I am trying to get the URL from the password reset which I receive via email of the sitefinity frontend login.
I need to send the URL with the username which is enterd in the form to a server to send the email.
I already tried to override the SendResetPasswordEmail of the LoginFormModel but that only gives me the URL where the reset is located at. (localhost/login/resetpassword)
It looks like the URL is generated in the method SendRecoveryPasswordMail of the Telerik.Sitefinity.Security.UserManager which is not overridable.
Is there a way to get the generated recovery URL to use it in a custom method?
Thanks in advance
Since you already have the URL of the reset password page, I guess your issue is getting the proper query string to pass to that page.
Looking at the source code with JustDecompile, the query string is made up of this:
?vk=userValidationKeyEncoded&cp=pr
The cp=pr seems to be hardcoded, so we leave it as is, the question is how the userValidationKeyEncoded is made.
Again, looking in the code, it is this line:
string userValidationKeyEncoded = UserManager.GetUserValidationKeyEncoded(userByEmail);
And finally:
private static string GetUserValidationKeyEncoded(User user)
{
object[] providerName = new object[] { user.ProviderName, ',', user.Id, ',', DateTime.UtcNow };
string str = string.Format("{0}{1}{2}{3}{4}", providerName);
return SecurityManager.EncryptData(str).UrlEncode();
}
You can use the above code to manually generate the validationKey.
Related
I am working on a login project using ktor. I am currently using the old method with session
install(Sessions) {
cookie<LoginSession>(
"login_session",
SessionStorageMemory()
){
cookie.path = "/"
cookie.extensions["SameSite"] = "lax"
val secretSignKey = hex("000102030405060708090a0b0c0d0e0f")
transform(SessionTransportTransformerMessageAuthentication(secretSignKey))
}
}
This code is the final one,so if i remove the sessionmanager and secretsignkey, it will show in plain text it's value
The rest is simple, i am routing a get /login to show the form, and a post /validate to validate the data entered by user, then if all is ok i just set the session. The problem is that i can see the session value using inspect element -> application->cookie and i can change it's value being able to login as any user , by just knowing it's id (in the session i am storing the user id). And on the expire column it does not say sesssion. What am I doing wrong?
P.S: I've read the docs for authentication feature but I want to keep this simple idea with sessions.
Use a Ktor session transformer to transform (authenticate or encrypt) the cookie contents.
Example:
// REMEMBER! Change ALL the digits in those hex numbers and store them safely
val secretEncryptKey = hex("00112233445566778899aabbccddeeff")
val secretAuthKey = hex("02030405060708090a0b0c")
cookie<TestUserSession>(cookieName) {
transform(SessionTransportTransformerEncrypt(secretEncryptKey, secretAuthKey))
}
USing Wicket 6.17 and servlet 2.5, I have a form that allows file upload, and also has ReCaptcha (using Recaptcha4j). When the form has ReCaptcha without file upload, it works properly using the code:
final HttpServletRequest servletRequest = (HttpServletRequest ) ((WebRequest) getRequest()).getContainerRequest();
final String remoteAddress = servletRequest.getRemoteAddr();
final String challengeField = servletRequest.getParameter("recaptcha_challenge_field");
final String responseField = servletRequest.getParameter("recaptcha_response_field");
to get the challenge and response fields so that they can be validated.
This doesn't work when the form has the file upload because the form must be multipart for the upload to work, and so when I try to get the parameters in that fashion, it fails.
I have pursued trying to get the parameters differently using ServletFileUpload:
ServletFileUpload fileUpload = new ServletFileUpload(new DiskFileItemFactory(new FileCleaner()) );
String response = IOUtils.toString(servletRequest.getInputStream());
and
ServletFileUpload fileUpload = new ServletFileUpload(new DiskFileItemFactory(new FileCleaner()) );
List<FileItem> requests = fileUpload.parseRequest(servletRequest);
both of which always return empty.
Using Chrome's network console, I see the values that I'm looking for in the Request Payload, so I know that they are there somewhere.
Any advice on why the requests are coming back empty and how to find them would be greatly appreciated.
Update: I have also tried making the ReCaptcha component multipart and left out the file upload. The result is still the same that the response is empty, leaving me with the original conclusion about multipart form submission being the problem.
Thanks to the Wicket In Action book, I have found the solution:
MultipartServletWebRequest multiPartRequest = webRequest.newMultipartWebRequest(getMaxSize(), "ignored");
// multiPartRequest.parseFileParts(); // this is needed since Wicket 6.19.0+
IRequestParameters params = multiPartRequest.getRequestParameters();
allows me to read the values now using the getParameterValue() method.
