I have been doing the upgrade from React-Admin v2 to v3 for a while now. I'm almost finished, but there's something that I would like fine-tune.
Using v2, when user comes to our website at domain.tld without a token, Promise is rejected and user is redirected to domain.tld/#/login. No error/warning messages are shown.
Using v3, if the same situation happens, Promise is also rejected and user is redirected to the login page, but there comes the ra.auth.auth_check_error warning message - and twice!
I understand the logic, it may be useful most of the cases to display the warning message. For example if non-logged user tries to access domain.tld/#/settings, the user should be redirected to the login page and notify, that "you must login first". But if user comes to the website first time ever, he gets redirected to the login page as supposed to, but in this case that warning message should not be displayed. In this case the user is most likely known that he/she must login before seeing any content, so there's no point to warn the user since he/she didn't do anything wrong.
I don't know how easily this could be solved. Maybe just removing the notify completely? How that can be done?
Maybe some exception would be the other solution, that if user tries to access the root, domain.tld/#/, then the warning message would not be shown. And with other routes it would be shown. How this could be done?
Can the functionality what happens after Promise.reject() be overwritten somehow?
My checkAuth in authProvider.js:
checkAuth: () => localStorage.getItem("token")
? Promise.resolve()
: Promise.reject(),
In your Promise.reject you can add a string that will be presented to the user when their authorization fails.
checkAuth: () => localStorage.getItem("token")
? Promise.resolve()
: Promise.reject("You are not authorized to view this")
You could theoretically return a different message based on what page you're on but you don't have that info in the checkAuth.
You could also build your own login page and filter the messages so that no toasts popup for the login page.
Related
I've one trouble with my teams custom app. I'm making a custom app that return sign-in action to unlogged user when he try to use a search message extension. Now, my problem is:
How can I resume the query after the user logged?
I return to the user an auth composeExtension type that point to one route of my spa. The user make authentication and correctly return the accesstoken, but then it doesn't continue the search. I've already try call :
microsoftTeams.authentication.notifySuccess({ accesToken: oResponse.accessToken })
but it only close the opened popUp.
Please, help me. Thanks.
Whether the user is logged in or not, when I call Meteor.user() in Meteor.startup(), the user is always undefined (not logged).
I want to perform an action (redirect the user to an external url where the login must occur) if it is not logged in as soon as the page loads. The problem is that if he is logged in, the page will only know it at some point in time (in milliseconds, of course). I can trap the eventual logged in user with Tracker.autorun, but I want to perform an action now (when the user is always not logged in) and I know only after whether I need to perform it or not (maybe the user is already logged in).
How to do this in Meteor?
EDIT
I ended up with the following working:
Tracker.autorun(() => {
if (!Meteor.user() && !Meteor.loggingIn() && Accounts.loginServicesConfigured()) {
Meteor.loginWithTwitter();
}
});
Try Meteor.loggingIn()
From the docs
if a login method (such as Meteor.loginWithPassword, Meteor.loginWithFacebook, or Accounts.createUser) is currently in progress. A reactive data source.
One solution to the problem is to use the meteorhacks:fast-render package. Its inclusion causes the initial set of data to be sent along with the application code, so the user information is available immediately in the startup method.
If you don't want to use that package, you can always restructure your app so that the "now" you speak of always happen after the initial data is loaded. For example, you can move this check to the onBeforeAction callback of your root controller. This will always run before any template is rendered, assuming you also subscribe to user data in the root controller.
I followed the guide provided here by Sorcery about handling user logins with Facebook.
# callback method called by Facebook after getting the authorization by the user
if user = login_from(provider) # provider == "facebook"
redirect_to root_path #, :notice => "Logged in from #{provider.titleize}!"
else
begin
user = create_from(provider)
...
However it only requires that my users leave my site to go to the Facebook page and then get redirected here.
What I would like to achieve is what I see when using the Facebook JavaScript SDK which is a clean popup right in my page. To achieve this I followed a tutorial on Railscasts:
$('#sign_in').click (e) ->
e.preventDefault()
FB.login (response) ->
window.location = '/auth/facebook/callback' if response.authResponse
However, the authResponse only contains an accessToken and a signedRequest and a userid while Sorcery requires a code.
Is there anyway to do this properly (or get the code using the accessToken?).
However, the authResponse only contains an accessToken and a signedRequest and a userid while Sorcery requires a code.
Is there anyway to do this properly (or get the code using the accessToken?).
In the server-side flow, the code is just an intermediate step in getting the access token – app gets code, and exchanges code for an access token.
Since in the client-side flow you already get an access token when it’s finished – it does not get any more “proper” than that.
So you have two options:
either refactor your Sorcery-thingie, so that it skips the step where it gets a code and exchanges that for an access token, and directly “set” the access token yourself after getting it (wherever Sorcery might want it to be set); or
stick to the server-side flow, but open that yourself in a popup window. Then you’ll still get the code, but you’ll get it inside the popup window. So you’d have to close the popup window and maybe reload your original window yourself afterwards.
Suppose I'm building a login system. The user enters a username and password into a field and it is sent via HTTPS to the server, which validates the login before the page loads. If a bad password is sent, the login obviously fails immediately, but one would want the error message to be displayed later in the page, near the login box.
The obvious solution is to set a global flag and have the login box check it and add the error message if necessary, but my understanding is that global variables are best avoided. Is there another straightforward method of achieving this functionality?
For a non-AJAX login page, it is common practice to redirect the user browser to the login page with an extra query parameter in the url, In pseudo-code, here is the login validation controller code segment:
success = checkLogin(username,password)
if (success == false)
redirect('http://example.com/login?failedlogin=true')
The login page controller would be responsible for detecting this query param and telling the view code to display a failure message. I don't believe the term 'global flag' applies to this practice so it should meet your requirements.
If the login page uses Ajax, the Javascript on the login page takes the results of the AJAX call and updates the appropriate DOM elements with the failure message.
So i've been trying to get FB Connect working on my site, simply for login and authentication, using the Javascript SDK and following the code at:
https://developers.facebook.com/docs/guides/web/
So the button appears, i click it, a dialog pops up, i click that, presumably my site now has permission to know who i am...
Then what? The guide goes on to saying all the stuff I can access through the Facebook API, all the cool things about permissions, but presumably i need the user's ID or access token or something to get at this stuff. How is that given to me? left as a attribute on one of the elements? Left in a Javascript variable somewhere? Given as an argument to some callback? Thrown high into the heavens for me to receive via satellite downlink?
This is probably incredibly simple, but for the life of me i have not been able to figure it out. Facebook's tutorials have failed me, and so has Google. I want to get this in the Javascript, so I can immediately fill in form-data using the user's Facebook name, put a picture, etc. etc., and presumably send this all back to the server so the server can validate with Facebook that the data is real.
I'm assuming you're using the Login button? https://developers.facebook.com/docs/reference/plugins/login/
If you simply want form info, check out the registration plugin - https://developers.facebook.com/docs/plugins/registration/
However, to answer your question, make an API call to /me. For example:
FB.api('/me', function(user) {
if(user != null) {
// The user object now contains info about the logged in user
}
});
You should subscribe to the auth.login event and wrap the above API call in the successful response, i.e.:
FB.Event.subscribe('auth.login', function() {
// JS to run if when the user logs in, for example, the code snippet above
});