Does anyone know of a login checklist online that goes through the overall requirements? Currently, we have the following overview of steps:
Login Page
Registration Page
Thank you for creating account page (needs to be page instead of pop-up so that we can track this in Act-on)
Registration email to user
Registration email to client
Login confirmation page for client to approve user in one click
Login approved email to user
Login declined email to user
Forgot password page
Forgot password emailed to user
New password page (from email)
If you know of anything more thorough, or can see anything that may be missing (or is overkill), please let me know. Should I be posting this on Stack Exchange?
Related
In my Spring Boot I'd like to have both social login and signup with user and password.
Let's say the user signs-up via Google. After some time, he forgets that he signed-in via Google and tried to register using the same email.
What should happen in this case?
Should I save user info (returned by Google) in a "users" table of my database to prevent the same user to register twice?
Is there an article or something that explains a similar login/registration flow?
you can save all the users(OAuth or signup) in the user table. you can maintain a column by which you will be able to identify them if a user is signed in via OAuth or email. then if a user tries to signup via the same email you can show a message. or you can design your signup process using multiple steps. at first, the user needs to enter her email address, then you can send her an email where she needs to click some link that has some token in the url, if she previously logged in using some oath provider then she will be automatically logged in otherwise she needs to set her password.
Problem is:
User registers at the side and gets a registration email with a
confirmation link which can be used. and
Admin gets an email notification of a newly registered user
Admin activates & enables the user
No notification email to the user is sent about his accounts activation
No hints in the logs. Mailserver is working as described. Tests with System emails active for users show no difference in the behavior. Also added true to $return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $data['email'], $emailSubject, $emailBody, true); in registeration.php
Does this feature actually work? Any help in solving this would be much-appreatiated.
Using Joomla 3.9.15 and no external plugins for user-management.
Thanks in advance for your time.
Joomla distinguishes between user activation by link through email or via administration backend. In order to send an email to the user after the activation of the user account one needs to use the link from the email. Activation from the administration backend will not send an email to the user who's account was activated.
I am adding a Login with Facebook button to my Larvel web app. Users can already register using an email and a password, So what I need to do is to give the users the ability to Login with Facebook, without having to register using Facebook from the beginning. I have already accomplished this, but I facing a security issue.
The authentication flow goes like this once a user cliks the Login with Facebook button:
Redirect users to facebook -> Users enter their email and password -> Facebook returns the user object back -> If the email returned with the user object exists in my database, log the email owner in.
Mostly you have already noticed the problem, but if not, consider this case:
If a user registers with their email in my application, and happens to not have a facebook account associated with that email, then anyone can register a new facebook account with that email, and then just simply log in into my application (Because that email exists in my database!!)
I have been googling this for quite a while now, and it seems like there's no one mentioning this problem, I am assuming this is because I might just be doing it the wrong way!, or maybe it's just done this way! Not really sure.
So, I am seeking guidance, how is this done right?
I am working on a Laravel 4.2 project.
I already have implemented an email activation module for new user registration. Whenever a new user registers, I provide an activation link to him in an email and clicking on link, I compare the token (a random string with 30 characters) I have provided with link and user's email address with database records. If found to be matching, I just set is_active field of users table to true and redirect him to login page with a Congratulations message for successful activation.
But now, I DON'T want him to redirect to login page, but if successful activation, I want him logged in directly to his account.
But I believe that authenticate an user with just a string token and email address is not a secure way.
There must be something that I can trust on. Many sites do this including stackoverflow itself but I am not sure how?
Can you please guide me how to do this?
I tried to check each of these, and I still see VM registration/login page..I disabled all cache and I have no login modules in the site. You can see it in action: www.webtasty.com ..try to purchase smth and you will be redirected to login page after clicking checkout... How to remove registration/login page? I want to use just paypal payments, so dont need registration. Thank you
ps. it's tpvmcheckoutlogin module on the page, which displays that login block...
I have latest VM version (and patch)
What is it set to right now? From the looks of the page it is set to normal now. In any case, changing that setting doesn't remove the registration page, it only changes what is displayed. VM will always want you to fill out the registration form so it knows who is placing an order. Here is what the different options mean -
Normal Registration - checkout page displays a login form and a new user registration form. Users are required to pick a username and password. VM creates a user account.
Optional Registration - checkout page displays a login form and a new user registration form. Users have the option of selecting a username and password to create an account. VM only creates a user account if the option is selected
Silent Registration - checkout page displays a login for and a new user registration form. There are no form fields for username or password, VM assigns those to the user and sends them via email. A user account is created with the assigned credentials.
No regisration - checkout page displays registration form only, no username or password fields, no account login form. VM does not create a user account but still requires the form to be filled out for billing/shipping purposes.