Single Authentication for different laravel web app - laravel

I want to ask about authentication in Laravel.
So the case is, I have 2 apps that have correlation, among others are,
1 application is used (we call it, system A web application) for systems that process databases, such as creating blogs, editing, editing, and approving articles made by creators, and of course having login authentication to the application to process it. (https://uat-system.marsiajar.com) <- you can access it by using my username and password, email: sariayu.mahgdalena#gmail.com, and the password is h67v3km2.
1 is used again (we'll call it web application B), to preview everything generated by the system application, on this web, the system database is only used to update blogs, such as adding/editing the number of views to the blog. (https://marsiajar.com)
The correlation is, these 2 applications use 1 database that is on the server.
I want to know
1. How do we know or show, when a user logs in to system A's web application, the user's name will appear in B's web application?
I attached screenshots and an interface view of system A's web application,
https://ibb.co/nbW4d5c
and I attach my env's config to this,
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=marsiajarroot_uat-landingpage
DB_USERNAME=marsiajarroot_uat
DB_PASSWORD='*******'
this env, I used in system A's web application and in application B,
Please, does anyone, know about this?
Can we share about this?
Thank you very much for sharing ^_^

This was on previous case before. The truth is you cannot share the cookies or session. It might be but its not the best practice. One thing i do is to use Database SESSION_DRIVER and put some variable on it (forgot the name) but as long as it is still in the same domain, i believe this thing would works.

Related

Saving organization-wide application settings in Teams app

I have a Teams application (Tab). I am an ISV provider, and provide a multi-tenant application that is installed by customers via Teams App Store in their organizations.
How do I save settings for my application organization-wide for the customers? For example, CustomerA has installed the app and then CustomerB. I want some storage that would be unique for CustomerA and CustomerB and the app, and located in customer's environment. The settings I want to save are not per-user, but per-organization (tenant).
Somewhat similar to "App Data" folder you have in Windows Desktop for example.
Does such a storage exist? Does API for this storage exist?
A tab app is a simply a web application that you render inside of Teams. As a result, what the app does, and where and how it does it, is totally up to you. This includes any data storage you choose to have behind the scenes. For example, your tab could be built in PHP and use MySQL, or built in ASP.Net and use SQL Azure or CosmosDB. It's totally up to you, but you need to implement it yourself, as an ISV.
The important piece to differentiate clients, however, is being aware of the TenantId for each user, so you can look up which client's settings you need from the database. The most simple way to do this is simply the tid property on the Teams tab context. You can read more about that here. Unfortunately, because it's just accessed via Javascript, it's not entirely secure - for a more secure mechanism, you should be creating an Azure Application, and generating jwt tokens that you can authenticate against in your backend. It's a much more complex topic, but hopefully this answer at least gives the background you need. For more info on the security aspects (validating the token etc.), please see this question: How to restrict access to Azure Function to only allow requests from a custom Microsoft Teams App?.

Communicating between 2 laravel applications

i'm trying to achieve this, different installations of laravel framework on different servers working with each other and sharing resources with the main application(super application) as in the Diagram above.
The super application sits on the main server and houses the user management module which determines who is currently logged into the system.
and if logged in, you can then load other modules which is another laravel 5 setup that sits on a different server.
these applications work only if a user is logged into the main application. and the Auth->user() object on the Super application is sent to the corresponding applications (A1 and A2) for data entry.
my initial approach was to implement HMVC using laravel 5, but HMVC implies that only one laravel setup be used, which means using only one server. But when you have different applications running seperately on different servers and try to bind it with authentication from a primary application from the main server, i had no idea how possible this is, but i believe it can be done.
Please how do i achieve this, that is how my boss wants it, and insists it be this way.
It's a strange setup, but I have two solutions in mind:
1) If your applications can share the same domain you could use a shared cookie. For instance, let's say that your applications are configured as follows:
SA example.org (which points at server 1)
A1 a1.example.org (which points at server 2)
A2 a2.example.org (which points at server 3)
From SA you can save an identification cookie for your sub applications (and each Laravel installation can access it).
2) If you can't share the same domain you can login on SA, then redirect to your sub applications using some POST data. A1 or A2 will be able to gather the identification parameter from the request and save it in the session / cookie to remember you.
Finally, having your identification code, you could write an API to retrieve the user's data.

