i have a problem with register new user, using FAB form. How i think, the problem that FAB use email verification, how i can disabled it
I tried to disable the flask app builder in the library itself, but I still get an error that the registration failed
You could overwrite the add_registration method in RegisterUserDBView and remove the call to send_email
From https://flask-appbuilder.readthedocs.io/en/latest/user_registration.html
Related
I have implemented a login form manually in Twig and I am using the default authentication provided by Symfony 3.4 (based on username and password). Users are stored in a database, therefore I have an Entity which extends AdvancedUserInterface. I am using neither FOSUserBundle nor form builder. Just a simple form. It actually works.
The problem is that I want to integrate Google reCAPTCHA in the login process. I know how to check if the captcha is valid and implemented a custom AuthenticationListener (let's call it MyAuthenticationListener).
I know that Symfony uses UsernamePasswordFormAuthenticationListener as its default listener. The problem is that I could not find a way to change the used listener to that I have implemented.
It seems that in Symfony2 it was as easy as adding the following line in the config.yml:
parameters:
security.authentication.listener.form.class:
MyBundle\EventListener\MyAuthenticationListener
However, I cannot find a way for Symfony3. Any suggestions?
I also tried to find a specific bundle for Symfony3, but I actually could not find anything that is correctly integrated with Symfony Security, allowing me to use the recaptcha in a login form.
Thank you
Your question may be answered here:
https://stackoverflow.com/a/50800993/7408561
The solution is based on a custom-listener triggered by SecurityEvents::INTERACTIVE_LOGIN. That event is fired after verification of credentials but before redirecting to default_target_path defined in security.yml. At this position you can verify the request parameter g-recaptcha-response by calling the google recaptcha api with the corresponding secret.
If the verification fails you can throw an exception and you will be redirected to the login page.
We run into an issue when try to use the window.document on the pop-up screen.
Basically, we are trying to authenticate a user using AAD from javascript and a pop-up screen, but we get an Access denied when try to access the new pop up.
From the version of 1.0.12, the azure-activedirectory-library-for-js library already support for Login using a pop-up instead of a full redirect. Please see this: #60
I suggest that you use the latest version of azure-activedirectory-library-for-js to fix this issue. And to use the pop-up to authenticate, we need to add the parameter with popUp:true when initialize the adalAuthenticationServiceProvider.
I'm trying to develop a custom login form using Worklight customSecurityTest, based on SingleStepAuthAdapter application sample.
Basically, I've noticed that the login function used in the SingleStepAuthAdapater is always called after that user try to access to a secured function (after that, on login action, secured data are sent to the user), but if i try to call the submitAuthentication function directly, before any attempt to access to a secured function (i have inverted the "login page" with the "get secured data" page), i got the following error/lo on firebug:
The two POST calls are the same function raised two times by Worklight on login action (submitAuthentication function inside the SingleStepAuthAdapter called by singleStepAuthRealmChallengeHandler.submitAdapterAuthentication(invocationData, {})) and the error is related to the fact that authentication is requested twice: probably when the authentication request is performed, this function is issued twice after that the submitSuccess() function is called inside the handleChallenge (in fact, the issue doesn't occurs when i delete the submitSuccess invokation, but WL framework is not notified and, for example the isUserAuthenticated function return false, until the access to a secured resource is performed).
How can fix this behavior? What are the best practices to develop a simple login-form using worklight that allow authentication before any access to a proteced resource? I have found some workarounds (such as perform a fake data request before perform the submitAuthentication, but i hope that you can suggest me a better solution).
I've consulted the infocenter and the getting started modules, but probably due to my fault I'm not able to found any useful information
A common practice is to have an initial blank page or view for your app.
In WLCommonInit, either access a protected resource (that is what getsecretdata is all about), or call WL.Client.login(). Another option (suggested by #tk27) is to secure the app in the application descriptor and set connect on login to true. This will trigger authentication when the app starts.
Your challenge handler should display a login prompt dialog, and when the authentication successfully completes, transition to the first real page of your app.
This way, authentication is still done in response to a challenge from the WL Server (as it must be) but you don't see anything but a blank page to a login prompt until the login is successful.
I'm very new to liferay and am creating a hook on the login.events.pre event. My users will be signing in to the website by using their phone number, so I have to do some validations on the status of their phone line before letting liferay create a session for the user. I've already created the portlet and am able to execute some java code before letting liferay take care of the login validation, but I'm not sure how to stop the whole process if my validation fails. In other words, if I find out that the users phone line is suspended, I don't want liferay to allow them to sign in, even if the right login info has been provided by the user. Is it possible to do this in the login.events.pre event in liferay?
In this case you can invalidate the Session and redirect it to some customized error page in your hook.
Below piece of code might be helpful.
//Below code to get the current session
HttpSession session = null;
session=request.getSession(false);
//Below code to invalidate the session and to redirect to your customized error page
session.invalidate();
response.sendRedirect("/errorPage.html");
I'm using LifeRay in version 6.1 in combination with CAS. For testing purposes, I wanted to deactivate CAS temporarily and use the native login functionality of LifeRay instead. Therefore, I deactivated CAS in the Portal Settings. Now, I cannot login myself in LifeRay, because even if I click on "sign in" I got "You do not have permission to view this page." Where can I activate CAS again in the config-files or database OR how can I return to the native login functionality of LifeRay? Thank you!
Add the following in your portal-ext.properties(You can also create property hook, but since this is temporary, i would recommend you to change this for the moment do the clean up and then remove the property) and restart the server
auto.login.hooks=com.liferay.portal.security.auth.CASAutoLogin,com.liferay.portal.security.auth.FacebookAutoLogin,com.liferay.portal.security.auth.NtlmAutoLogin,com.liferay.portal.security.auth.OpenIdAutoLogin,com.liferay.portal.security.auth.OpenSSOAutoLogin,com.liferay.portal.security.auth.RememberMeAutoLogin,com.liferay.portal.security.auth.SiteMinderAutoLogin,com.liferay.portal.security.auth.ParameterAutoLogin
Once server is restarted add the following parameters to any of liferay's url
?parameterAutoLoginLogin=test#liferay.com¶meterAutoLoginPassword=test
Change credentials to your admin credentials