Is there a way to user a different rather than ds-pwp-account-disabled attribute to track user's status ?
As I know it's possible to track user's last login time with a customized attribute. I'm wondering is there a similar setting for user status ?
Thanks
No, the only attribute that OpenDJ uses and manages for disabling an account is the ds-pwp-account-disabled boolean.
Related
My purpose is not to logout a user from the old device, but to prevent them to login if already logged.
I could use a flag in a column of the user table, but it doesn't seem an elegant and modular way. What if for some reason the user is logged out without calling the normal method in the controller so the flag is not set to false and they can't login anymore?
Sure, I could track whether some time passed, but it doesn't seem an elegant way.
I'm sure there is a simpler solution. For example, is there a way to check if a session id is still valid (so if the user is logged in somewhere)? Thanks.
EDIT: I mean that I don't want the user to login from a different device if already logged, not from the same one!
I think it would be complicated to check user's all session ids you can have a column of current_login_at which you will need to set on login and set it null on logout.
Also you know that Default session last 2 hours and you can make a check before login.
I have enabled AD authentication in my NiFi cluster. Now I want track the activities of users like (Which user has triggered a particular flow). Is there any possible way to do this?
How can I pass logged in username as a attribute in a flow?
Thanks,
Ankit
Components in the flow purposely cannot access user information since they are running independent of any user.
User actions are already tracked by NiFi itself, if you go to the hamburger menu in the top-right and select Flow Configuration History you will see every change to the flow and which user made it.
Is there any way to login other users account for admin user ?
Currently authentication based on Meteor Accounts
I saw this post but didn't working at all now.
The feature is important for us because when user have problem in system then admin need to see it this by simulating user account.
Thanks in advance.
It seems you want to impersonate a user. This means that you want to have Meteor.userId (or this.userId depending on context) reflect the _id of a specific user both on the client and the server.
afaict the only way to do this is to login as the user. Presumably you don't want to ask the user for their password so you have a couple of choices:
Save their existing password, replace it (temporarily) with a password of your choosing, then after you're done impersonating their account, restore their existing password.
You probably don't want to ask the user for their password and you don't need to. All you need to do is set aside Meteor.user.findOne(userId).services.password.bcrypt, then reset the password to your temporary value, then restore the original bcrypt value later.
The downside is that the original user would not be able to login while you are logged-in. Plus it's really hacky.
Extend Meteor's Accounts package to provide impersonation capability in a more elegant manner.
You might also look at validateLoginAttempt. The docs are unclear as to whether a failed login attempt could be overridden with a successful one but if it could then that would provide another pathway to solve your problem.
Instead of logging in as the users, which requires their password and which is a total no-no, you may use rather alanning:roles and allow the admin to assign the role of any user in order to draw views based the user's role.
This requires a well designed role system.
As a plus you could then at least load the documents associated with the user who you want to support.
This requires a well designed document and data model.
But generally spoken you should rather focus on writing good tests (test driven development) for components as unit tests, integration tests and UI tests.
This will reduce the need to manually view the app as an end user a lot.
The most common end user problems can be reduced by creating a good knowledge base like a wiki or video tutorials.
Even if then an error occurs in the end user side, I would rather try to implement a well designed error log that allows users automatically create tickets on error which also include the error stack.
All the above methods are to be favored before logging in AS THE USER.
As #Jankpunkt has already mentioned alanning-roles I can add something you can use without installing any external package.
Just keep a type key in the profile object of the users collection. Then define some types like 1 for super-admin, 2 for admin, 3 for general etc. Then check the authorisation of particular action by checking the value of user.profile.type key.
Caveats: Make sure you are checking the type in server side. By default profile field is writable from the client end, so if you are putting type field in the profile object make sure that you are not allowing users to modify users collection in the client end.
Here is how to restrict client end update in users collection:
Meteor.users.deny({
update() { return true; }
});
Read more on roles and permissions here:
https://guide.meteor.com/accounts.html#roles-and-permissions
I'm very new to ion-auth so apologies in advance if this is a dumb question.
I have a feature request from a user (an admin) where they would like to be able to switch into another user's account to see the app from their point of view. The use-case here is that the admin would find the user in question's account in our user admin page in the app, then click a button to effectively 'become' that user.
Any ideas how this would be achieved?
Many thanks
Pete
#Pete,
What you're asking for is what is sometimes called "hijacking" the account.
There isn't currently a feature for that, but essentially what you need to do is:
1) destroy the current session
2) rebuild the session as the user you want to highjack
3) make sure the logged_in session variable is also set.
Passwords are all hashed, but I think it would be pretty straightforward to write a login function for yourself that doesn't go through the password hashing as part of the login steps.
In other words,
1) log out
2) look up the user id's username & password
3) login directly with that password, not a hashed version
Of course, you'll want to be very careful about your security
You need to alter the users_groups table adding a "status" field, in order to set true/false the current user_group.
Then, upgrade the model with a function that makes the following:
Get the current group and sets his status to false.
Get the new group and set his state to true.
Redirect to home page of selected group.
With this change, you can regenerate all the user`s data session and navigate as the selected user.
To present user specific data, where do I store the userID of the user currently logged in? the Session?
Yes, the session would be an appropriate place for that information. Assuming you are using the authentication features baked into the ASP.NET framework, you will either be loading the user ID from HttpContext.Current.User.Identity.Name or looking it up from that value.
yes. sesssion is used for storing user specific data.