On most websites, there is an option to get the system to reset the user’s password if they forgot
the password. A new random password is sent to the user’s email after answering some secret
question. The “Forgot Password” option is available on the login screen.
Does Cuba platform have this option ? I could not find it in the documentation or any sample app.
How can I develop this function and change the login screen ?
There is no built-in functionality in CUBA for this case. You can extend the login window and implement the "forgotten password" case by yourself. The example of extending login screen is here: https://github.com/cuba-labs/brand-login
Related
Facebook is ignoring our scope parameters that are being requested from our app. We're using Firebase authentication which provides an SDK that allows us to request a series of permission scopes from Facebook.
Here is an example of what this looks like:
import firebase from 'firebase/app';
// instantiate new Facebook provider
export const fbProviderRedirect = new firebase.auth.FacebookAuthProvider();
// add business_manager scope to access user's business manager data
fbProviderRedirect.addScope('business_management');
fbProviderRedirect.addScope('public_profile');
fbProviderRedirect.addScope('email');
fbProviderRedirect.addScope('ads_read');
fbProviderRedirect.addScope('ads_management');
fbProviderRedirect.setCustomParameters({ auth_type: 'reauthenticate' });
We then call our auth function and pass in the 'fbProviderRedirect instance as an arg
const linkToProvider = (provider) => {
return auth.currentUser.linkWithRedirect(provider);
};
Once a user selects our btn, they are redirected to the facebook dialog screen and are presented with a request to grant our app access. However, here is the part that we cannot figure out.
While testing, when we use our FB app admin account, when we select the btn two dialog screens appear. First screen contains permissions: public_profile and email, and the second dialog screen covers all of the remaining permissions.
When regular users attempt this, they only see the first screen, not the second. They are then given an access token which does NOT contain any of the explicitly set permissions from firebase.
Our app within facebook was reviewed and approved via advanced access for the following permissions:
pages_show_list, business_management, ads_read, pages_read_engagement, ads_management
Additionally, our app was also verified as a business. So we've been both approved and verified by facebook for our app and business.
We cannot figure out what we're missing or doing wrong. Any suggestions on how to proceed?
oAuth screen:
Review approved:
Business Verified:
You have to press 'Continue As _____' and the scopes that you are asking for will be shown in the next few dialogs.
I have deployed Google+ Sign-in Button, now I have to provide Sign-Out Button, before that, I need to know whether the user is still signed in, by which I can then show or hide this button.
I found this documentation: gapi.auth.checkSessionState(sessionParams, callback):
https://developers.google.com/+/web/api/javascript?hl=en#gapiauthchecksessionstatesessionparams_callback
Could someone demo how to use it ?
Many thanks.
gapi.auth2.getAuthInstance().isSignedIn.get()
This returns boolean
You don't need to use a separate function call to determine the user's signed in state if you've already added the sign-in button. The sign-in button's callback is going to trigger either on sign-in, when the page loads, or any time that the user's signed-in status changes. The page load trigger (immediate mode), will also help to indicate if the user is a Google signed-in user or not.
See monitoring the user's signed in status, which shows the different status fields that you can check (Google signed in, app signed in, or signed out).
From Google dev docs :
If you pass null to sessionParams.session_state, you can check if the user is signed in to Google, whether or not they have previously authorized your app.
So your code will be like this:
gapi.auth.checkSessionState({session_state: null}, function(isUserNotLoggedIn){
if (isUserNotLoggedIn) {
// do some stuff
}
});
This is an example of how to use it:
gapi.auth.checkSessionState({client_id:'99999999999.apps.googleusercontent.com'}, signinCallback);
where client_id is the id of your project on g+ console. and siginCallback is a function i created to check the state.
IT'S VERY IMPORTANT to notice that the official api documentation says:
If the argument is true, the supplied session_state is still valid. If the argument is false, it is no longer valid and the application should perform a new re-authorization flow with immediate set to true to get an up-to-date access token or detect a non-authorized or nonexistent Google sign-in session.
