I've provided code below in which a user can be redirected to dashboard page by successful authentication by firebase.But anyone can access dashboard page without authentication.Now how can I protect this dashboard page?
Note:I'm using HTML,CSS and JS as frontend and Node.js backend.
app.all('/login',(req,res)=>{
email=req.body.email;
password=req.body.password;
var prom=firebase.auth().signInWithEmailAndPassword(email,password);
prom.then((creds)=>{
res.redirect('/dashboard');
},(err)=>{
res.redirect('/error');
});
});
Expected output:
If anyone tries to access dashboard page without authentication then he must redirect to error page.
Related
my java backend create this link(http://127.0.0.1:8080/account/reset/finish?key=vljKlxjYh6Cd2xp119bQ) for the user to click and get into the reset-password page so he/she can reset their password.
my backend api is /api/account/reset-password/finish
how can i redirect the user from the link to this api in next.js .
You first have to create the account/reset/finish/index.js page in pages folder of the nextjs app, and whenever the link is clicked the route automatically will load that page.
Then in that page you can access the key from query search params.
I have create an app to achieve login-with-linked-in functionality. Previously it worked fine, but all of a sudden it stopped working.
Previously if user already logged-in to LinkedIn, clicking the login-in-with-linkedIn button will lead user to there corresponding dashboard, otherwise login-popup open and user details get saved in db and user redirects to corresponding dashboard,But now nothing happening.
Note:- I have used my custom button to use this functionality. not the linked-in provided button code.
Here is my code and app creation steps:-
Button code:-
<?php echo Labels::getLabel('LBL_Linkedin',$siteLangId);?>
Javascript sdk code:-
<script type="text/javascript" src="//platform.linkedin.com/in.js">
api_key:*********
authorize:true
</script>
<script>
function doLinkedInLoginForBuyer(){
IN.User.authorize(function(){
onLinkedInAuth();
});
}
function onLinkedInAuth() {
IN.API.Profile("me").fields("email-address","first-name","id").result(function (data) {
processLinkedInUserDetails(data);
}).error(function (data) {
$.systemMessage('There was some problem in authenticating your account with LinkedIn,Please try with different login option','alert alert--danger');
});
}
processLinkedInUserDetails = function(data){
data = data.values[0];
fcom.ajax(fcom.makeUrl('LinkedIn', 'loginLinkedIn'), data, function(t) {
var response = JSON.parse(t);
if(response.status ==0){
$.systemMessage(response.msg,'alert alert--danger');
}
if(response.status ==1){
location.href = response.msg;
}
});
};
</script>
Note:- It seems that onLinkedInAuth() as well as processLinkedInUserDetails() functions are not called at all now. Previously they worked fine.
Let me know if any other details are required. Thanks!
After a long discussion with LinkedIn Customer Support they just said that they didn't support API-related issues. They asked to buy a premium account for any kind of technical support
Also I come to know that they stopped giving support for Javascript SDK.
Check here:- JavaScript SDK is not currently supported
Solution:- Now I followed the below post and make it work:
https://www.codexworld.com/login-with-linkedin-using-php/
Visit LinkedIn Developers page and log in with your LinkedIn account credentials.
Click the Create app button to create a new LinkedIn app.
Provide the information about your app and click Create an app to submit the app registration form.
App name – Name of the application.
Company – Name of your company.
App description – Workflow of the application.
App logo – Logo to display on the OAuth dialog.
Privacy policy URL – URL of the Privacy Policy page.
Business email – Your email address.
Products – Select the products that you’d like to add to your app.
On successful app creation, the page will be redirected to the App settings screen.
Switch to the Auth tab » Scroll down to OAuth 2.0 settings section.
Specify the redirect URL in the Redirect URLs fields and Update the App settings.
Note: The Redirect URLs must be matched with the Redirect URL that is specified in the script.
In the Application credentials section, you will see the Client ID and Client Secret of your LinkedIn App. The App ID and App secret need to be specified in the script at the time of the LinkedIn API call.
Now you have to create PHP code that will call linked-in API with the help of Client ID and Client Secret.
Kindly check Php code of thread for example.
On my website, the user can log in through Facebook.
I have also created a Facebook canvas app which consists of a small part of my website.
Through the Facebook canvas app, the user can access certain features of the site regarding their site account.
It works great when the user accesses the FB app while already being logged into the site.
However, if the user accesses the FB app while NOT being logged into my site - how do I log them into my site through the app?
It would be ideal if I could somehow automatically log them into their account when accessing my site through the FB app.
If that isn't possible, I would like the user to be able to log into my site through the Facebook app.
However right now when I redirect to the oauth login I get the following error:
Refused to display
'https://www.facebook.com/dialog/oauth?response_type=code&client_id=…nLpHx7N5X--Q'
in a frame because it set 'X-Frame-Options' to 'DENY'.
Summary:
Can I auto-login to my site when accessing the site through Facebook canvas
If not, how can the user log into my site through the canvas app?
So basically your problem was just how to call the FB login dialog from within canvas. If you use the URL redirect version, then you have to call it in the top window instance – the login dialog can not be shown in any kind of (i)frame, for security reasons¹
top.location.href=… in JavaScript, or target="_top" for a simple link can achieve that.
¹ User needs to be able to verify via address bar that they are entering their credentials on facebook.com, to prevent phishing attacks.
I am using Firebase for Facebook and Google login from a site hosted by AppEngine.
When I want to login, it prompted me to Facebook login page, after entering my credentials it hangs in Firebase redirect page (gray window). There is no error message at all. I made sure following all steps listed in Firebase site. https://www.firebase.com/docs/web/guide/login/facebook.html
My code is as following:
var ref = new Firebase("my firebase domain");
ref.authWithOAuthPopup("facebook", function(error, authData) {
if (error) {
console.log("Login Failed!", error);
} else {
console.log("Success!");
console.log(authData.facebook.accessToken);
}
});
I made sure the domain I am making this call is listed in Firebase settings. I tried adding localhost and making call from there, but I still see the same issue.
Looks like Firebase does not redirect back to my page with authData retrieved from Facebook or Google.
Do you know why this might be happening? What is the solution?
I found the solution to why this was happening.
I was setting href in the login tag in html to do the domain root which
refreshed the page, and causing connection to child window to break. I made the following change to fix it.
< a href="#" onclick="login()">Facebook Login < /a
I have a web app using forms authentication and I have restricted a folder so that only those with an administrator role can access it. I am controlling all of this through the web.config file and adding the proper location tags to restrict access.
Currently the application is working fine. If I am logged in as a user and click the link to the administration section, I'm redirected to the login page once again. If I look at the URL, the ReturnUrl parameter is set properly.
What I'd like to do is to display a message to the user indicating insufficient security privileges, or something to that effect so the user doesn't think they are getting logged out of the application prematurely or that the application isn't working.
Does anybody know of a way to do this?
You can redirect to a page that displays an alert box, and which then (on the client) redirects to the page you want to be at.
I gave no sample code because I don't have time now to get it right. Here's the wrong code:
if (FormsAuthentication.Authenticate(userName, passWord))
{
Response.Redirect("alertPage.html?ReturnUrl=" + Request.QueryString["ReturnUrl"]);
}
on alertPage.html:
<script language="javascript">
alert('Some message');
window.navigator.location = // get the URL and use it
</script>