A user can have multiple emails. I got two tables "users" and "user_emails". Registration is working fine and it writes the email to user_emails.
Later the users shell be able to add more email-adresses within a backend gui. Now i am stuck with the verification at login, as a user should be able to use any of the email adresses out of "user_emails" with the passwort out of "users".
What do i have to do to get this working?
Thank you.
Related
In my Spring Boot I'd like to have both social login and signup with user and password.
Let's say the user signs-up via Google. After some time, he forgets that he signed-in via Google and tried to register using the same email.
What should happen in this case?
Should I save user info (returned by Google) in a "users" table of my database to prevent the same user to register twice?
Is there an article or something that explains a similar login/registration flow?
you can save all the users(OAuth or signup) in the user table. you can maintain a column by which you will be able to identify them if a user is signed in via OAuth or email. then if a user tries to signup via the same email you can show a message. or you can design your signup process using multiple steps. at first, the user needs to enter her email address, then you can send her an email where she needs to click some link that has some token in the url, if she previously logged in using some oath provider then she will be automatically logged in otherwise she needs to set her password.
I have a problem authenticating users in my banking application. I want super users to be created and authenticated using email. However, I want that normal users be registered and assigned account numbers. The normal users would then use the account numbers to login. How do you achieve authentication of these different kinds of users with different username fields in one django project.
I have tried overriding the USERNAME_FIELD to account numbers so that normal users would use that to login. It doesnt help to login normal users. For superusers, it prompts for account number when I run
python manage.py createsuperuser
Kindly assist in understanding how to handle this kind of custom authentication.
Django is ready to support your requirement. AUTHENTICATION_BACKENDS support multiple backend as list. For normal user you have to write custom backend and Add that in AUTHENTICATION_BACKENDS.
This link will help you.
I want to Create a user screen with Two authentications (SMS and Email)
User will receive email to verify and activate his account first.
After that he set password and he will receive SMS massage to verify the password.I want to do this in Oracle apex.I have tried Custom Authentication but i didn't found fruitful, Any one have some good idea to achieve this.
after u take care of the email and sms verification, u should store that data in the data base and create a function to use in your custom authentication that verifies if the user is already validated.
put the function in shared components -> authentication schemes -> settings -> Authentication Function Name
(the function must return true or false to allow the login)
I'm not a fan of using SMS for Two-Factor Authentication, but if you must, perhaps this might demo implementation for Time-based One Time Password (TOTP) might give you some ideas: https://github.com/fuzziebrain/orclapex-tfa-demo
I provided some background information here as well: https://fuzziebrain.com/content/id/1718/
Good luck!
I have achieved this in one of my APEX project but only with the e-mail. For the sms I use it in another context but you could still do it. You will need a smtp server ( you can run one on your server ) and for the sms you will need an external provider. In your oracle database, create a table called OTP ( one time password ).
This table contains a foreign key to a user. When the user creates an account, run a dynamic action in pl/sql that will generate a random 6 digit number that will be encrypt in your OTP table. This dynamic action will also send an email to the user with APEX_MAIL. The full documentation for how to use APEX-MAIL is here and it is pretty easy to use. You can send the user the password for authentication trough email.
Create a new session user called user_na (not authenticated) and make it so that when he connects, the only page he can see is a page with a text field to enter the password he receive through email. After he enters it, encrypt it the same way you did when he created an account and compare the password in the OTP table. If they match , change his account type to user and then he will be able to access every page that you made accessible for the users.
If you also want to send an sms, I recommend using this tutorial. The sms provider have a free trial if you want to test. If you have any questions don’t hesitate to ask I can easily help you with this.
NOTE: if you don’t want to create different session_users you can just add a column in your user table named authenticated. Set it to 0 by default and to 1 when he enters the email password. Then, when he log in, check if this value is 0 or 1 to know which page you should redirect him to.
I try to send email to users every time they login to their account in case if someone else is using their account so they can be notified,
so basically I want send this kind of information to logged user email:
account: user email (which this email sends to)
time: timestamp of loggin
ip address: ip of logged user
browser: information of logged user browser
PS:
In matter of fact currently I am storing all these information to my database for analytics purpose so I do have user last login time stamp, ip address, browser info but they are in separate tables, for example user last login time and ip are storing to users table while browser info + user_id are stored in another table named user_trackers so I need the way to gather all these info and send them by email.
Question
How can I collect these info from 2 tables and send them to logged user email address?
So, your problem is in getting database? I suggest making a foreign key and take them relationships . After that, you can load and separately call in App/Mail::build()
I want to be able to create a user using only their e-mail address.
i.e. I want the admin to be able to enter a bunch of e-mail addresses, which will automatically create a new user and password and then e-mail the information to the address provided.
So I am hoping to figure out how to:
Create users using only e-mail addresses (rest can be randomly generated)
E-mail users their passwords and login details.
Any suggestions on a best way to approach this? I'm using authlogic for authentication.
Cheers!
I'd recommend using devise for this, as it handles generating confirmation emails, as well as the routes for confirming an email. A relevant tutorial for allowing users to sign up with just their email addresses: http://blog.devinterface.com/2011/05/two-step-signup-with-devise/
For having an admin create users, it'll be much the same, just generate random passwords+confirmations, and then call user.send_reset_password_instructions to send the email (which can be customized as in Ruby/Rails: How do you customize the mailer templates of Devise? )
see also: Rails Devise: Set password reset token and redirect user