But when i recive the response of checkSessionState i get true value when im signed off and false when im signed in. I Dont know if there was an error on the documentation but you can try it by yourself.
Hope this has been helpful for you.
PD: excuses for my awful english
Adapted from Tom Anthony's Blog
One simple way you can use without the use of an API to see if a user is logged into Google + (Or Google/Facebook/Twitter) is to try to access a resource which they would only be able to access if logged in. The code below attempts to load an image resource for which the user needs to be authenticated to access. By default html <img> tags run onload() if an image is successfully returned, but onerror() otherwise.
<img style="display:none;"
onload="function(){document.getElementById('signOutButton').style.visibility = 'hidden';}"
onerror="function(){document.getElementById('signOutButton').style.visibility = 'visible';}"
src="https://plus.google.com/up/?continue=https://www.google.com/intl/en/images/logos/accounts_logo.png&type=st&gpsrc=ogpy0"
/>
I set up an app to allow users to log into my site using Facebook. When users click the FB login button, the expected auth dialog appears. My auth dialog shows a second page which says: "This app may post on your behalf, including status updates, photos and more."
But my app doesn't need any extended permissions, and will not be posting anything to Facebook. I don't want this second page to appear, but I can't figure out how to make it go away.
On my app's settings page, I didn't specify any extended permissions. Is there someplace else I have to specify that I don't want extended permissions?
Thanks for the help.
You might have specified a scope in the "Login with Facebook" button that requests these permissions from the user. Especially if you just copy-and-pasted an example from the documentation, this might have happened.
Check in your HTML whether you have something similar to this:
<div class="fb-login-button" scope="publish_stream">
Login with Facebook
</div>
If so, make sure to get rid of the scope attribute.
I'm having a very weird issue with user logins.
I'm building a site where all the content/menus are only available after you login.
I made a 'login' through the Modules and assign it the "userlogin" position.
Now when I go to the home page or any page, the login box comes up, but there's also a second login form. It seems to be coming from com_user.
This com_user login form doesn't work. I can't login using any credentials. If it was working I can simply remove my login module.
Is there a way I can either:
get com_user to work with normal user logins
or
disable this and so I can only see the Module login.
I can hide it from CSS, but I want to know where it's coming from.
Check the menu link which you have created should be public.
If these are not public then whenever user clicks it, he/she will be asked for login. Thats why the second login option is coming up.
My understanding was that the registration plugin allows you to use the same reg form for users not registering with Facebook as well with Facebook. However, if a user is logged into Facebook and visits the registration page the form prefills information and only gives them the option to register with Facebook. That's kind of a freaky user experience. They hit the register button on your website and it auto fills fields with Facebook info without permission. Just because a user is logged into facebook doesn't necessarily mean they actually want to create the account with their Facebook information.
Here's what I have handled so far by the registration plugin:
User is not logged into Facebook and registers via the plugin, but with my site authentication not Facebook.
User is not logged into Facebook, uses the plugin to log into Facebook, fields are prefilled and user registers via Facebook.
Here's what I dont have handled
3. User is already logged into Facebook, but may want to register with my site authentication and NOT connect the account to their Facebook account. Currently, it prefills the forms and provides them with only a register button connecting Facebook to my app.
Basically, I want the user to have to opt-in to register with Facebook even if they are logged into Facebook, but I want to use the Registration plugin form. Is this possible?
I hope that makes sense.
A user can clear the fields by ckicking the X when mouseover the name field
What you need to do is something similar to Scribd approach, where you can by default wrap and hide the "Login with facebook" button (or the registration form if the user is already logged in and connected!) and for example in your form div/container have a checkbox (a location over the flow is preferred) stating:
Register with my Facebook account
Or something more catchy and when the user clicks/checks the input the facebook DIV will slide down and used instead of your registration routine.