I am making an website that has register and login functionality which works fine. However, I want to add confirmation code process after the registration process.
I can create a random confirmation code in frontend(Angular) side and send it with SMTP protocol to user email account and user should enter this confirmation code in 2 minutes. However when I think more, it can cause a conflict(very slight possibility but not impossible) like it can be generated same confirmation code in 2 minutes.
So, now I decided to generate confirmation code in backend side(Spring Boot) and make the confirmation checking in backend side. So, in backend side I should check the generated confirmation code is generated already in 2 minutes.
Thus, I can use a dynamic list that has active confirmation codes and search the generated confirmation code in the list. If the code exist in the list, then create another one until the list doesn't have.
How can I create a dynamic global list that can be visible among all different request in Spring Boot?
Or there is another way(best practice) for this confirmation process?
Related
I use spring-authoriation-server 0.2
I need to implement a login workflow which is based on a user-interaction on his mobile phone.
Which means instead of username/password custom page, I need to generate some information, and show as QR code. Then a user scans it, and can login.
Now, I have some problems to find the right place in the authorization server where I can integrate own workflow into the login page. I need to wait for the user, and then create the authorization code for the client. So any hints?
I am currently using the PayPal API to process payments inside my application. My problem is the following: My application is now capable of creating an order and letting the user approve the order. What I want to accomplish is authorizing the amount the user approved to directly after the user approved the order. I know it is possible to authorize an order but from what I understand this is only possible after the user approved the Order. So what I want to know is the following: is it possible to let the user approve with the order and then authorize in one step, without the interfering of my backend(Spring Boot). Or should I let the frontend make a call after the user approved, so that another endpoint in my application can try the authorization of the funds. It al comes down to the fact that I don't know when to make the authorization call. What is the best practice?
So basically you want to create an order with "intent": "authorize" and then authorize it from your backend after approval (rather than capturing it, as would be the case for intent:capture).
For this you need to make two routes, one for 'create an order for authorization' and one for 'authorize an order', documented here. These routes should return only JSON data (no HTML or text). The second one should (on success) store the resulting authorization ID, purchase_units[0].payments.authorizations[0].id ...for later capture
Pair these two routes with the following approval flow: https://developer.paypal.com/demo/checkout/#/pattern/server
Is there something similar to the email verifcation feature where a system admin could validate user sign-up/registration requests?
Background: We're building a system with a closed community, where new users can join only if an admin has verified their sing-up data.
Ideally the admin should just receive an email that there's a new registration request and validate the request directly from the email.
The emailVerified column is protected - it can only be updated by the system in response to the target user clicking the link in the validation email.
An admin can not "tick" this field on behalf of another user.
However. From your brief description of the background I would suggest that you want the users to click the link - after all it serves to validate their email address. If you are creating your own app there is nothing to stop you adding your own column to the user model (or preferably a related table) and implement code in your sign up that also checks this extra column. Of course this is more work - but likely not excessive - and you get the desired workflow.
apologies if this has been asked but I'm trying to figure out this kind of stuff for the first time -
I'm developing an app where I want to divide the authenticated content from the web-facing side, completely; therefore I am not using a simple backbone.js-style "keep all views in one file" (unless I'm wrong about this, please illuminate!) but actually divided server files (using PHP).
Current flow: the user logs in client-side (using the Parse.com Todo app as an example) and, if successful, I store cookie (via POST/AJAX) with user email and the returned sessionToken on client side. I then thought that when user next visits site, the server can read cookie and shuffle the user to the private/locked portion of site, which, again, is a different set of PHP files.
Here I get lost -- how do I then tell Parse.com that the user is logged in, if I don't have her username/password (only email), and start grabbing data from the classes? Is there a way to do this that I'm not recognizing? I guess I can load different .JS files, read if a session exists, and JS-redirect to a different url, but that seems to me to be a weird way of going about it.
Is there a general philosophy/methodology to my questions that I should read up on, along concrete advice dealing with Parse.com questions?
I believe the Parse User session management functions should be good for you.
Check out https://parse.com/docs/cloud_code_guide#webapp-users
There is an example at the bottom of their announcement blog post here: http://blog.parse.com/2013/09/04/new-cloud-modules-for-images-and-users/
It gives you user session management with minimal effort.
I want to add a feature to my spring roo project. I have an user entity that logs into the application and adds additional users.
When I add those users there is an email adress(field) on which I want to send the validation with additional link to activating the account. Also the user has a field that represents if he or she has an active profile in a way is it possible to log in or not - this field needs to change after I click the provided link in the email.
I already have an velocity templates and everything set up, I just need the process of forming that link and assuring that the user will have an active account after clicking on it.
I solved this using a REST call and Spring Security. When the user first signs up, you create the UserDetails object (mine was in a DB table), but set it as not enabled before you save it (there are 4 booleans in the UserDetails object you can manipulate to enable/disable the user in various ways that Spring Security checks). I also stored a UUID code I generated off the user id in a table, and then generated an email which included a link to the REST service to validate the account.
The REST service was simple. The user clicks the link, which would include the UUID code I generated. You could optionally require them to enter some number or do something here as another authentication step, but in my case I simply looked up the UUID to get the associated UserDetails, flipped the bit to enabled and saved it, and sent them to a page saying their account was now active. I then did something like in this post to auto-login the user.