i'm just trying to check user entitlements for user subscription data from bloomberg api's data feeds.
For this i tried to run Bloombergs example "EntitlementsVerificationSubscriptionExample". As it seems to be working at first sight, on second sight i recognized, that there aren't any entitlements for the data i receive from the api.
that means:
public void processSubscriptionDataEvent(Event eventObj, Session session)
{
foreach(Message msg in eventObj)
{
bool needsEntitlement = msg.HasElement(Name.GetName("EID"));
}
}
is always 'false', as there is never a field called "EID" available.
Is there something wrong on bloomberg service site or better, is there any kind of documentation available, how to use user entitlements within data subscriptions?
thanks in advance,
First, you need to subscribe to the "EID" field, as it's not returned by default.
If the field either is not returned in the message, or had Null value, then that means data in this message does not require entitlements. Otherwise, call the following function and pass the EID value:
bool bEntitled = userIdentity.hasEntitlements(EID);
Function return value indicates whether user is entitled or not.
Data that does not require entitlements can be shared with users who are registered in EMRS (in case of B-Pipe), or with any terminal user within the firm (in case of SAPI) with no further entitlement check. Users who are not registered in EMRS or those who are non-terminal users should not have access to either B-Pipe data, or SAPI data, respectively.
Related
I receive an error in the emulator when I try to check for a custom claim field that does not exist on the request.auth.token object when checking storage.rules. The request fails which is correct if the property is missing but I am concerned about the error.
function isPlatformVerified() {
return request.auth.token.platformVerified == 'ok';
}
and this is the error shown in the emulator:
com.google.firebase.rules.runtime.common.EvaluationException: Error: /Users/marcel/git/dev/storage.rules line [68], column [14]. Property platformVerified is undefined on object.
I wish to check if the custom claims has this property and if it has that it contains the correct value. How do I do this without getting an error (or can I ignore this??)
Many thanks
Most likely the custom claim hasn't propagated to the client and rules yet.
Custom claims are part of the token that the client sends with its requests, and that token is only auto-refreshed once per hour. So it may take up to an hour before a new claim shows up in the client, and thus in the security rules.
You can force a refresh of the ID token on the client by calling user.reload(), to ensure that the new claims will be present before the auto-refresh.
I'm trying to wrap my head around Elm. I have experience in Haskell, and a bit of Erlang.
I want to complete the following exercise:
User is shown a login form
On submit, the frontend makes a request to localhost/auth to try and receive an auth token.
On success, the homepage is shown, which fetches some data.
On failure, the login screen displays an error.
This is quite basic, but hopefully complex enough to model the behaviour of a real webapp.
My first problem is with the Model. I only need the data if the client is authenticated. Should I wrap this in something similar to a Maybe monad?
type Model
= NoAuth String String
| AuthFetching
| AuthFailed err
| AuthSuccess String
And then the login screen can display a spinner, and error, or redirect to a new page.
This feels like it ties the rest of the applications state to the authentication state. Although is is "correct", it feels wrong to have the whole model be a (variant type?) with only one record.
It "feels" more correct to have the model like so:
type FetchStatus
= Loading
| Success val
| Err err
type Model =
{ token : RequestStatus String
, data : List number
}
But whenever you update the model, you now need to check if token is still present - i.e. pattern match within the record. In the first example, you only needed to pattern match on the whole model, which is a bit simpler.
And to hold the login form state, I'd need to add extra fields:
type Model =
{ token : RequestStatus String
, data : List number
, username : String
, password : String
}
Which feels incorrect because the password should not be held in memory after login. I'd hold these in records, but I cannot use records in custom type declarations.
All in all, I'm a bit confused. Can someone please shed some light on the most "correct", idiomatic way to do this?
All authorization related stuff should be handled on the backend side. Elm's job is only to display what server has sent to it. In my opinion the first option you proposed is the best for such a little example, but in more real-life application the typesystem would be more complex:
type LoginForm =
{ username : String
, password : String
}
type Activity
= Login LoginForm
| LoginSuccess
| LoginFailure String
type Model =
{ loggedUser : Maybe String
, activity : Activity
, ...
}
You don't need (and shouldn't) keep password on frontend. You also shouldn't perform any authorizations on the client side, as the client may easily replace any script in his browser. The backend will track whether the user is logged in by eg. session cookies. In this scenario even if the loggedUser value is set to Just "someguy" and "someguy" is not marked as logged in the server database, any action that requires authorization shall fail.
Summarizing, handling login and giving permissions to access any content is a job for backend. Elm is frontend language, so it's only purpose here is to display things.
During some testing I applied SID value 0x01050000000000051500000085E77E2F11C35F7307E53B2B531D0200 of a system account received from SUSER_SIDfunction to User Mapping of a certain Login object in SSMS. Now based on that I cannot get rid of it as I keep getting an error message Value was either too large or too small for a UInt64 no matter what I enter or erase. I would appreciate if somebody would know how to get rid of a certain User Mapping either via UI or code specially when I encountered such an error message, thank you
Your actions were:
Open login properties of some windows login
Changing the corresponding user for some database to sid (why on the erth did you map the login to the user named as sid???)
