Override or disable DEFAULT_PASSWORD_ENROLL_TOKEN_EXPIRATION_DAYS? - meteor

We are sending out account invitation messages to users, using Accounts.sendEnrollmentEmail. In some cases, users fail to click the link for some time. In those cases, we have to re-send the invitations, making extra work for admin users.
The Meteor Accounts package seems to use DEFAULT_PASSWORD_ENROLL_TOKEN_EXPIRATION_DAYS to expire activation links. Is it possible to override this value or disable it?

As I found in the code it is a const with a fixed value.
You therefore won't be able to override it by default.
However you still have some options here.
Override the accounts-base package and use values from process.env or Meteor.settings for the expiration variable.
Use additional token data in sendEnrollmentEmail and place a custom expiration date there. Then use onEnrollmentLink to make a custom validation of the expiration date.
Use a custom Collection to store expiration dates and check them in onEnrollmentLink
If you prefer the first option it would be great if you also open a PR on the Meteor repo so others will benefit from it.

We were able to fix the issue with the following, e.g. in accounts.js:
Accounts.config({
passwordEnrollTokenExpirationInDays: 60
});

Related

Accessing User ID as a variable in Google Tag Manager for mobile

I'm getting started with Google Tag Manager for Android/iOS, and can't find a way to access the User ID as a variable. I can access Firebase User Properties and Event Parameters just fine.
So far, I've tried setting it using FirebaseAnalytics.setUserId and trying to access it as a User Property called user_id / userId.
Some workarounds I've thought of:
Using a CustomVariableProvider (preferred)
Setting the User ID as an Event Parameter (this wouldn't work with built-in events)
I'm just trying to make sure there's no built-in way of doing this before I resort to workarounds. Thanks!
I was not able to find the User ID (or UID) in the list of built-in variables, see this screenshot
There is a built-in way, but it requires quite a sophisticated setup.
In GA version 4 the path is changed comparing to the previous version, where the same could be done much easier via "Tracking Info".
Here are the starting steps in GA4:
Open https://analytics.google.com/analytics/web
Bottom-left corner -> Admin -> Setup Assistant -> Advanced setup -> User ID
Follow the instruction
After that UserID will be available in GTM.
Video guide for exact steps: https://www.youtube.com/watch?v=TVJMFVOXFUQ

How to change irazasyed/telegram-bot-sdk's default request values of BASE_BOT_URL and the handler's verify option?

In order to connect my bot to the local bot API server and in order to turn curl's SSL verify_host and verify_peer off, how can I change irazasyed/telegram-bot-sdk's default request values of BASE_BOT_URL and the handler's verify option, not hard coding?
I know that I can change the BASE_BOT_URL constant in telegram-bot-sdk's TelegramClient class. And I know that I can change the verify option of my request handler to be false in guzzle's CurlFactory class. But, I'm not interested in hard-coding or overwriting these vendor files to avoid any update challenges in the future. I am more interested in something like longman/telegram-bot's setCustomBotApiUri function. The closest I could get is working with telegram-bot-sdk's setHttpClientHandler function, but I'm having trouble how to work with that.
Appreciate any help
P.S. I am using irazasyed/telegram-bot-sdk:^3.6 in my laravel:^9.2 app.

Request.auth.metadata in security rules?

I have a Firebase project where I'd like for users to be able to see when other users created their profiles. My initial hope was that I could use "user.metadata.creationTime" on the frontend to pass the date into the user's extra info document and verify that it is correct by having "request.resource.data.datecreated == request.auth.metadata.creationTime" as a Database Rule, but it looks like it is not possible according to the documentation.
Is there any way I can verify that the creation date is correct on the backend?
More info edit: Below is the code that is being triggered when a user creates a new account on my profile. The three values are displayed publicly. I'm creating a niche gear for sale page so being able to see when a user first created their account could be helpful when deciding if a seller is sketchy. I don't want someone to be able to make it seem like they have been around for longer than they have been.
db.collection('users').doc(user.uid).set({
username: "Username-156135",
bio: "Add a bio",
created: user.metadata.creationTime
});
Firestore rules:
match /users/{id} {
allow get;
allow create, update: if request.resource.data.username is string &&
request.resource.data.bio is string &&
request.resource.data.created == request.auth.metadata.creationTime;
}
user.metadata.creationTime, according to the API documentation is a string with no documented format. I suggest not using it. In fact, what you're trying to do seems impossible since that value isn't available in the API documentation for request.auth.
What I suggest you do instead is use a Firebase Auth onCreate trigger with Cloud Functions to automatically create that document with the current time as a proper timestamp. Then, in security rules, I wouldn't even give the user the ability to change that field, so you can be sure it was only ever set accurately by the trigger. You might be interested in this solution overall.

