I have selected a user name from dropdown list values are from Directory, I would like to get that user's email address from the directory, I have tried in this way but it didn't work, could someone please help.
Image
`\\ client script
function getEmailAddress(Name)
{
var Email = EmailAddress(Name);
return Email;
}
\\Server Script
function EmailAddress(Name)
{
var query = app.models.Directory.newQuery();
query.filters.PrimaryEmail._contains.substring(Name);
return query.run();
}`
I got an solution for this, when I choose a person name from dropdown this gives person's email address automatically into email address field.
//Widget binding
setEmailAddress(#widget, #widget.root.descendants.EmployeeName.value)
//Client script
function setEmailAddress(widget, Fullname)
{
google.script.run
.withSuccessHandler(function(result){
widget.value = result;
})
.withFailureHandler(function(error){
error = "unable to load user's mail id";
console.error(error);
}) .getEmailAddress(Fullname);
}
}
//Server script
function getEmailAddress(Fullname){
var directoryQuery = app.models.Directory.newQuery();
directoryQuery.filters.FullName._equals = Fullname;
var person = directoryQuery.run()[0];
return person.PrimaryEmail;
}
Related
I have a controller form application and the security team they said there is a vulnerability you can put any user_id fom postman inside the controller like this
ForgotPassword/user_id
how I can remove this vulnerability check the code below:
[HttpPost]
[ValidateAntiForgeryToken]
public JsonResult ForgotPassword(string emailId)
{
var helper = new Helper.Helper();
List<SqlParameter> args = new List<SqlParameter>();
args.Add(new SqlParameter("#Pin_email_id", emailId));
var req_resp = new Dictionary<string, object>();
try
{
using (DataSet dataset = helper.ExecuteSqlQuery("Web_Forgot_Password", args))
{
if (dataset != null && dataset.Tables.Count > 0 && dataset.Tables[0].Rows.Count > 0)
{
if (dataset.Tables[0].Rows[0]["Status"].ToString() == "Success")
{
req_resp["status"] = true;
req_resp["message"] = dataset.Tables[0].Rows[0]["Description"].ToString();
req_resp["code"] = dataset.Tables[0].Rows[0]["Code"].ToString();
string password = dataset.Tables[0].Rows[0]["user_password"].ToString();
SendForgotMail(emailId, dataset.Tables[0].Rows[0]["user_name"].ToString(), helper.Decrypt(password), dataset.Tables[0].Rows[0]["employee"].ToString());
return Json(req_resp);
}
else
{
req_resp["status"] = false;
req_resp["message"] = dataset.Tables[0].Rows[0]["Description"].ToString();
req_resp["code"] = dataset.Tables[0].Rows[0]["Code"].ToString();
return Json(req_resp);
}
}
else
{
req_resp["status"] = false;
req_resp["message"] = "Request Failed";
req_resp["code"] = "1005";
return Json(req_resp);
}
}
}
catch
{
var response = new
{
status = false,
message = "Request failed",
code = "1005"
};
return Json(response);
}
}
Well normally you store only password hashes in your database, which are not decryptable. Watching helper.Decrypt(password) in your code and sending the original password as a plain text in email is something painful. Normally I would just send a password reset link which can be used only once.
I checked the SqlParemater docs, it is added as a String value the way you use it, so it is not SQL injectable. Without the exact SQL I cannot tell much. I think they meant that it is SQL injectable, but then they should send evidence at least.
I am trying to make a form in google app maker. I've created a form. which has a "preview(save" button, It will create a new item and I have a field named "status". The default value of this field is "draft". In the next page I have a "sent email" button. This page won't create any new item. It'll send the email and if the email deliver is successful then it'll update the field of status from "draft" to "completed"
This is my client script
function sendMessage(to, subject, msg){
// some part is omitted
var status = app.popups.NotificationDialog.descendants.notificationText;
var success = app.datasources.ChangeSystem;
google.script.run
.withFailureHandler(function(error){
// success.Success = "draft"
status.text = error.message;
})
.withSuccessHandler(function(result){
status.text = 'sent';
success.Success = "completed";
clearEmailForm();
})
.sendEmailMessage(to, subject, msg);
}
and this is my email sent button function
var widgets = app.pages.Email.descendants;
var to;
var subject = widgets.systemName.value
var msg = "Description:\n\t\t" + widgets.Objective.value;
widgets.EmailStatus.text = 'Sending email...';
sendMessage(to, subject, msg);
So far I am successful to send the email also I have created and saved all fields. But the problem is after sending the email the "status" field doesn't update. It remains the same as default value "draft". my expected result is after pressing the send button it will update one of the existing fields.
