I have two web application sharing one firebase (auth, db etc), it all works well, but i when users want to do a reset password, the email i can see in the Password reset template allows me to change it but i don't want to be hard specific on the url, given the password request might come from either application, is there a way to let firebase know which link to use or possibly set it from the code ?
It is not possible to change it to a fully customized URL(like mywebapp1.com), the reason for that is that it won't be possible to check if the modified URL is a valid one.
You have 2 options:
You can get a custom domain like authApp.com and follow these steps on the documentation so you can have a more personalized experience for both apps.
You can create dedicated emails based on the app (the URL will stay the same) using action links , this will show a nice layer of customization to your emails based on the specific web app being used.
Related
I'd like to start a website that provides users with photos editing/storing experience. The initial idea is that the user has his own account where we store the edited photos and some settings. I'm am a WordPress web developer and when I try to consider how to build such a website in WordPress I don't really understand how to provide such a services without having access to user photos. My idea was to create a custom post type and save it with the user as an author. But as an admin of the website, I will have access to all the created/saved photos and I would like to build it in a way that I don't have it. Is it possible?
I've used previously the app to write a diary that saved the data to my Google Drive and if I understand correctly, it never had access to my files.
So my question is: what are the best practices to build such a resource? Is it normal to have access to all of your user photos if you provide such a platform?
In your case, as you will use WordPress and you are the developer you will always have access to the data of everything.
You will always have a way of knowing which data is from user or which data belongs to another user.
You have two options to do this, but this will take some development work:
1 - You must recreate the way WordPress works where the user is not related to an email and not private data that can relate to the user.
Example: You ask the user to register only that only asks for a hash that can be any word, number, or any other information and a second field would be the password.
With this in the backend you get this two information and do some kind of hash I'll give the example using md5 but do not use it.
After that join these two data and this will be the user.
and to login the user needs to repeat this information and will be within the platform. With this you will be able to maintain the anonymity of the user and will not know who the user is.
In this option you will have for each hash and password a different user :)
But I recommend not using wordpress if you choose this option. You can use a framework like CodeIgniter for example which is super simple.
2 - The second way would be to use the normal wp User, not worrying about who the user is and their information. But one way to keep photo information "anonymous" is to generate a unique hash with each user and have some way of relating the user to it.
Example: When uploading a file to edit it will generate a passkey, you must warn the user that when they want to edit this photo or view they will need to type it into an input. With this you will not know which information is from which user. but it requires extra work for the user
This way you will always have anonymity of user information. I hope I helped you somehow.
I am using Admin-supervised registration (Never) strategy as Public user registration. With this approach, Admin needs to enable the user, but admin is not getting an email. Is this the expected behaviour or admin should get an email to notify new user has been registered. If that is not out of the box feature, How can I enable admin to get an email when the user is registered ?
Also, I would like to know can I mix and match Registration after mail notification and Admin to enable. Then we can make sure provided email is correct as well and Admin to control to access.
Thanks.
For getting the notification, you can simply add custom strategy that would wrap the ootb provided one and send email on top ... or you can add observer on the users workspace and configure it to call MailCommand upon new disabled user being created in the repo. Whichever of the two suits you better.
As for combining two of the existing strategies, the simplest way to achieve that is by writing your own that will indeed do combination of the two provided out of the box. Since each of the functionalities you desire is there, it should be rather simple to combine them in one class.
HTH,
Jan
I am having some trouble figuring out how I can let users set their API credentials to get read-only data from the Google Calendar API.
I have it set up to use OAuth to allow a fallback. It allows the user to click for an access key to copy over and save.
However, I am finding an issue when I try to make it so users can enter their own API settings.
I tried the same method I used for the fallback, but even if they enter those credentials in they would still need to authenticate it with an access key.
So I guess my question is how can I just include a simple API key to be saved and used to get the data?
I haven't been able to find very many resources or documentation on this so even pointing me in the right direction will be very helpful.
Thanks!
EDIT:
So here is a link to the part of the Calendar API I need to use: https://developers.google.com/google-apps/calendar/v3/reference/events/list
And if you compare it to the top of the page of this API page: https://developers.google.com/google-apps/calendar/v3/reference/events/delete
You will see the delete specifies that it requires Authorization, but the List does not. All I need is the list but when I have tried to connect with it without any authorization it does not work. Am I missing something?