Use same user credentials on multiple different Laravel install?

tl;dr: trying to use one app's user credentials on different other apps. Tried a solution, but I have hit a roadblock and looking for better ideas.
--
Say I have 3 different laravel 5.4 installation, and let's call them "App1", "App2", and "App3". Those 3 apps have completely different functions, and they could be used by the same users.
At the moment, the users are using App1, and their login credentials and information is resting in App1's database.
App2 is located on the same private network as app one, so when I wanted to give the users of App1 the ability to login App2 with their existing credentials, I went this way:
Created a database connection in App2 that points to App1's database, using the private IP address of App1;
Used this new connection on the User model of App2 and bam, it worked.
But now I want to offer the same possibility with App3, but it's not located within the same network and I'm starting to see the shortcomings of my actual solution.
I could of course open the database connection of App1 to App3 specific IP address and keep the current setup, but I feel it's getting messy, and I guess it could be a security risk (I'm not knowledgable enough in this area to really know).
Then I'm thinking : API? Maybe Passport? Is this actually a road I should (and could) consider? If so, what would be an easy way to achieve it?
You might wanna look into a SAML solution that would allow you to share credentials across multiple apps and domains.
You can either use this Laravel package or use vanilla php-saml

Single authentication for multiple grails projects

So, I have multiple grails apps, but I'd like to package them into a single mega app that manages user login, permissions, which appscan they access, etc. I can already links to the other apps depending on the logged in users role.
I'm using Spring Security with all of the apps, and they already share a database for users and roles. The problem I'm having is that I want the users to be instantly logged in on all of the apps when they log in into the "mega app", I want them all to share a login session.
Right now, I have a login for the users to access the "mega app" where they are linked to the other apps, but they have to manually log in again for each of the different grails apps they are linked to. And I don't like this, I want all apps to share a session, atleast for login. Any way to do this?
Having all the source from all the apps inside one single grails project is not a possibility here, it would be too heavy and some users don't even install all of the apps, since this is installed on their own private servers for them to use in their own local network. Also, login sessions time out after a while of not being used, making the problem even worse.
Help would be greatly appreciated, thank you in advance.
The spring-security-cas plugin is one option; it uses the open source CAS single sign-on server to let you authenticate to any server and be automatically authenticated on all of the others.

Showing Password Prompt Only Once - How to?

I'm building an Cocoa application that modifies a file on the user's operating system which requires admin permission. I have a proof of concept working which uses authopen but it doesn't deliver the UX experience I am hoping to achieve. Every time the file is modified it prompts the user to enter their password. Is there a way to have permissions granted to the application for the duration of its life?
Goal:
Application asks user for password once ever, going forth application does not prompt for password.
Next Best:
Application asks user for password once at application launch, going forth application does not prompt for password until application restart.
I'm aware of Authorization Services and the possibility of creating a Daemon which deals specifically with modifying privileged files, what I'm curious about is if either of my listed goals are even possible before diving too deep into another system.
Really appreciate any suggestions, critiques or helpful links.
Cheers,
Dustin
Yes, using Authorization Services is the way forward. You get an AuthorizationRef in your application via AuthorizationCopyRights() (which shows the UI if needed), and pass this to your helper (by packaging it up into an external form) which verifies that it actually got the necessary right before performing the privileged task. Authorization Services is able to register rights in the /etc/authorization database, so if you choose a custom right you can choose the default settings for who is allowed to acquire it, what timeout or other conditions exist and so on.
To deploy your privileged helper tool, you should use the Service Management framework, in particular SMJobBless() which verifies that the code signing identities on your client and helper match before deploying the helper as a launchd job. Then your helper can be initiated on demand by the main application.
Feel free to ask if you want clarification on any step in the answer, however I already wrote about both of these aspects of privilege separation in my book Professional Cocoa Application Security so feel free to buy a copy or two ;-).

Resources