I run a web service where I convert a file from one file format into another. The conversion logic is already functioning but now, I want to query this logic via Jersey. Whenever file upload via Jersey is addressed in tutorials / questions, people describe how to do this using multipart form data. I do however simply want to send and return a single file and skip the overhead of sending multiple parts. (The webservice is triggered by another machine which I control so there is no HTML form involved.)
My question is how would I achieve something like the following:
#POST
#Path("{sessionId"}
#Consumes("image/png")
#Produces("application/pdf")
public Response put(#PathParam("sessionId") String sessionId,
#WhatToPutHere InputStream uploadedFileStream) {
return BusinessLogic.convert(uploadedFile); // returns StreamingOutput - works!
}
How do I get hold of the uploadedFileStream (It should be some annotation, I guess which is of course not #WhatToPutHere). I figured out how to directly return a file via StreamingOutput.
Thanks for any help!
You do not have to put anything in the second param of the function; just leave it un-annoted.
The only thing you have to be carefull is to "name" the resource:
The resource should have an URI like: someSite/someRESTEndPoint/myResourceId so the function should be:
#POST
#Path("{myResourceId}")
#Consumes("image/png")
#Produces("application/pdf")
public Response put(#PathParam("myResourceId") String myResourceId,
InputStream uploadedFileStream) {
return BusinessLogic.convert(uploadedFileStream);
}
If you want to use some kind of SessionID, I'd prefer to use a Header Param... something like:
#POST
#Path("{myResourceId}")
#Consumes("image/png")
#Produces("application/pdf")
public Response put(#HeaderParam("sessionId") String sessionId,
#PathParam("myResourceId") String myResourceId,
InputStream uploadedFileStream) {
return BusinessLogic.convert(uploadedFileStream);
}
I want to display an asterisk (*) next to a text box in my form when initially displayed (GET)
Also I want to use the same view for GET/POST when errors are present) so For the GET request
I pass in an empty model such as
return View(new Person());
Later, when the form is submitted (POST), I use the data annotations, check the model state and
display the errors if any
Html.ValidationMessageFor(v => v.FirstName)
For GET request, the model state is valid and no messages, so no asterisk gets displayed.
I am trying to workaround this by checking the request type and just print asterisk.
#(HttpContext.Current.Request.HttpMethod == "GET"? "*" : Html.ValidationMessageFor(v=> v.FirstName).ToString())
The problem is that Html.ValidationMessageFor(v=> v.FirstName).ToString() is already encoded
and I want to get the raw html from Html.ValidationMessageFor(v=> v.FirstName)
Or may be there is a better way here.
1. How do you display default helpful messages (next to form fields) - such as "Please enter IP address in the nnn.nnn.nnn.nnn format) for GET requests and then display the errors if any for the post?
2. What is the best way from a razor perspective to check an if condition and write a string or the MvcHtmlString
Further to my last comment, here is how I would create that helper to be used:
public static class HtmlValidationExtensions
{
public static MvcHtmlString ValidationMessageForCustom<TModel, TProperty>(this HtmlHelper<TModel> helper, Expression<Func<TModel, TProperty>> expression, string customString)
{
var returnedString = HttpContext.Current.Request.HttpMethod == "GET" ? customString : helper.ValidationMessageFor(expression).ToString();
return MvcHtmlString.Create(returnedString);
}
}
And it would be used like this #Html.ValidationMessageForCustom(v=> v.FirstName, "Please enter IP address in the nnn.nnn.nnn.nnn format")
I have a simple redirect in my Spring controller as follow:
if (url != null) {
String username = request.getParameter("j_username");
if(username != null) {
username = URLEncoder.encode(username, "UTF-8");
}
url = url + (url.contains("?")? "&":"?") + "j_username=" + username;
getRedirectStrategy().sendRedirect(request, response, url);
}
The username should be prepopulated in the next form. This works fine in my local jetty and dev(Tomcat) environment (username shows up as "abc#mysite.com" correctly). But when it gets to QA which is on apache/tomcat, the username gets double encoded, it shows "j_username=abc%2540mysite.com" on the browser address bar and it shows as "abc%40mysite.com" on the form. Never seen this problem before. Any pointers? thanks.
Try using org.springframework.web.util.UriUtils.encodeQueryParam(String, String) for encoding query parameter, URLEncoder is just too generic and does not know the context you're in.