I am trying to save a password in password type field in Strapi with MongoDB, but is always empty. I am testing through API calls using Insomnia software. The endpoints are already enable in Strapi configuration and the data is stored, just password is missing. For example, doing a POST API call with this data:
{
"name": "Test",
"Password": "testpassword",
"email": "testmail#hotmail.com"
}
It is stored this way:
{
"_id": "6097eadeb01bb600159d9319",
"name": "Test",
"email": "testmail#hotmail.com",
"published_at": "2021-05-09T13:59:58.204Z",
"createdAt": "2021-05-09T13:59:58.211Z",
"updatedAt": "2021-05-09T13:59:58.211Z",
"__v": 0,
"id": "6097eadeb01bb600159d9319"
}
If I enter to Strapi and check the created user, the password field is missing too, and even if I enter it manually, it is not saved either.
The password field is not displayed on the admin panel for security reasons. but u can update it from the admin panel. you will have to over write the create function without using the sanitize(which removes the password from the response) in order to get the password in response.
Related
So I've found this idea on the internet to log the user out of all of his devices with JWT, and that's by adding additional attribute in the user table. This is what my user model looks like.
{
"id": 2,
"role_id": 2,
"name": "Anna Cole",
"email": "emery.corwin#example.org",
"email_verified_at": null,
"created_at": "2022-09-06T10:10:31.000000Z",
"updated_at": "2022-09-11T05:55:54.000000Z",
"jwtv": "9222530",
},
this jwtv field will verify if the JWT is still useable, if the jwtv in the server doesn't match what's in the incoming JWT the server would return an error. How can I make this possible?
EDIT:
I've also tried
public function getJWTCustomClaims()
{
return [
"jwtv" => $this->jwtv
];
}
but this doesn't treat the jwtv as an additional identifier rather just as an additional information
When using a legacy token in slack I want to determine which user account owns this application. The information is not directly in the bot.info:
{
"ok": true,
"bot": {
"id": "foobar",
"deleted": false,
"name": "Slack API Tester",
"updated": 123456789,
"app_id": "A123"
}
}
Could I use the bot.id or bot.app_id objects to find who owns this application? If so which api call would I use.
To determine which user owns any token (incl. legacy token) just call the auth.test endpoint with that token. You will get the user ID and name of the token owner.
Example response from documentation:
{
"ok": true,
"url": "https://subarachnoid.slack.com/",
"team": "Subarachnoid Workspace",
"user": "grace",
"team_id": "T12345678",
"user_id": "W12345678"
}
If you need more info about the user you can call users.info for that user with his ID. Since you are using a legacy token you will have the necessary permissions.
I am very new to document based databases and am using the Cosmos Document DB from Azure in my Springboot application.
I have a data structure like this:
User:
{
"firstname": "Bob",
"password": "asdf",
"roles": [
{
"rights": [
{
"name": "RIGHT_READ"
},
{
"name": "RIGHT_WRITE"
}
],
"name": "ROLE_ADMIN",
"id": "0d5299e0-836c-494d-9299-e0836c294d55"
}
],
"id": "0a9030f1-30f8-4d23-9030-f130f85d23e7",
"email": "email#mail.com",
"username": "admin",
"lastname": "Martin"
}
Role:
{
"rights": [
{
"name": "RIGHT_READ"
},
{
"name": "RIGHT_WRITE"
}
],
"name": "ROLE_ADMIN",
"id": "0d5299e0-836c-494d-9299-e0836c294d55"
}
The user stores all roles that he is assigned to. In this case, the user stores the role ROLE_ADMIN that contains several rights.
If I am now updating the role ROLE_ADMIN, e.g. by adding a right, and storing this again in the database via documentClient.replaceDocument(docLink, role, null); the reference of this entity that is stored in the user is not updated. User still contains a role with two rights instead of three then.
Do I have to update all references manually or am I missing something?
CosmosDB is a non-relational database. If you are using it as a relational database then you have to do all the cascading updates manually, as CosmosDB itself doesn't know that you are referencing another document from the database. Each document is agnostic from the other.
Based on this example you also have a data integrity issue. You are storing the rights in both the role object but also the user object. What you should do instead is store the rights in the role object and then just use the role id in the user object and query for the rights based on the role id. That that way you only update the roles.
