I am using RPX in my CakePHP project. I have set the toke url like this: http://www.mysite.com/users/login
Here is my login action code.
function login() {
$this->Ssl->force();
$this->layout = 'colorbox';
$this->pageTitle = "User Login";
}
I have used SSL with the login form. Look above code( $this->Ssl->force(); ). Login using RPX works fine without SSL. I commented $this->Ssl->force(); line, and got RPX working properly. But when I uncommented that Ssl code, it doesn't work properly.
when ssl code was uncommented there, I did this.
1. Selected google to login from RPX badge (in my login form)
2. Entered my google id and password to login and it worked.
3. But I was redirected back to the login form without any session.
Can any one help me please.
Thanks.
The current code redirects the login page from http:// to https:// and therefore it loses the session and other token data. So need to use either http or https before and after redirecting from RPX to my site.
Thanks.
Related
I am developing a functionality to allow facebook users to register in our web application. The approach is:
We will create one app on facebook
Facebook authentication plugin (http://developers.facebook.com/docs/guides/web/#login) will be used in our registration page.
When user clicks on facebook button, facebook login page and then app authorization page are shown.
One user allows/disallows facebook app, user will be redirected to the main page(https://example.com)
But it's redirected like this(https://example.com/#=), so I am facing another issue with that.
Appended this characters(#=)
I have tried to fix the url, but it's redirected like that anyway.
Here is the redirection code.
Auth::login($user);
return Redirect::to(URL('/'));
My server is Nginx.
Hope to get solved my problem.
Thanks in advance!
Try to name the route then redirect to it.
Route::get('/', 'HomeController#index')-
>name('home');
then redirect()->to(route('home'));
I'm using a custom SocialLoginController to log my users with facebook or google in al Laravel 5.3 project
In some cases I send to users an email with info about one change and the URL to the resource, for example https://myweb.com/settings/profile/[the-uuid]
when the user tries to access but is not logged in, he's redirected to the Handler#render() where I send it to login with return redirect()->guest('/login'); and after login with social account I redirect them using return redirect()->intended('/home') but since I don't use the LoginController, the redirection to the requested URL is not working.
Any idea? Thanks
The problem is the request object is lost after redirect the user to login with facebook or google, so I fixed by saving the requested URI in a session variable and then checking if exists after redirect
return Session::get('intended') ? redirect()->to(\Session::get('intended')) : redirect()->to('/expenses');
Maybe this could help someone
I am using sentry to authenticate users in laravel 5.3. When the user clicks auth protected route is redirect to the login form. After login, the user is redirected to home page.
How can I configure sentry in manner that the authenticated user is not redirected back to home page but instead to the original destination before login. Kindly assist I seem not to figure it out.
You can use a function called intended
return redirect()->intended('dashboard');
The intended method on the redirector will redirect the user to the URL they were attempting to access before being intercepted by the authentication middleware. A fallback URI may be given to this method in case the intended destination is not available.
https://laravel.com/docs/5.3/authentication#authenticating-users
Maybe this may help you --
You can try giving the url something like this localhost:8000/something?url=anythingelse so that after login change the redirect path to $_GET['url'].
Use a form rather than link to go to login page. Try this --
<form method="GET" url="{{ url('/some') }}?{{ Request::path() }}" id="login"></form>
Login
I was testing the user account registration system.
When new users sign up for accounts, they are sent a notification email. The email, by default, includes this line:
Login URL: http://mystore.com/
The problem is, that's not the login URL. The login URL is http://mystore.com/login/
The URL seems to be generated by this line in the email template (profiles_info.tpl):
{if $user_data.company_id}{"?company_id=`$user_data.company_id`"|fn_url:'C':'http'}{else}{""|fn_url:'C':'http'}{/if}
But I don't understand how fn_url works (there doesn't seem to be any documentation). So how can I fix the login URL - or what would be the best way to do so?
this function define in /app/functions/fn.common.php
change:
{if $user_data.company_id}{"?company_id=$user_data.company_id"|fn_url:'C':'http'}{else}{""|fn_url:'C':'http'}{/if}
to this:
{''|fn_url:'C':'http'}login/
The login url in CS-Cart can be generated this way: fn_url("auth.login_form"). The auth controller handles the authentication, within this controller, there is a login_form mode, which will display the login screen for the user.
If you would like to display the link in a Smarty template, you can use this code: {"auth.login_form"|fn_url}. This is the proper way, to link the login form, because if you hardcode the /login/ into the template, and later you would like to use a different URL for the login, or you want to use multi-language SEO URL-s, it will fail.
So the correct code in the e-mail template will look like this:
{if $user_data.company_id}{"auth.login_form?company_id=`$user_data.company_id`"|fn_url:'C':'http'}{else}{"auth.login_form"|fn_url:'C':'http'}{/if}
I am using Ionic to build a login system on top of Codeigniter/Ion_Auth/codeigniter-restclient and when I try to login from "ionic server" the login works but the next api request to the logged_in() method returns false.
The same thing works properly when I point the browser to the www folder.
So here is the problem step by step:
run ionic serve
you see the login form (http://localhost:8100/#/app/login)
enter email and pass
the rest api returns "login successful"
$state.go('app.profile') works and redirects to http://localhost:8100/#/app/profile
REST get api/logged_in returns false and I redirect to the login page
If I do the same in a regular browser, step 1 becomes: open browser and go to http://localhost:8888/App/www/#/app/login, at step 6 REST get api/logged_in returns true and I don't get redirected to the login page, I stay on the profile page.
The code is the same. So my guess is that maybe ion_auth doesn't get the cookies it wants or the session is reseted. I am not sure at this point what the problem is. This is my first Ionic/App project so I might be missing something about the proper way to authenticate from a mobile app using code that works in browsers
Thank you
UPDATE:
It seems that when using the 'ionic server' window every request to the API triggers a new session. The new session is stored in the database and ion_auth tests the logged_in against that last one, which doesn't contain the login details.
you were taking about REST api and cookies and sessions. Cookies and sessions don't go with REST philosophy. Here is why.
Let me tell you how we accomplish this problem in our project. Basic way of knowing which user is requesting and if it has the access rights is by the 'Authorization' header value. You can use Basic Authentication, Barer or any other.
We generally prefer token based authorisation system. When a login is successful, server sends a token. In ionic app, we save it using a factory called SessionService. So whenever user logs in, token is stored and is used for every request. But token would be lost if user closes the app. So we can store it in local storage. User can then be directly redirected to dashboard until user logs out.
app.factory("SessionService", function($window){
var user={};
if ($window.localStorage['user']!=undefined){
user=JSON.parse($window.localStorage['user']);
console.log(user);
}
return{
isLoggedIn:function(){
return !isEmpty(user);
},
logout:function(){
console.log("logout")
user={};
$window.localStorage.clear();
},
setUser:function(data){
user=data;
$window.localStorage['user']= JSON.stringify(user);
},
getUser:function(){
return user;
}
}
})
Now in every web request, you can call SessionService.getUser().token when setting value Authorization header.
UPDATE:
Despite using cookies is not recommended, you can use it in your application easily.
If you are sending request with CORS, angular doesn't sends cookies with request.
One of the way address this issue is to send withCredentials: true with every request:
$http({withCredentials: true, ...}).get(...)
Read further about this here.
Hope this helps!