After some additional thinking on this topic I think I found the problem. Here is some updated code assuming your send email button is the same inherited datasource as the field that you are trying to update.
var success = widget.datasource.item;
google.script.run
.withFailureHandler(function(error)
status.text = error.message;
success.Success = 'draft';
})
.withSuccessHandler(function(result) {
status.text = 'Email sent';
success.Success = 'completed';
clearEmailForm();
})
.sendEmailMessage(to,subject, msg);
I am newbie in ASP.NET. Is there a possible way to save the current logged user into the form database when the form is submitted?
(i.e) When multiple registered users enter a form and click save their user name is saved into the contents of form database.
I had googled it but couldn't find related topics (maybe I used the wrong keywords). If methods are available kindly suggest link.
[Edit]
I have used asp.net identity for authentication.
My current code for save
public ActionResult NewPR()
{
var depts = _context.Depts.ToList();
var currencytypes = _context.Currencytypes.ToList();
var viewModel = new NewPRViewModel
{
PRview = new PRview(),
Currencytypes = currencytypes,
};
return View("NewPR", viewModel);
}
[HttpPost]
public ActionResult Save(PRview prview)
{
if (!ModelState.IsValid)
{
var viewModel = new NewPRViewModel
{
PRview = prview,
Currencytypes = _context.Currencytypes.ToList()
};
return View("NewPR", viewModel);
}
if (prview.Id == 0)
_context.PRviews.Add(prview);
else
{
var prviewInDb = _context.PRviews.Single(c => c.Id == prview.Id);
prviewInDb.SupplierName = prview.SupplierName;
prviewInDb.Brand = prview.Brand;
prviewInDb.Qty = prview.Qty;
prviewInDb.Unitprice = prview.Unitprice;
}
_context.SaveChanges();
return RedirectToAction("Index", "PRview");
}
In a service I have wrote a simple function to get tenant id of particular user
[AbpAuthorize]
public int? FindTenancyNameByUserNameOrEmail(string userNameOrEmail)
{
var qry = (from p in _memberRepository.GetAll()
where p.UserName == userNameOrEmail || p.EmailAddress == userNameOrEmail
select p).FirstOrDefault();
if (qry != null)
{
return qry.TenantId;
}
else
{
throw new Exception("User not found");
}
}
I am calling this function from login function of account controller.
public async Task<JsonResult> Login(LoginViewModel loginModel, string returnUrl = "", string returnUrlHash = "")
{
var tenancyid = _memberAppService.FindTenancyNameByUserNameOrEmail(loginModel.UsernameOrEmailAddress.Trim());
//bla bla code
}
I get following error:
Exception thrown: 'Abp.Authorization.AbpAuthorizationException' in
Abp.dll
Additional information: Current user did not login to the application!
The issue was the user was not belonging to the tenant.
Used the following line to set the tenant id and code worked.
CurrentUnitOfWork.SetFilterParameter(AbpDataFilters.MayHaveTenant, AbpDataFilters.Parameters.TenantId, intTenancyId);
added the [AbpAllowAnonymous] attribute to the service method
The problem is in first line
var qry = (from p in _memberRepository.GetAll()
.GetAll() function create this error as you cannot use Builtin function in linq query.
Instead use
var Myvariable = _memberRepository.GetAll().ToList();
var qry = (from p in Myvariable where p.UserName == userNameOrEmail || p.EmailAddress == userNameOrEmail select p).FirstOrDefault();
The problem is AbpAuthorize Attribute [AbpAuthorize] remove it.
Trying to figure out how to get the current User's Full Name as entered in Active Directory from a BLL class in my ASP.Net application. So far I have:
public static string Username
{
get
{
var name = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
if (name.Contains("\\"))
{
var start = name.IndexOf("\\");
if (name.Length > start)
{
name = name.Substring(start + 1);
}
}
return name;
}
}
The problem with this is that this will return the Username, but I am also in need of the Full Name. Anyone know if this is possible?
Use a DirectorySearcher ...
var search = new DirectorySearcher( new DirectoryEntry("LDAP://YourDomain") );
search.Filter = "(sAMAccountName=UserNameHere)"; // put the identity name here
var res = search.FindOne();
var name = res["displayName"]; // I believe this is the right property