I need to change some default functionality of ion auth once a new user has been created by an admin.
The scenario is like so...
Admin creates the user account.
Activation email is sent to the user.
Clicking the link sends the user to the set password page.
Upon setting a password, the user is activated and can log in.
Currently I haven't found a way to define the activation link once ion auth calls the register function and the email is sent. It's set to auth/activate.
The options I see are as follows...
Redefine the behaviour of Auth/activate(). Is this recommended though? Should I be touching the methods in the Auth controller?
Turn off $config['email_activation'] and handle everything myself.
Somehow changing the default controller/method behaviour to handle the activation of the user.
What do people usually do in this situation? Which is best practice?
Ok, after much searching I was reading through https://github.com/benedmunds/CodeIgniter-Ion-Auth/blob/2/libraries/Ion_auth.php and noticed the email message being generated was being sent to an email_template (in the view), which I had forgot to check. The activate.tpl.php is where you can find the code that generates the path to the Auth controller.
<?php
echo sprintf(lang('email_activate_subheading'), anchor('auth/activate/'. $id .'/'. $activation, lang('email_activate_link')));
?>
Now I can just easily change the controller path, it makes sense to write my own controller.
Related
I set up a user registration in Laravel 8, with the help of Fortify.
I works pretty much as I expected, except that I would like to trigger a specific action when a user clicks the verification link. (When verification succeeded, that is.)
I know I can specify a redirection url through the home parameter in config/fortify.php, but this also applies to regular sign-in action. I would like something specific to email verification.
Any idea how I could at least check if the email has just been verified ?
You have to Listen to an event, that way you can know when someone got verified and do something.
This is the source code, so you can see it is dispatching event(new Verified($request->user()));, so you have to listen to Illuminate\Auth\Events\Verified event.
I'm trying to figure out how quickest and easiest to allow the admin user on the site I'm building to access and update any user's settings etc. E.g. I've written the code for a regular user to update their settings (and various other actions). Ideally I want an admin to be able to "be" that user as far as my code is concerned, i.e. allow the admin to do anything a user can, to that user's account. Is there any way of doing this?
If I Auth::login() as admin then from the point of view of Laravel I'm the admin user and not the user they might want to edit. If I login as the user then I don't have admin rights (which in my case means an extra admin menu on the navbar with options to suspend or delete the user, or search for other users).
Any thoughts on how to do this please, or am I overcomplicating things? I am looking for a specific functions/code to allow this, rather than a general strategy. I'm using Laravel 5.4, deployed on Heroku. I know there's middleware but it doesn't seem to do what I want as above.
Many thanks.
You could do as suggested in the above comment by Tim Lewis, or you could accept an "override" property in the user edit page where you can pass a specific user ID and then view the page as that user. For instance, the method might look like this:
public function editUser(User $user=null) {
//User that you want to edit can be provided. If not provided, $user will be null and we will load the user that is currently logged in.
if($user!=null && Auth::user()->role=='admin')
$user_to_edit = $user;
else
$user_to_edit = Auth::user();
//other code goes here
}
Then, if you pass a $user object to the method, you will be given the edit page for that user, rather than the Admin. Otherwise, a user will be able to use the same route in order to always view their own edit page.
Be very careful with code like this! You will want to make sure that non-admins do not have the ability to load in a user object and see somebody else's information. That's why I added the $user->role check in the if/else statement, but you might want to add extra security in the form of middleware.
spatie permissions is a wonderful package that I use to make permissions to resources available to super-administrators. https://github.com/spatie/laravel-permission
I am working on a project using Laravel 5 and I am trying to figure out how to reset passwords. I know the migration for the password resets is already there but I remember there was a ReminderController in Laravel 4 which I could generate but I cannot find the same in Laravel 5.
I am sure that Laravel 5 ships with a password reset mechanism but I cannot exactly figure out where to send the request and the method which handles sending the emails?
I can find the views and the migration but can anyone help me find the controller method and route. If anyone can provide me with a tutorial, I could work with that too.
Laravel also includes an
Auth\PasswordController
that contains the logic necessary to reset user passwords. We've even provided views to get you started! The views are located in the
resources/views/auth
directory. You are free to modify these views as you wish to suit your own application's design.
Your user will receive an e-mail with a link that points to the
getReset method
of the
PasswordController.
This method will render the password reset form and allow users to reset their passwords. After the password is reset, the user will automatically be logged into the application and redirected to /home. You can customize the post-reset redirect location by defining a redirectTo property on the PasswordController:
protected $redirectTo = '/dashboard';
Source
After reading a lot of answers here on what is the best authentication out there for codeigniter, I decided to use tank_auth.
It seems to be the best authentication for codeigniter.
However, I have some few questions regarding on how I can integrate it successfully on my site. I am currently building a hotel reservation system. So some functionality of tank_auth needs to be modified to suit my needs.
So how can I, after registration, login the user automatically without requiring him/her to activate his/her account. Is there a configuration to disable the "activation process". If yes, where can I find it? If no, is it a big modification to the code if I remove the activation process?
On the auth.php code I tried to comment the following code to remove the activation process but seems it does not work:
} elseif ($this->tank_auth->is_logged_in(FALSE)) { // logged in, not activated
redirect('/auth/send_again/');
That code only works when the user account exists but is not activated. it then resends an activation email...
Look at the register part of the library and set the login session parameters to be true ie parameters that sets login to be true and then direct to the protected area!
We've created a highly customized Joomla 1.5 based site and want our super administrator to be able to log into registered user accounts so we can provide better phone support and help them configure their accounts remotely.
This will obviously take some coding. Ideally we want a link from the admin side that will take us to the front end and automatically log us in as the registered user. We'll lock it down by IP address and also have some sort of password as well.
Where does the login get processed? It looks like /components/com_user/controller.php calls a function called $mainframe -> login(); Where does that function reside?
Our thought is to send a mock login form along with an additional super-user password field. Then we'll modify the login code to authorize the login if the password is present and the IP address is correct.
Any words of wisdom or caution with this approach?
There is actually a plugin that will do just this:
http://extensions.joomla.org/extensions/access-a-security/authentication/4806
You'll want to build an authentication plugin to handle this. You can enable as many authentication plugins as you like (the core plugin, OpenID, your own plugin, etc...). Joomla will run down the list of enabled plugins until one of them sets the status variable of the $response object to JAUTHENTICATE_STATUS_SUCCESS. The $response object gets passed in to your plugin's onAuthenticate method. Take a look at plugins/authentication/example.php for a clear example. You will probably end up cloning plugins/authentication/joomla.php and repurposing it for your needs.
I would publish your custom plugin after the core Joomla authentication plugin so that normal users will be able to log in faster.
Also, if you do want to go with a form as well, you will need to build a small component so that you can get the username and super-user password into the request.