I have a problem with my Camping app for which I've setup an authentication system based on this (http://nycda.com/blog/basic-user-authentication-model-in-rails-4/) tutorial.
I wanted to learn how to setup such a system from scratch to better understand the underlying logic. With this system in place users can create their accounts and login and logout without problems and authentications pass.
It took me a while to determine that the problem with authentication occurs after the user role has been updated in the database. Every user has a default role upon registration, which managers can change after registration. And after that the user authentication fails.
Prior to that there are no errors and users can navigate the application. If I inspect the database I see the user role being updated.
Is the problem related to the database update?
I'm using camping with bcrypt and activerecord 4.0.4. Please see this gist: camping auth
Thank you for your help.
Regards,
seba
Having only briefly looked through the code, I'd guess that updating the role is causing the password hash to be recreated because the logic in the encrypt_password message doesn't appear to prevent that from happening.
You could verify this by seeing if the hash in the DB changes between creation and role update. To prevent this, you could try wrapping that code in an "unless password.nil?" condition in that method.
Hope this helps.
Related
On a JHipster application, I've added a custom authentication provider, to verify user and password of Active Directory users that have login inside. This custom component implements AuthenticationProvider, and inside "authenticate" method, istance an ActiveDirectoryLdapAuthenticationProvider object to get authentication and verify presense on specifical groups.
With a simple A.D. test environment I've no problem, but in production, my company ask me to bind a service account, and I cannot found any method to setup manager-ad and password. How can I get around this problem?
On Spring documentation I've read the phrase "There is no concept of a "manager" user."
My app use 5.1.8.RELEASE
Thanks!
Looking at the code, it validates the user's credentials by binding using the user's credentials. That's really the only way to validate credentials.
I assume, since it has already made a successful bind, it just continues on making whatever search it needs to.
There might be a way to use different credentials for reading the groups, but it all depends on what your current code looks like. But there really is little point in doing this. You have to bind using the user's credentials to validate their credentials. So you may as well continue using that same connection.
I was wondering what the best practices for allowing users to automatically login after registration.
In particular does anyone know any php applications auto login after registering.
Honestly, I think it is a horrible idea, but was wondering if anyone knew why the majority of websites don't automatically login newly registered users.
By default, Laravel's Auth scaffolding logs you in automatically after registration, unless (only in Laravel 5.7) requiring email verification is enabled.
In Laravel 5.7, if you do have email verification enabled, you can still log the user in but only allow certain pages to be accessed only if they have verified their email. So, while the user would still be technically logged in, they haven't verified their email yet thus disabling them from accessing certain content.
An example might be allowing them to log in to be presented with a "Must verify your email" prompt.
In general, I think it's a good idea to require user verification.
I'm trying to build an internal admin system to get to grips with creating a Laravel app from scratch. Currently everything is public so I'm looking at implementing a very simple login system.
There will be no DB connection needed as we want a single user. We'll store the relevant username and password in the .env file most likely.
I feel like I've looked everywhere and haven't been able to find any tutorials covering this requirement! From everything I've read it seems I have to use a 'custom authentication driver' or possibly build my own user provider class but I have no idea how to go about this task.
The idea is that if the app is expanded in future we'd like to be able to just go back to using Laravel's built in db auth functionality. For this reason it would be nice to retain all the common methods relating to checking the current user, using auth middleware on my routes and managing login tokens etc.
Thanks in advance for any help offered.
I'm writing an app that's supposed to run with MVC5 and using parse as a backend.
I'm using the new Identity feature of the MVC5 to login an user. I also tried to use this solution but I couldn't make it work.
What is happening is that when I login with the user A and then login with the user B in a different session (a incognito windows or a new browser) whenever I try to insert something related with a ParseUser object using the first user that was logged in I get an exception: UserCannotBeAlteredWithoutSessionError.
I'm not sure if I'm doing the implementation in a wrong way, or if it is a limitation of the Parse (I think it was designed to run using one user per device).
If you have a workaround for this situation please help me.
There is a good answer which may help: Parse Database Authorization - Security For User Objects.
So, it's a kind of Parse SDK limitation, when you can work with only one user per device (as ParseUser is cached locally). The only workaround that I can see is to perform SignOut/Login explicitly, when you need to do something from other user's context. There is no way to have two users work simultaneously from the same device.
I was wondering if anyone can shed some light on setting up basic user authentication. I've installed the admin app into my project and it works great. But I need a basic user role that can have it's own registration page etc.
I need to see something like
domain.com/users/user.slug
would take them to their profile page
I'm also going to have nested resources, so a user can have a project associated to them.
domain.com/users/user.slug/projects/project.slug
or
domain.com/users/user.slug/project.slug
The admin piece worked great, but I have no idea how to setup registration etc for a user model?
I've used devise in the past with Rails and I'm wondering if anything like it currently exists? I've seen some discussion around warden. Is there a defacto solution that people are using or am I able to implement the admin app to handle this? Right now /accounts is protected and can only be accessed by the admin role.. so I can't have users go to accounts/new
Thanks
For now I basically just copied the admin app.. into my own Users app while using my own User model.
The user model is basically a direct port of the account model.. as is the session controller etc. Just switched the model names around.
I'm still not sure if this is the best approach or if I'm able to leverage the admin app to handle this also?
This solution is working, though again, I'm not sure if it's the optimal approach.