I want to setup an alert when ever there is a password change in TIM, a specific person should receive the notification informing him about the change.
Utilize the ISIM/ITIM Account -> Change Password operations wherein you need to customize the exiting workflow by adding the Mail/Work order node at the end of ChangePassword extension.
In the mail/Work Order node add the participant you want such that a notification is sent to the same in case of change password operation.
Related
I have created a new Notification file for when certain account details are modified (username, password, email ...) to send a notification to the user informing of important changes to his account.
I have copied the ResetPassword Notification and customized it because I want the link that sends the user to the screen to retrieve the password.
The implementation works to a certain extent, the email is sent with a link that takes you to the screen to recover the password, however when I try to reset the password nothing happens and the email cell is marked in red.
What should I do?
I want to Create a user screen with Two authentications (SMS and Email)
User will receive email to verify and activate his account first.
After that he set password and he will receive SMS massage to verify the password.I want to do this in Oracle apex.I have tried Custom Authentication but i didn't found fruitful, Any one have some good idea to achieve this.
after u take care of the email and sms verification, u should store that data in the data base and create a function to use in your custom authentication that verifies if the user is already validated.
put the function in shared components -> authentication schemes -> settings -> Authentication Function Name
(the function must return true or false to allow the login)
I'm not a fan of using SMS for Two-Factor Authentication, but if you must, perhaps this might demo implementation for Time-based One Time Password (TOTP) might give you some ideas: https://github.com/fuzziebrain/orclapex-tfa-demo
I provided some background information here as well: https://fuzziebrain.com/content/id/1718/
Good luck!
I have achieved this in one of my APEX project but only with the e-mail. For the sms I use it in another context but you could still do it. You will need a smtp server ( you can run one on your server ) and for the sms you will need an external provider. In your oracle database, create a table called OTP ( one time password ).
This table contains a foreign key to a user. When the user creates an account, run a dynamic action in pl/sql that will generate a random 6 digit number that will be encrypt in your OTP table. This dynamic action will also send an email to the user with APEX_MAIL. The full documentation for how to use APEX-MAIL is here and it is pretty easy to use. You can send the user the password for authentication trough email.
Create a new session user called user_na (not authenticated) and make it so that when he connects, the only page he can see is a page with a text field to enter the password he receive through email. After he enters it, encrypt it the same way you did when he created an account and compare the password in the OTP table. If they match , change his account type to user and then he will be able to access every page that you made accessible for the users.
If you also want to send an sms, I recommend using this tutorial. The sms provider have a free trial if you want to test. If you have any questions don’t hesitate to ask I can easily help you with this.
NOTE: if you don’t want to create different session_users you can just add a column in your user table named authenticated. Set it to 0 by default and to 1 when he enters the email password. Then, when he log in, check if this value is 0 or 1 to know which page you should redirect him to.
Is there something similar to the email verifcation feature where a system admin could validate user sign-up/registration requests?
Background: We're building a system with a closed community, where new users can join only if an admin has verified their sing-up data.
Ideally the admin should just receive an email that there's a new registration request and validate the request directly from the email.
The emailVerified column is protected - it can only be updated by the system in response to the target user clicking the link in the validation email.
An admin can not "tick" this field on behalf of another user.
However. From your brief description of the background I would suggest that you want the users to click the link - after all it serves to validate their email address. If you are creating your own app there is nothing to stop you adding your own column to the user model (or preferably a related table) and implement code in your sign up that also checks this extra column. Of course this is more work - but likely not excessive - and you get the desired workflow.
IBM Knowledge Center states that
Server disables security access checks during subscription execution
but does not mention the user credentials the code uses to execute which you need to know in order to map user RunAs roles on the application server.
What user credentials does FileNet use to execute event action code?
As I understand, when you create async subscription it will be executed under p8boostrap user.
And it will keep user context when you execute syncronious subscription.
But you can check it for sure.
It is using the user who triggered the action. E.g. if a user changes a property of a document (let's say DocumentTitle because it is always there) and clicks save, then an update event will be triggered which launches the subscription (if subscribed to the update event) which launches the action. Use synchronous for short running tasks, you can immediately show the update to the user. With asynchronous the user will have to click "Refresh".
Security can be a pain if not planned carefully at the beginning, for the action to be executed, the user has to have rights for the subscription, action event, document class etc. basically for everything involved or the user will get a cryptic error message when trying to modify the DocumentTitle.
Source: personal experience, sorry no official reference, if in doubt verify first.
I am building a web based chat application using strophe and ejabberd. What I am trying to do now, is :
A user can anonymously log in into the chat application and after he log in there is automatically an admin assigned to him. So far, I had managed to enable anonymous log in ejabberd, but I have to manually add the JID of the admin. So my question is how do I assign a random admin to the user?
What you would need to do is always start a chat with some user (the same user for everyone) and demultiplex the messages on that user's side. You can do this using a BOT. What this will allow you to do is that at times of higher activity, an admin can serve more than 1 user.
Alternatively, you can also set up a web-service which returns the JID of the next available admin in the queue. Whenever an admin is done interacting with a user, [s]he will have to signal her/his availability on some web-interface (or you can use chatstate notifications for this - for example, window-closed).