I have a web app registered on Azure with the goal of being able to read and write the calendars of other users. To do so, I set these permissions for this app on Azure.
However, when I try to, for example, create a new event for a given user, I get an error message. Here's what I'm using:
Endpoint
https://graph.microsoft.com/v1.0/users/${requester}/calendar/events
HTTP Header
Content-Type application/json
Request Body
{
"subject": "${subject}",
"body": {
"contentType": "HTML",
"content": "${remarks}"
},
"start": {
"dateTime": "${startTime}",
"timeZone": "${timezone}"
},
"end": {
"dateTime": "${endTime}",
"timeZone": "${timezone}"
},
"location": {
"displayName": "${spaceName}",
"locationEmailAddress": "${spaceEmail}"
},
"attendees": [
{
"emailAddress": {
"address": "${spaceEmail}",
"name": "${spaceName}"
},
"type": "resource"
}
]
}
Error message
{
"error": {
"code": "ErrorItemNotFound",
"message": "The specified object was not found in the store.",
"innerError": {
"request-id": "XXXXXXXXXXXXXXXX",
"date": "2018-07-11T09:16:19"
}
}
}
Is there something I'm missing? Thanks in advance for any help!
Solution update
I managed to solve the problem by following the steps described in this link:
https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service
From your screenshot it's visible that you used application permission (although it'd be nice to include this information in your question):
Depending on kind of the permission you have given, you need to use proper flow to obtain access token (on behalf of a user or as a service. For application permissions you have to use flow for service, not on behalf of a user.
You can also check your token using jwt.io and make sure it's payload contains appropriate role. If it doesn't, it's very likely you used incorrect flow.
Regarding the expiration time of it, you may have found the information about refresh token (for example here). Keep in mind that it applies only to rights granted on behalf of a user. For access without a user you should make sure that you know when your token is going to expire and request a new one accordingly.
I am looking for an API to find the user's last login date to a particular application. Not sure if it exists, please let me know your thoughts on getting this information through API calls.
You can get the last date the user was authenticated to any application on the User profile:
GET https://dev-12345.oktapreview.com/api/v1/users/xyz
{
"id": "xyz",
"status": "ACTIVE",
"created": "2017-02-22T02:33:02.000Z",
"activated": null,
"statusChanged": "2017-02-22T17:50:43.000Z",
"lastLogin": "2017-09-28T16:19:57.000Z",
"lastUpdated": "2017-08-08T20:11:46.000Z",
"passwordChanged": "2017-02-22T17:50:43.000Z",
"profile": {
"lastName": "Barbettini",
"firstName": "Nathanael",
// ...
}
The lastLogin field contains the timestamp of the last time the user logged in.
This isn't tracked on a per-app basis, though. You can get the app-specific App User:
GET https://dev-12345.oktapreview.com/api/v1/apps/abc/users/
{
"created": "2017-09-22T00:54:49.000Z",
"lastUpdated": "2017-09-22T00:54:49.000Z",
"scope": "GROUP",
"status": "ACTIVE",
"statusChanged": "2017-09-22T00:54:49.000Z",
"passwordChanged": null,
"syncState": "DISABLED",
"profile": {
"zoneinfo": "America/Los_Angeles",
"region": null,
// ...
}
But it doesn't have lastLogin. One way you could solve this is by saving a timestamp in the App User profile in your application code.
You could use filters to specify which logs do you want from the system logs API endpoint, limit the answer to 1, set the response order to start from the most recent ones, and user filters again to filter for your user.
So, you need to filter the request using the following filters:
actor.alternateId: which identifies the user, in my case the pattern "username#" is enough
event_type: this one should be user.authentication.sso which means that the user SSO to an app (any of the ones available for that user)
outcome.result: success, which means that the user successfully SSO to the app
Example query would be something like this:
curl -X GET -H "Content-Type: application/json" -H "Authorization: SSWS super-secret-token-here" -H "Accept: application/json" "https://<your.domain.here.com>/api/v1/logs?until=2018-07-17T11%3A30%3A55.664541&limit=1&sortOrder=DESCENDING&filter=event_type+eq+%22user.authentication.sso%22+and+outcome.result+eq+%22SUCCESS%22+and+actor.alternateId+sw+%22<user name here>%40%22"
Remember to replace the token, the URL and the before testing this query.
Also, remember that this example is URL encoded, so this is why it looks so weird.