This corresponds to the following code:
alter user... with name = [0x01050000000000051500000085E77E2F11C35F7307E53B2B531D0200];
Now you want to do the inverse action, so you need to execute this code:
use CDR_MDS;
alter user [0x01050000000000051500000085E77E2F11C35F7307E53B2B531D0200] with name = NAME=[GROUP\gg ORG RAACO MS BI Team];
I am debugging confirmation email flow when signing up a new User in Asp.Net Core web application with Identity Server 4.
Since I had already signed up with my actual email, to reuse it, I modified the UserName and Email in AspNetUsers table using SQL Update to some random value.
Now when I am signing up with the original email again. I am getting a duplicate user error
result = await _userManager.CreateAsync(user, model.Password);
I have already:
Cleared browser cache.
Closed local IIS Express
Restarted Visual Studio.
Used_userManager.DeleteAsync() after updating the UserName and Email back to original values but this gives an Microsoft.AspNetCore.Identity.IdentityError with description Optimistic concurrency failure, object has been modified.
On running this query on Sql Server
select * from INFORMATION_SCHEMA.COLUMNS where COLUMN_NAME in ( 'UserName' , 'Email')
I get the following:
I know that this is not a good practice to mess with backend, but this is development environment and I could continue my work with another email.
I would request readers to help in understanding how the User could be safely scorched to be able to reuse the email.
Appreciate your time
I agree with Kyle's comment and to further speed up your debug process you should note that if you use gmail to do this you can debug this process using one email.
from google/gmails perspective myaccount#gmail.com == my.acount#gmail.com == m.y.a.c.c.ount#gmail.com etc etc just try it out, google disregards all period characters in the email. you can enumerate/exhaust ~2^8 emails (in this example) if you just enumerate through the local-part of the e-mail address. but from your applications side, myaccount#gmail.com is not the same as my.account#gmail.com, ie they are different user accounts. Basically you can use one email to test out this feature of yours without having to delete the user.
Here is how I did it and finally got passed the pesky "concurrency failure" error message... This works in ASP.NET CORE 2.2
Obtain the user object through the FindByName method first.
Remove the user from their assigned Role (in this case I hard coded "Admin" because that is the role I'm interested in but fill in your own), then delete the user.
//Delete user.
//Obtain the user object through the FindByName method first.
//Remove the user from their assigned Role, then delete the user.
var userManager = serviceProvider.GetRequiredService<UserManager<ApplicationUser>>();
ApplicationUser delAppUser = new ApplicationUser
{
Email = "SomeEmailForindividualAdminUser",
UserName = "SomeUsernameindividualAdminUser"
};
Task <ApplicationUser> taskGetUserAppUser = userManager.FindByNameAsync(delAppUser.UserName);
taskGetUserAppUser.Wait();
Task<IdentityResult> taskRemoveFromRoleAppUser = userManager.RemoveFromRoleAsync(taskGetUserAppUser.Result, "Admin");
taskRemoveFromRoleAppUser.Wait();
Task<IdentityResult> taskDeleteAppUser = userManager.DeleteAsync(taskGetUserAppUser.Result);
taskDeleteAppUser.Wait();
I want to display a list of currently logged-in users in an app. I want to use Laravel Auth method. I'm looking at the API and I cannot find anything like it.
I would probably need to loop through the sessions store and then match it to a user ID. Am I right?
UPDATE: Forgot to mention, I'm storing sessions in the DB.
"Currently logged in" is something you can't do with plain old sessions. Let me explain why:
A session is a bunch of data stored at server side which is assigned to an user through a cookie. That cookie remains on user browser and so it keeps the session active. Sessions can stay "alive" months without the user even logging in.
But, it's possible to store sessions on database.
As you can see, Laravel keeps a field called last_activity and, through that field, you should be able to retrieve all sessions that had activity within the last 15 minutes (or something else, you call it).
When your retrieve those records, the data field is a serialized representation of session data. You can unserialize($session_record->data) and retrieve the user id.
Depending on your Auth driver, session's user id may have different names:
For eloquent driver, it should be eloquent_login.
For fluent driver fluent_login.
For your Custom\AuthClass, it should be called custom_authclass_login.
Assume that all http requests from logged in users are passing auth middleware, we can override terminate function like following:
public function terminate($request, $response)
{
Auth::user()->save();
}
Then a query like User::where('updated_at', '>', Carbon::now()->subMinutes(12))->get(); will bring all logged in user, where 12 is the lifetime of session.
Of course, for real time, we should use ajax calls every 5 seconds or websockets via pusher or other.
First create a table where the logged in user's id will be inserted
Schema::create('active_users', function(Blueprint $table)
{
$table->increments('id')->unsigned();
$table->integer('user_id')->unsigned();
$table->foreign('user_id')->references('id')->on('users')
->onUpdate('cascade')->onDelete('cascade');
$table->timestamps();
});
Then in yourcontroller insert data while logging in
if (Auth::attempt($credentials)) {
DB::table('active_users')->insert(array('user_id' => Auth::id()));
}
and delete the data while logging out
DB::table('active_users')->where('user_id', '=', Auth::id())->delete();
Print the online users list in your view
<ul><strong>Online Users</strong>
<?php $online_users = DB::table('active_users')->where('user_id','!=',Auth::id())->get(); ?>
#foreach($online_users as $online_user)
<li>{{User::find($online_user->user_id)->first_name}}</li>
#endforeach
</ul>