If the data is not public, the users will have to authenticate with Google and enter the access code on your plugin configuration. Google Analytics for WP does this, check its source.
I don't see the problem with having the users authenticating, but one alternative is to add support for service account, like the Google Drive WP Media does. In this case users of your plugin will enter the service account email and upload the private key file (I'm not sure if the Drive WP plugin implements it in a secure way).
I have one requirement like I want to hide the data (lists/libraries/documents) to the users which are forms based authenticated. Windows users can add the data into sharepoint lists. Forms based authenticated users only able to see when ever windows authenticated users give the permission. I thought to create one group for the forms based authentication, but we cannot hide data from them, so this will not work. How to do this ? I am thinking on this, but not able to find the solution.
Any one has any idea?
New Addition:
Actually, there should be two urls (say URL1, URL2) for the same site which we can configure in the alternate access mapping. Only one url (URL2) should be exposed to external users. So, when ever any external user login(Forms user) then we have to show the content which is given access by windows authenticated user. Means when windows users add some content to the URL1 and the give permission for the form authentication users then that content should appear in URL2. By default the content added in the URL1 will be reflected to URL2. But here it should not happen.
Principally, there shouldn't be a problem duplicating your site, and modifying the copy to be more limited than the original.
If both sites are on the same site collection, you can configure them to use the same lists/document libraries.
After you do that, it's simply a matter of configuring AAM to present one site outside, and one inside.
I'm a new to Drupal but I just want to hack/customize the login function of Drupal 7, like hardcoding. As i have discovered that Drupal 7 login process is handling by user.module and its associated files.
I just wanna know which kinds of values or properties are returning or providing when a user logging/authentication process is done by providing just Username/Password.
The final properties it returns, to provide back to Drupal (along the whole authentication process) that I just noticed so far are:
{uid} of the attempted user
{rid} role id of the user
user email
user is blocked or not
then .. ?
The point is .. what other else?
Can i replace/modify the whole existing authentication process? (as i need)
For example, one of the default auth functions in user.module:
function user_authenticate($name, $password) {
..
return $uid;
}
For example, if i modify (hardcode) that function to connect to my other external database(s) and return {user id}, the Drupal will get one auth requirement {uid}. Then what other else to provide? User Role and .. etc etc ?
Like that .. what other functions and properties else should i touch and provide back to Drupal along the authentication process?
This is not an actual answer but I cannot post this as a comment.
Basically we do not hack core. So looking at the user.module's code will not help you very much than learning the hooks. For an example, It's difficult to get an idea about how to add some magic when a node is created by looking at the code of hook_nodeapi(). But if you check the docs and the return/input arguments, it's much easier to do the job.
I'd start by adding an extra submit handler to login form using hook_form_alter(). I have seen some other threads from you about your use case but unfortunately it's difficult to provide a sample code for you.. You can see how other modules implement extra authentication (e.g: http://bit.ly/LdRcm6). (See how Remember Me module adds a checkbox to login form and twitter module that allows twitter login).
Then, you can have Drupal to authenticate the user as normal, and your new custom functionality in addition the Drupal's authentication.
Drupal can even connect to external databases no matter if it's Drupal or not.
As you can see in many functions, they returns a Boolean value or sometimes, the user ID. user_load() is the function that loads a basic user object.
Remember it's modular. Some modules can include/remove/alter these values using hook_user_load(). user terms module and profile module is a perfect example here. It includes profile field information when other modules require user information.
A single user is not just a set of information. It can be modified during any part of the process. So do that. Use your module to provide information that your external site has.
{uid} of the attempted user
{rid} role id of the user
user email
user is blocked or not
user last login time.
user register date.
...
To see the entire object for your site, enter the following.
<pre>
<?php
$user_account = user_load (1);
print_r($user_account);
?>
</pre>
You can enter this code in a node create page where you have php filter used.
Without hardcoding, you can allow other modules to make use of these values. Even if your source database has no role ID, you can ive them a role ID, a user ID, and such.
Good luck!
Drupal is an extensible system. There is no need to do "hardcoding" in core modules like the "user" module. You should rather explore the hook system that allows extending the core (and also contributed) modules.
And in case you want to fetch user id's from a different database (I am not clear about this usecase), you can still use the roles, and other user data, from Drupal's database.