I have a laravel system that has four different guards. I am intended to log out from all other devices if a user login from a new device or every login. I want to destroy all other previous sessions. I have tried all the suggestions found on the internet. Can anyone help me out with this issue?
if(Auth::guard('super_admin')->attempt($validated_data)) {
Auth::guard('super_admin')->logoutOtherDevices($validated_data['password']);
$request->session()->regenerate();
return redirect()->route('super_admin_dashboard')->withSuccess('Login as Super Admin is Successful');
}
I have tried something like this. It works fine for login and changes the hash password in the database. But it remains logged on other devices.
Related
I have already implemented a user authentication, in which the user can log in again or register.
I would now like to avoid that the user must register again after each closing of the app. For this reason I have to request a refresh token at certain intervals (Max 1 hour, as long as the cookie is valid). my question: how do I do that best? the refresh should work for both open and closed apps. I saw the possibility of the React Native Background task, but apparently only runs when the app is closed.
You have to create a flag in AsyncStorage when the user is authenticated.
And then you have to check that flag each time on opening the app.
Here is the sample snippet.
AsyncStorage.setItem('loggedIn', true);
And in your app.js you can check this flag in constructor
AsyncStorage.getItem('loggedIn').then((value) => {
if (value) {
//user logged in logic goes here
} else {
// user logged out. You need to login him again
}
});
Considering that you need to persist user's login forever and still be able to refresh the token, one possible way is to store the user's credentials (username and password) in some secure storage like react-native-keychain and then refresh the token every time the user opens the app.
Or more precisely, automate the login with the credentials you stored whenever the user launches the app with the help of useEffect hook(componentDidMount).
Note: This is not a good implementation if your app uses push notifications. Push notifications demand the user to be authorized all the time.
When a user registers at my website I also need to create a quickblox user. I got this procedure to work:
Get a session token from API route "api.quickblox.com/session.json". But to do so I need a user. So I use my own login to quickblox dashboard.
Create the user by hitting API route "/users.json". Fair eanough, it works!
Questions
It feels strange using my own dashboard login as the token generator account. Is there not some other way?
The newly created user can create more users! That is, I created a new token with the details from the just created user, whom in turn was allowed to create further users. This cant be right? What am I doing wrong?
Quickblox chat example available here: http://quickblox.github.io/quickblox-javascript-sdk/samples/chat/# serves the keys and secret in the open, like this:
QBApp = { appId: 46126, authKey: 'Nyc2fwgg8QeFJpS', authSecret: SUv3grsaDMx5'}; Is that the way to do it? Then atleast I would like to control the creation of new users..
Thanks!
Hope you doing well !!
For Quickblox must have manage session for each and every users,you have to download and integrate quickblox SDK into your web app.
You have to follow this steps:
1) Create a app on Quickblox and add credentials into your javascript SDK or configure your javascript SDK.
2) Whenever user is logged-in to you app you must have to login quickblox as well and get session for logged-in user.
3) Do whatever operation with user created session like (chat,viedo call, audio call)
4) When user log-out from your, you have to manage like user also logout form quickblox and destroy previously created sessions.
5) When registering new user you have to also register that user into your quickblox app.
this way you have to manage user management.
hope this will help you.
To create a user with an arbetary session/token this function can be used (for JS SDK)
var params = {login: 'test3', password: '12345678'};
function createUser(params) {
QB.createSession(function(err, result) {
QB.users.create(params, function(err, user) {
if (user) {
// user - JS obejct with QB user
alert("successfully created a user!");
} else {
alert("error!");
}
});
});
}
"The newly created user can create more users!"
After further research I have concuded this is a part of the design and not to worry about. I will add a job to clean up any users created by spammers.
When a user first logs in through Facebook on Firebase Auth, duplicate users with unique UID's are created.
The peculiar issue is that I implemented login for this app months ago. An unrelated problem caused me to change my Firebase app. Since then new logins create duplicates. This is very hard for me to solve as the code I have implemented for login uses Facebook SDK and theres not much revealing whats under the hood. Also Firebase has an option that prevents users from creating duplicate accounts with the same email from different providers. But as you can see I am getting an erroneous user upon that initial login. Has anyone ever seen this problem? How am I suppose to fix it, when the problem is arising using the Facebook SDK?
There were two calls to signInWithCredential. FYI, this does not result in problems when the user has already logged in. So it could be a silent error that creeped up on you if you have the same problem.
In my Laravel application, after a user is logged for the first time after registration using
loginUsingId()
the user gets authenticated (logged in). But after a few hours (maybe 2-3 hours. I'm not sure), after the session has expired or the user has logged out, it can't log in back again using:
Auth::attempt()
But it happens for a reason that I don't know. Why is this happening? Please share your expertise on this.
Most probably, you are not storing the registration data perfectly in the DB.
Is the password hashed perfectly?)
Or cipher proble. Help here.
Or rememberToken methods are not set up perfectly. Help Here.
I have an existing site that has user passwords hashed using sha1 hashing algorithm. I need to port those users (and passwords) to the new Meteor site.
Is this possible?
i recently encountered a similiar problem and just migrated the accounts and had users reset their passwords. you can then use the built standard accounts methods to handle login+reset functions.
login method call:
Meteor.loginWithPassword(email, password, function(err){
if (err){
if(err.reason === "User has no password set"){
Session.set('loginErrorMessage', 'you have been migrated... reset your password...');
//your template does something with this to push user to reset their password
}
}else{
//normal login
}
});
can only really do this if you have a custom login form, you could possibly just lightly customize the accounts-ui package if desired
this approach has worked pretty well for my app so far, users just have to follow the password reset procedure and they are good to go