Two wordpress database with same users

I want to have the same WordPress users in two different databases
For example, if a user registers on SiteA, then he can login to SiteB. And reverse.
Also i want create same cookie for both after login.
mywebsite.com/ (SiteA_DB)
mywebsite.com/blog/ (SiteB_DB)
I've never done this before and maybe Wordpress has hooks to archive this, but I prefer using mysql for such a trick.
You could try ..
.. using 'federated storage' ( https://stackoverflow.com/a/24532395/10362812 )This is my favorite, because you don't even have to share a database or even the mysql serverThe downside is, that it doesn't work with db cache and uses an additional connection.
.. creating a 'view' ( https://stackoverflow.com/a/1890165/10362812 )This should be possible when using the database-name in the query itself and it would be the simplest solution if it works. Downside: The 2 tables have to share the same mysql-server and have to be assigned to the same user as far as I know.
-- **Backup your database before trying!** --
DROP TABLE `second_database`.`wp_users`;
DROP TABLE `second_database`.`wp_usermeta`;
CREATE VIEW `second_database`.`wp_users` AS SELECT * FROM `first_database`.`wp_users`;
CREATE VIEW `second_database`.`wp_usermeta` AS SELECT * FROM `first_database`.`wp_usermeta`;
This should work, according to: Creating view across different databases
.. creating a 'shadow copy' ( https://stackoverflow.com/a/1890166/10362812 )Works with caching and is a standalone tableDownsides as 2. solution + a bit of setup and I think it might be the worst option in performance
This were answers to this question: How do I create a table alias in MySQL
I merged them together for you and made them fit your use-case.
Please also notice, that solution 1 and 2 will replace your current user-tables auf "second_database" because you write directly into "first_database" when querying the fed. storage or the view. This can lead to problems with user-role plugins. You should take care of syncing the plugin-options too, if you should use one of them and in case it uses different tables or 'wp_options' values.
Let me know if this works, I have to do a similar task next week. While researching I found the linked answers.
EDIT: I was missing the point of "cookie-sharing" in my answer. Your example shows a blog on the same domain - you should be able to change the way wordpress sets its cookies to be domain-wide. What I did once for 2 different domains was, that I hooked into the backend (is_admin) and added a javascript which did a post-request to siteB, receiving a token which is stored but marked as 'invalid' on siteB. This token then was passed back to my plugin on siteA which checked if the user is logged_in and (in my case) have adminrights (current_user_can()) and if so, it was sending this token back to sideB which was marking this token as valid to login. (Make sure only sideA can tell sideB to make this token valid!) Once a user is seen with this token in a cookie on siteB, the user is logged-in automatically in the background. Also I made this bidirectional. I am sorry, that I can't share the code for you. I don't have access to it anymore.
Greetings, Eric!

How does one associate Google Analytics with a particular authenticated user?

What method would you use to associate tracking information in Google Analytics with a particular named user?
I want to be able to do custom reports, and ultimately drill down on usage by user.
EDIT
I was thinking that perhaps the EventTracking API would be able to help somehow.
Also, referring to this documentation.
You could add the user's username as a tracking/segmentation) variable...
pageTracker._setVar(username);
You can only use one _setVar per page, though...
http://www.google.com/support/analytics/bin/answer.py?answer=57045
http://groups.google.com/group/analytics-help-basics/browse_thread/thread/07e29dc610050971
Since Google Analytics isn't aware of users who are logged into your site you'd have to do that sort of tracking within your site's software itself. If there isn't some sort of plugin or extension out there already you'll probably have to write one yourself that keeps track of what your users do when their logged in.
I think you want Google Analytics - Custom Variables. You can set five variables per page, and there is support for variables you set persisting over session and cookie (aka "visitor") lifetime. Take note of the rules for overwriting previous values based upon slot and scope; the documentation explains this with some examples. You should probably include something in a click-wrapped privacy policy about tracking individual users this way; it's somewhat invasive, depending on the purpose of your website.
_gaq.push(['_setCustomVar',
1, // Slot number: [1-5], inclusive. Required.
'Username', // Custom variable name. Required.
username, // Custom variable value. Required.
2 // Scope:
// 1 = visitor/cookie-level, 2 = session-level, 3 = page-level.
// Optional, default=3.
]);
http://www.highlyrelevant.com/2011/03/25/how-to-add-edit-google-analytics-users-to-your-account/
This post was really helpful for me and my team. Not only does it show how to add users, but it also tells you how to edit existing users that aren't setup correctly.
Thanks!
Phil

Resources