How could i make a firestore cloud function trigger on user login? - firebase-authentication

Cloud functions doesn't accept onLoging by default, how can i "bypass" this limitation so i can run a cloud function every time a user gets "online".
My thought so far is to run a create document on logIn and listen to it, but what happens when the user is not login in but using his last time session?
Do i run the same post request on the isLogged function ? that function can be run many times when the application is running, so is not optimal.
is running the function on app init (angular 7) the solution here?

Only you can define what a "session" is for your app. There is no universal definition that you can use to trigger a Cloud Function. Firebase Authentication won't help with this either, since users are logged in "forever", until your code explicitly logs them out (it automatically refreshes the user's auth token every hour).
You're going to have to write your own code to figure this out by whatever specification you decide the user has "logged in" or "logged out".

You can create a function that triggers when a Firebase user is created using the functions.auth.user().onCreate() event handler:
exports.sendWelcomeEmail = functions.auth.user().onCreate((user) => {
// ...
});
https://firebase.google.com/docs/functions/auth-events?hl=en-419
but one alternative you have would be , to make a write operation in the client when user login.

Related

How to disable/enable Sign Ups for a specific application with Auth0?

Is there a way to disable or enable sign ups for a specific application which is independent of the “Disable Sign Ups”-toggle in the dashboard for login with passwordless email (Authentication/Passwordless/Email)?
Only partly.
It's possible via Pre-User-Registration Hook and/or or Rule with some caveats.
Pre-User-Registration Hooks :
https://auth0.com/docs/customize/hooks/extensibility-points/pre-user-registration
Something like this:
module.exports = function (user, context, cb) {
return cb(new PreUserRegistrationError('Denied user registration in Pre-User Registration Hook', 'You are not allowed to register.'));
}
};
Here you can just fail the registration at all times.
Problem with Hooks is that that the Pre-User-Registration Hook does not trigger for social connections / federation, only Database Connections and Passwordless.
Alternatively via Rule:
https://auth0.com/docs/customize/rules
This will always work, but the downside is that the user gets created in Auth0, they will just not be able to further proceed.
In the Rule you basically check the number of logins, if it's 0, you know that it's a new user, and block the login that follows right after user creation (signup) as well as any other time.
Example rule:
https://auth0.com/rules/disable-social-signup
Related earlier answer of mine regarding this, in the Auth0 forum:
https://community.auth0.com/t/disable-signup-from-auth0-ui-and-enable-social-login/29227/2
I just figured out I can create another 'Tenant' (from the dashboard) with a different setting for Sign Up from the dashboard :-)
You could implement a custom Universal Login SPA for sign-up/in that only allows users to sign-in. Pre-registration hook to safeguard against people bypassing the UX.

Prevent multiple login of same account (Desktop app)

I have a Desktop Application developed with python and pyqt5.
I want to implement a login system for some reasons.
the scenario will be like this (this section is done so far):
Client has created an account on my website and downloaded my desktop application.
They run the application for the first time => A login window displayed asking users to input their data.
The application made a request to URL: http://ip/api/login with a JSON object {username, plaim_pw} (the API developed with Flask).
The API will process that request and check whether that user's data inside that request exist or not and if that PW is correct or not then it will return a response.
If the user successfully logged in then every run time the app will not ask the user again about his/her data, it will be stored somewhere in their machine.
What I want is:
If user ' A' successfully Logged in with account ' X', And at the same time user 'B' trying to log in with the same account that user ' A' is using => Then I want to tell user 'B': "can't log-in at the time because another user using the same account" or something like that. in short description: only one user can use the same account at the same time.
My questions are:
How to accomplish that mechanism? is it good or bad?
I read about JWT, could it be helpful in my case? If so, Then how should I implemented it?
Here is extra information:
I don't have many APIs, I only have a route for "login" nothing more for now, And I want the login system for some reason.
And in the future, I will be using HTTPS instead of HTTP.
Once the user has logged in write this down on the server. Then the subsequent login attempt can check this. When checking consider an expiration timestamp. This can easily solve the first question. Consider looking at topics such as session management: https://en.wikipedia.org/wiki/Session_(computer_science), https://en.wikipedia.org/wiki/Session_ID.
JWT is not necessary for your scenario yet.

How do I hook up the authProvider in react-admin to use SAML?

I've tried following the sample code on the passport-saml site, and the advanced tutorial on the react-admin site for OAuth, but haven't been able to figure out what I need to do with the authProvider to get an authenticated session available in react-admin using SAML.
I can currently log into my app through OneLogin (clicking on the app in the panel) and write out the user's information (inside the passport.serializeUser function), so I know that piece is working, but I'm not sure how to get that information over to the authProvider.
The login function on authProvider is hit when you submit the form, so if I could replicate what OneLogin is sending over when I click on the app, I could probably make that call in authProvider.login and make a custom login page that submits on load rather than waiting for a submit, but that doesn't seem intentional.
What am I missing here, and is there a better option that I'm not considering?
I ended up writing a getUser function on the server and using the authProvider.login function to hit that endpoint, parse the user data off of the response, and store it in localStorage. Then logout removes the user from localStorage, and checkAuth just gets the user from localStorage.
This is working for my purposes at the moment, although eventually I will want to expire the users. Hope this helps anyone else trying to hook up OneLogin with React-admin.

Persistent User Session on React Native App

I have already implemented a user authentication, in which the user can log in again or register.
I would now like to avoid that the user must register again after each closing of the app. For this reason I have to request a refresh token at certain intervals (Max 1 hour, as long as the cookie is valid). my question: how do I do that best? the refresh should work for both open and closed apps. I saw the possibility of the React Native Background task, but apparently only runs when the app is closed.
You have to create a flag in AsyncStorage when the user is authenticated.
And then you have to check that flag each time on opening the app.
Here is the sample snippet.
AsyncStorage.setItem('loggedIn', true);
And in your app.js you can check this flag in constructor
AsyncStorage.getItem('loggedIn').then((value) => {
if (value) {
//user logged in logic goes here
} else {
// user logged out. You need to login him again
}
});
Considering that you need to persist user's login forever and still be able to refresh the token, one possible way is to store the user's credentials (username and password) in some secure storage like react-native-keychain and then refresh the token every time the user opens the app.
Or more precisely, automate the login with the credentials you stored whenever the user launches the app with the help of useEffect hook(componentDidMount).
Note: This is not a good implementation if your app uses push notifications. Push notifications demand the user to be authorized all the time.

Symfony2: log user activity

I'm new to Symfony and PHP (previously worked with C++, Java) and I can't find any solution on how to log user login and logout actions to a database. I want those specific informations:
user who took the action (via userId),
action description (login or logout),
current timestamp.
I'm looking for the simplest possible solution. I managed to successfully log information on user login by modifying function rendering user login form, but I failed miserably when it comes to logout. I know it is a terrible idea after all, but I couldn't come up with any better one. Any suggestions? Thanks in advance.
If you have a look here, it says you can define a success handler and a failure handler which you use to log stuff to your database. You can also find the handler parameters defined in the reference documentation.
Login
You would first create a service which get's the security.context and entityManager as parameters and uses both to determine which user logged in. This service is then added to the success_handler parameter and therefor called after the user logs in.
Logout
This one is more tricky I guess, as I would assume that the security.context has no information about the user anymore and you cannot use it to determine which user is logging out. You may want to look into what the handlers parameter actually is. It might be a handler which is called while processing the logout, so you could use it. Of course you might log some logouts which fail because without the success handler you cannot be sure the logout was successfull. On the other hand, maybe you can get the session id from somewhere (again, security.context maybe) and log this instead.