evaluated.
I am just starting out with using the WP REST API.
For authentication, I use JSON Web Tokens.
The only question I have is how I can give users the possibility to register by themselves, since registering a user also requires an authentication key.
Since the user has not yet logged in, this key cannot yet be retrieved.
I came up with the following two options, but cannot figure out how to do either of them.
The application itself has an authorization key with which the request can be made.
Disabling authentication requirement for user creation.
If I'm looking at this in the wrong way, any answers are welcome!
Thanks!
If your application is a web page then the easiest is to do this separately from the WordPress REST API. WordPress has a web page http://aaa.bbb.ccc/wp-login.php?action=register that allows you to register new users. To enable this web page check the Dashboard -> Settings -> General -> Membership -> 'Anyone can register' option.
If your application is a mobile app then your mobile can just sent the same HTTP request that http://aaa.bbb.ccc/wp-login.php?action=register sends. I.E. a POST request with query parameter action=register with POST parameters user_email, user_login, wp-submit=Register.
If you really insists on doing this using the REST API I think the following will work. (Disclaimer: I have not actually implemented this.)
You will need to override the WordPress REST authentication. First create a new role with the capability 'create_users'. Second create a user with this role. Create a nonce that specifies that a new user is to be registered. When your app returns this nonce and the user credentials to the http://aaa.bbb.ccc/wp-json/wp/v2/users endpoint you should override the WordPress authentication to set the current user to the user you created with the role 'create_users'.
I am new to Symfony2. I am trying to use FOSUserBundle for user authentication.
Is it possible to use single FOSUserBundle for admin as well as front end section? If yes, then what changes i will need to make at script level?
What i want is:
1. if i access url http://localhost/symfony/admin/ then i should be redirected to http://localhost/symfony/admin/login if admin is not logged in and after successful login, i should be redirected to http://localhost/symfony/admin/
2. if i access url http://localhost/symfony/profile/ then i should be redirected to http://localhost/symfony/login if user is not logged in and after successful login, i should be redirected to http://localhost/symfony/profile/.
By default FOSUserBundle create user as administrator. So what change need to place in to let bundle create user role for front end automatically and admin role for admin section.
You need to override the authentication-success listener in your security configuration to have user's redirected to different pages after login depending on their roles.
Have a look at this answer and maybe find some inspiration by looking at symfony's DefaultAuthenticationSuccessHandler.
Further you will need to override the access-denied handler ( see this answer ) to have user's get redirected to different login pages depending on the url they're trying to access without being authenticated.
In Drupal, there is a site I have to work on that has an annoying quirk.
Anytime someone registers, they are redirected to a custom page. I have grepped for drupal_goto, and looked in the database to find out what is causing this redirect to happen.
Whats the most effective way to track this down???
Found it. A rogue drupal_goto() statement implemented by previous developer.
Consider the LoginToboggan module. Here is a quote about it (from the module's project page):
... offers several modifications of the Drupal login system in an external module by offering the following features and usability improvements:
Allow users to login using either their username OR their e-mail address.
Allow users to login immediately.
Provide a login form on Access Denied pages for non-logged-in (anonymous) users.
The module provides two login block options: One uses JavaScript to display the form within the block immediately upon clicking "log in". The other brings the user to a separate page, but returns the user to their original page upon login.
Customize the registration form with two e-mail fields to ensure accuracy.
Optionally redirect the user to a specific page when using the 'immediate login' feature.
Optionally redirect the user to a specific page upon validation of their e-mail address.
Optionally display a user message indicating a successful login.
Optionally combine both the login and registration form on one page.
Optionally have unvalidated users purged from the system at a pre-defined interval (please read the CAVEATS section of INSTALL.txt for important information on configuring this feature!).
Integrates with Rules module to do various tasks when a user validates via email validation process.