I'm using Thinktecture IdentityServer with MembershipReboot and i'm trying to find a way to override the default username validation of username.
my case is that I want to allow username to be email or not and not the same as the user email.
The username validation is configured in UserAccountService, I can add validation but I Don't know how to remove them.
I'd simply like to remove the validatior UsernameDoesNotContainAtSign and UsernameOnlyContainsLettersAndDigits, and do that without any modification of MembershipReboot, through configuration or ?
Edit:
Related GitHub issues:
https://github.com/brockallen/BrockAllen.MembershipReboot/issues/331
https://github.com/brockallen/BrockAllen.MembershipReboot/issues/339
https://github.com/brockallen/BrockAllen.MembershipReboot/issues/370
Some of these validation rules are hard coded. If you have a use case for changing them, I'd suggest opening an issue on the github issue tracker so we can discuss.
Related
Where would be the best place to be able to enable/disable a filter for the entire session of the user, conditionally based on a permission?
For example I have a "CanSeeDeletedItems" permission, only for admins, and I want to apply that to everything, Ie, disable the SoftDelete filter when a request comes from a user with this permission.
I first thought to try and include this in modelBuilder, but quickly realized I cannot access the Service layer from the DAL.
So my thoughts would be to add some code to the Initializer of UOW somehow, but I am not sure how to do this, I was hoping it was a case already considered but not written into the documentation.
I'm looking to do something like this:
if (IsGranted("PermissionName"))
CurrentUnitOfWorkProvider.Current.DisableFilter(AbpDataFilters.SoftDelete);`
For user based disabling filter can be achieved with Interceptors.
So what you need to do is; Write a custom interceptor for Application Services.
This interceptor must disable/enable filter for the current execution
https://aspnetboilerplate.com/Pages/Documents/Articles/Aspect-Oriented-Programming-using-Interceptors/index.html#ArticleCreateInterceptor
To disable AspNet Boilerplate filter using in code block
using (_unitOfWorkManager.Current.DisableFilter(AbpDataFilters.SoftDelete))
{
var people2 = _personRepository.GetAllList();
}
https://aspnetboilerplate.com/Pages/Documents/Data-Filters#disable-filters
To disable AspNet Boilerplate filter globally
Configuration.UnitOfWork.OverrideFilter(AbpDataFilters.SoftDelete, false);
https://aspnetboilerplate.com/Pages/Documents/Data-Filters#disable-filters-globally
I have an issue when i am resetting a password. In my entity i have a Constraint , who check if my field already exist in DB.
it's work fine. But if i aske a password reset , when i validate new password, i have a validator (my constraint) message , and the password is not change.
the probleme is that the resseting class form->isValid() from ResettingController use my constraint. I dont want that when i'm resetting a password. There is a way to tell symfony don't use validator on resseting password for form->isValid() ? Or a way to know if the request come from reseting process in my validator class?
The only way that i found , it's to use session and put a flag. Not very awesome.
I've installed Spring Security Core and Spring Security UI plugins in my project with hope to get something like this: User Management.
But on every action I get the first picture on this link (Member sign in) and I can't do anything else (Register as new user or Log in...).
I'm new in this so if anybody can explain me what to do and how to set it to work properly...
Thanks :)
That is probably because that you have wrong order in your static URL rules or all of the rules are defined for IS_AUTHENTICATED_FULLY users. Check your config.groovy and see if there exists any rules for anonymous users or IS_AUTHENTICATED_REMEMBERED . If you have rules including IS_AUTHENTICATED_FULLY then you should change them. See this blog post for details.
It's a classic login flow. The user can choose between 'new user' or 'existing user'. If the user is new, the name in the login box should validate against the server to see if the username is unique, if it's an existing user this check will be skipped since we expect the username to be taken already (ofcourse).
I added a [Remote] attribute on the viewmodel and added the radiobutton for new/exiting user as 'additional fields'. This way the remote validation will just return true if it's an existing user, and check the database if it's not, to see if the username is taken.
This works great, except when the user decides to change the radiobutton (new/existing) after entered a username (and the remote validation has run). Since remote validation is only automatically run when the username changes (that's the property with [Remote] attribute), changing the radiobutton alone, will not have it run again.
So my problem is, how can i force the remote validation to run again? I tried the usual hacks by triggering a change/focus/blur event on the username input field, but the call is not triggered. I considered adding a similar [Remote] on the radiobutton, but that would really complicate things with two equal looking error messages, placed at the same absolute position.
Is there any way to trigger a revalidation?
I believe that jquery validation can be triggered using $("#formID").validate()
Some more options can be found in the docs: http://docs.jquery.com/Plugins/validation, and at Brad Wilson's blog (you can also find some info in the comments)
Have you looked into the Data attributes that the input has, maybe it's cached? something like this.
EDIT: Just for clarification, this is how i got it to work
$('#UserName').removeData('previousValue');
$('form').validate().element('#UserName');
I'm still working on my first Grails application. This time, my problem is to limit access to some actions for particular users.
Assume users add some object, e.g. books. I would like to give access to edit a book only to admin and the user that added the book. I'm currently using Acegi plugin. I know there is newer version of that plugin, but I'm not sure if it changes anything in my problem.
The second thing is some kind similar. I have a sidebar and there is "Hello ${currentUser.username}. currentUser is a method that returns an instance of currently logged user. But the problem is that I don't have any idea where can I put this message to be able to use it everywhere. Should I put it in some service and include it everywhere? I tried to create an ApplicationController that is extended by all other controllers, but that doesn't seem to work. Have you got any ideas?
Thanks!
Grzegorz
You should use the newer Spring Security Core plugin since it has an ACL add-on plugin that does exactly what you're looking for. See http://grails.org/plugin/spring-security-acl for details.
For the second question, there's a taglib for that. In the Acegi plugin use this:
Hello <g:loggedInUserInfo field="username"/>
(see http://www.grails.org/AcegiSecurity+Plugin+-+Artifacts) and in the Spring Security Core plugin use this:
Hello <sec:username/>
(see the "Security Tags" section of http://burtbeckwith.github.com/grails-spring-security-core/docs/manual/)
For ROLE access you'll just need to specify that a particular ROLE for a particular URL has access to that action. That is if you are using the plugin's RequestMap approach. If you're using the annotation approach, just annotate the action in the controller with:
#Secured(['WHATEVER_ROLE'])
As far as only allowing the user who created the book to edit it, you can pull the user domain out of the authentication with authenticateService.userDomain(), then you can compare that user with the user who created the book (assuming you have some sort of createdBy property on your Book domain.
def loggedInUser = authenticateService.userDomain()
if (book.createdBy.equals(loggedInUser)) {
// allow editing
}
Something like that, anyway.