Let us say the user is on the Settings page but goes away from the keyboard for a while.
Technically the user is not authenticated but is able to "surf" his/her settings page until the user hits a page where some new data from the server is requested.
Currently, I just catch the "Unauthenticated" response and reload the page so the user gets to /login.
I'm using Laravel, but the setting page is based on Vue + Vue router. The setting is thus a single page but acts as it has many.
So how do you handle this kind of situation? Are you checking the authentication status like every 1 minute?
Related
I have a mobile XPages application which uses the single page application control (xe:singlePageApp) of the XPages extension library. The application also uses a workflow engine which sends out emails with links to documents to users so they can approve requests.
The link URL is composed like
http://hostname/app.nsf/m_page.xsp?action=openDocument&documentId=2A2A#requestForm
where requestForm is the name of the appPage containing the form to display a single request document.
If the user is already logged in, the browser opens and displays the document as intended.
However, if the user is not already logged in, the Domino login form is displayed (session based authentication). When the user then logs in, the same XPage is opened, but to the default page (selectedPageName attribute of the singlePageApp) instead of the appPage with the pageName requestForm. The reason for this behavior is that after submitting the login form the anchor part (#requestForm) is no longer present in the URL the browser is redirected to because the #requestForm-part is never sent to the server where the redirect URL is computed in the first place.
Possible solutions I can think of are
put the intended pageName in a real URL parameter (like documentId), parse the URL and modify the browser location (from ...&documentId=2A2A&pageName=requestForm to ...&documentId=2A2A#requestForm)
check the URL for the existence of the documentId parameter and modify the browser location (add #requestForm) if it is present
modify the Domino login form as per Jake Howlett's Suggestion (which is a not always permitted)
I was wondering now if there are more elegant solutions to this.
I would take the first option in your case. But instead of handling the url change at the client-side, I would handle this on the server-side. Otherwise, client will load the initial page once and submit an additional request to the server.
On the beforePageLoad event:
var url:XSPUrl=context.getUrl();
if(url.hasParameter("pageName")) {
var pageName=url.getParameter("pageName");
url.removeParameter("pageName");
facesContext.getExternalContext().redirect(url.toString()+"#"+pageName)
}
This will do the redirection before loading the page.
I am building a basic login page using the existing sign-in portlet.
I just want to have a functionality that when a user access the website, right now localhost:8080, the sign-in portlet should pop up!
Is this doable? If so, Can someone please hint me how this can be done?
This is how the default page looks like right now:
To log in, I have to explicitely click on the "sign-in" blue button and then it pops out a modal sign in portlet.
But what I am trying to do here is:
Whenever a user clicks on the default url, it should immediately ask the user to login rather than showing a blank page with a sign-in button (something like the output image)
Or even a modal sign-in box (Whatever is easy to customize.)
and
Whenever a user hits any other url for eg. localhost:8080/web/project1/home and if the user is not signed in, it should force him to sign in first.
Two possibilities out of the box:
place nothing but the sign in portlet on the homepage, appearing at that location (typically /web/guest/home)
protect your default page to be not visible to the guest user (this will automatically forward to the sign-in portlet) - see the "Permissions" button on the "Manage Pages" interface
There are more, but these seem to be the first and most obvious ones. Let me know if one of them works for you or what the reason for your request is
From what I understand, you want the Login Portlet to popup as a modal window/lightbox on the current page (i.e. without leaving the page). AFAIK, to achieve this, you'll have to develop all your portlets to use AJAX to create links that point protected resources. So when you get an unauthenticated request, you can stay on the same page and show login dialog.
This is high-level approach. You'll need to 1) embed the Login portlet in your theme and 2) put the below javascript functionality in Theme:
callback function - to handle response for unauthenticated request,
to render modal/lightbox
You might face surprises while implementing this.
I am in the middle of making an app using a PHP web service to log users in/authenticate their credentials.
I am using localStorage (part of phonegaps local storage API) to ensure the user doesnt have to keep logging in when they open the app. This is done by storing the username and password on local storage and checking it when the app opens. If they feel the need to log out I have a simple logout button binded to a tap event which clears their local storage.
$( '#logout' ).live( 'tap',function(event){
window.localStorage.clear();
$.mobile.changePage("#loginPage", {transition: "none"});
});
BUT... when logged out, they are still able to click the back button on the phone and get into the secure area, which doesnt make sense because the "welcome, (username)" part is all messed up etc...
Im wondering if there is a way to ensure that what ever page they open does some sort of check to make sure theyre logged in??
Bind into the pagebeforeshow event of the pages to check if the user is logged on - check if credentials are present in local storage.
If user is not logged on you can either call preventDefault to stop the pageChange or better redirect the user to a loggedOffPage by modifying the toPage passed into the handler.
Refer the Page change events section on JQM Events page.
A customer wants to have its Plone site behave like this:
the main page can be seen by anonymous users
you have to be registered and authenticated to see any other page
the site is open for registration, so the forms to authenticate and register should also be made visible by anonymous
How one can approach this?
Is there a way to hook a python script/class/method/function to any request made by the user? Overriding the main_template.pt and adding a TAL call to a method that does these checks would be enough?
The tricky part is that even if the anonymous can only visit the main page, the main page in itself is made up of other content types which should be only viewed by authenticated users (by their restrictions, not because of workflow).
I ruled out, maybe a mistake?, workflow because then everything should be made private but still the global_nav is made out of folders which, if the workflow approach was taken, should be private/non-viewable by anonymous.
Cheers,
Try this:
add a state internally published to your workflow
copy permissions configuration from the "public" state into the new state and than remove the "View" permission from the Anonymous User (maintain the 'Access content information', that's the key). Then add all needed transitions.
put your home page in "public" state
put everything else in 'internally published' state
This should work because if you link content's information in the homepage, this will work, but if someone try to access a content he will miss the "view" permission and will be redirected to the login.
Suppose I'm building a login system. The user enters a username and password into a field and it is sent via HTTPS to the server, which validates the login before the page loads. If a bad password is sent, the login obviously fails immediately, but one would want the error message to be displayed later in the page, near the login box.
The obvious solution is to set a global flag and have the login box check it and add the error message if necessary, but my understanding is that global variables are best avoided. Is there another straightforward method of achieving this functionality?
For a non-AJAX login page, it is common practice to redirect the user browser to the login page with an extra query parameter in the url, In pseudo-code, here is the login validation controller code segment:
success = checkLogin(username,password)
if (success == false)
redirect('http://example.com/login?failedlogin=true')
The login page controller would be responsible for detecting this query param and telling the view code to display a failure message. I don't believe the term 'global flag' applies to this practice so it should meet your requirements.
If the login page uses Ajax, the Javascript on the login page takes the results of the AJAX call and updates the appropriate DOM elements with the failure message.