Add IBAN check to widget validation - google-app-maker

For an employee questionnaire I would like to add an IBAN check to a textbox widget. Is it possible to add a library like https://github.com/arhs/iban.js as an external resource in App Maker? How do I have to implement a validation method once the library has been added.

You can easily add any external library. If library is available via CDN (Content Delivery Network) you can just add URL in Application Settings -> External Resources -> JavaScript URLs
otherwise you can upload the js file as app resource (Settings -> Resources) and use resource's URL instead.
The library will help you to validate input on client:
// onValidate event of input widget:
if (!IBAN.isValid(newValue)) {
return 'Please, provide valid account number';
}
But it will not help you with server side validation... So, end user can in theory compromise your system through dev console. You can try to copy/paste library's code to server script and make extra validation in onBeforeCreate and onBeforeSave model's events but most likely it will require some additional tweaks.

You may also consider using Regex to validate the IBAN - you won't need to worry about pulling in external JS then. This answer may be useful. With this regex, you can validate the string server side, which is more secure. This link has more information on validating RegEx in Javascript.

Related

Google Cloud Endpoints (JAVA): return html content

How can i return html content with Google Cloud Endpoints using JAVA?
I'd like to return an html page after a user call a REST API. It is possible?
Endpoints aren't designed to return web pages. You can look at endpoints as a framework for defining remote procedures or a RESTful API. i.e. something you'd call from JS or a mobile platform. To serve a web page on App Engine in Java you should use an App Engine servlet similar to this example.
You can return it as a string, assuming you had cached the HTML page somewhere accessible (remember, appengine has no local file storage). Within your endpoints function, you can access datastore, memcache, cloudstorage, etc...
While I do echo the other poster in saying this is not the use-case endpoints is really meant to target, the point is, endpoints is a great way to make an API with automatic generation of client libraries for multiple platforms. Do use endpoints for your API, but be sure it's an API function and not just HTML file serving, for which there are better patterns.
If you are using this pattern to serve HTML partials for an ajax-style dynamic-replacement div in a web app, this is fine, although if these partials are not needing processing or can be defined at deployment time, rather than being put() and get()'d from datastore, for example, then it's best to simply link them in as static resources using the appengine-web.xml / app.yaml (depending on java or python/go/php)
I hope this has helped you think more about your use-case.
You can redirect browser to new page after server responded to call:
gapi.client.yourapp.yourmethod().execute(function(resp) {
console.log(resp);
if (resp.page){
location = 'http://yourappid.appspot.com/' + resp.page + '?userid=123';
}
});
But you must take care somehow about not losing your context. For example transfer userid as done in above code.

How do OWIN Authentication providers work? How would I write a custom one?

I'm looking at the source code for Microsoft.OWIN.Security.Google and am a bit confused and overwhelmed at how many classes there are to do such a simple thing (redirect, get a cookie, check it).
Can anyone explain how the various components fit together
Middleware
Extensions
etc
... so that I can write a custom provider
After some google-ing and trying different ideas in debugger I ended up with "copy-paste-edit" :)
here is a brief resume of classes
Extensions - nothing special, a helper:
// instead of using
app.Use(typeof(CustomAuthenticationMiddleware), app, options);
// you can use
app.UseCustomAuthentication(options);
Middlware - methods are used to attach authentication to owin pipeline
AuthenticationProvider - As I understand, this could be overriden outside, to be able to change some logic without rewriting whole thing. Has 2 methods:
Authenticated - is called when handler finishes all authentication in AuthenticationHandler.AuthenticateCoreAsync()
ReturnEndpoint which is called in AuthenticationHandler.InvokeAsync, just before external authetication.
But it appeared absolutely useless, when I tried to customize existing providers (google, facebook,...)
Handler - here is all the OAUTH2 functionality.
ApplyResponseChallengeAsync() - generates AuthorizationEndpoint URL and redirects useragent to authorization server
InvokeAsync() - handles the get to RedirectEndpoint (/signin-google or whatever was set up on authorization server) and returns the user to the starting controller(or callback). It is doing a redirect with all needed cookies set up
AuthenticateCoreAsync() - does all server side calls to authorization server. Creates all Identity.Claims necessary to create appropriate cookies before

How to write a webscript to returns the ticket for the current user?

I need to implement a web script that generates a returns the ticket for the current user. This web script is addressed by the URI I use to setup a URLConncetion. The ticket should be contained in the response body, which I need to evaluate in my JSP (or Java code) to extract the ticket. How can be done by a simple JavaScript / FreeMarker web script, using the JavaScript session root scope object to retrieve the ticket, i.e. session.getTicket() ?
Can any one pls write the steps to do?
ticket.get.html.ftl (or json or whatever you want):
${session.ticket}

Orbeon - Multi-language template HTTP Service request

On a multi-language template I use a HTTP service to load a list of countries from a web service. The loading itself is done by an action that reacts to the Form Load event.
Since the names of the countries are different in each language, I would like to pass a parameter to the web service that specifies the language of the user.
Another option would be to select the correct label after the list has been loaded.
Unfortunately I don't have any clue on how to achieve this. Any ideas ?
I managed to pass the language to the web service by editing the source code manually. I added the language as web service request parameter with the following xml (added to the action).
<xforms:action context="instance('fr-service-request-instance')">
<xforms:action class="fr-set-service-value-action">
<xxforms:variable name="control-name" select="'requestor_country'" as="xs:string"/>
<xxforms:variable name="path" select="//*:language" as="xs:string"/>
<xforms:setvalue ref="$path" value="xxforms:instance('fr-language-instance')"/>
</xforms:action>
</xforms:action>
I still have one problem though, when the user switches language, the values are not loaded and the list is empty.
Currently the country list is loaded on the xforms-ready event. Which one should be used when switching language ?

Setting / Editting the current FacebookWebContext AccessToken

I'm coding an ASP.NET website that works with facebook.
To make my own life easier, I've decided to work with the facebook C# SDK.
At this point, I've already obtained a valid access token, thus I've authorised correctly.
(I have done this through server-side C# code, not via the JavaScript SDK)
I now want to store this access token in the current FacebookWebContext, so that I can use it through the whole website.
However, when I try to write the value in FacebookWebContext.Current.AccessToken, I get the following error:
Property or indexer FacebookWebContext.Current.AccessToken cannot be assigned to -- it is read only
Now, I could try to create a new FacebookWebContext, and set this one as the current one, but the constructor doesn't accept an access token.
How do I put my access token in the current facebook web context?
It should already have the value when you do : FacebookWebContext.Current.AccessToken
Is it empty?

Resources