I have approximately 500 users of my dhis2 clone system, Where i need to change username of at least 400 users but when I opens Edit user window there is no option to do so, Can anyone help How can I update username of user in dhis2?
I have found solution of above problem myself, Posting answer here so that it may help others in future.
Answer: go to users list, click on an item, select replicate option, change username and password, New User will be created with new credentials.
Note: All other settings will remain same.
Now you can delete old user.
Related
From the documentation I could find out that only upon first login into my app, the users name and email will be returned with the credential. So i go ahead and save these to my backend.
Now if the user decides to delete his account, I delete all his data from my backend (thats propably what the user wants me to do. And isnt that what i have to do anyway according to some privacy laws or what not?).
Now if the user ever decides to change his mind another time and install the app, will i not be able to fetch username and email? No matter what i do? Or did I miss some kind of user.ultimateSignoutAndDelete(for: .ever) to be able to fetch userdata on his next sign in?
Maybe this scenario seems a bit constructed but when testing apple-sign-in you stumble upon that immediately.
Once you delete a Firebase Auth account, there is no way to recover any information from that account. All links between the user and your projects are gone. The user will have to create a new account.
I think i get the whole password hashing and verifying login as I got it working with php. however I need an answer and some advise and I dont mean dont eat yellow snow!! :)
I want to store the passwords of users in a hashed format, however I have a need where by I need to be able to see or use given password so I can help the customer fix there issues as a technician.
Now passwords are first created by my system then issued to customer, however users have the choice to change their passwords if they so wish.
username is also created by system.
Now that being said:
I had 2 thoughts both of which I have no idea how to do so some pointer or an answer would be great.
idea 1:
is to have a button on my site to show only the technicians the user password on demand. so they can copy and paste to the site.
Idea 2:
I was also thinking that rather than see the password. I could have some way to transfer the password into the site to create an auto login into the website.
So technician would have a button that they press and the password is sent to the site to auto login with the hashed password.
Thanks in advance.
To give technicians access to a user account, there is no need to know the users plaintext passwords. It is the job of your application to restrict access, so you can create an admin role which is able to impersonate a user.
Making passwords recoverable weakens the security of your site immensly.
Disclaimer: This is more of an Auth0 Lock question--there isn't an "Auth0-Lock" tag yet, if someone with 1500+ rep wants to create one.
Anyone know how or if there is a way to make it so Lock does not show the email/username and password fields on the login tab, as well as the email, username, and password fields on the Sign Up tab?
I figured it out. The search results from Auth0's site took me to old documentation.
Solution:
the OPTIONS object you can pass into the lockProvider accepts a property called "allowedConnections", which is an array of string values. I just had to list the connection options I wanted to be ALLOWED rather than letting it show all the connections I have available for the app.
Documentation for Lock v10:
https://auth0.com/docs/libraries/lock/v10/customization#allowedconnections-array-
The follow allows users to log in but not to sign up with a username/password:
manage.auth0.com
Connections
Database
Username-Password-Authentication
Settings
Disable Sign Ups
Sometime ago I moved a shop on PrestasShop 1.5 from one server to another. Today I tried to log in to my account, but it says that employee doesn't exist or password is incorrect.
I thought I must have changed the password than - so I used forgotten password option, but it told me that this user doen't exist...
So I logged in with my other account (without superadmin rights) to see if maybe the e-mail was wrong. But what I saw was the strangest thing: there were two employees listed: superadmin and testing account, but in the e-mail field of the superadmin account there was the value of actual database name instead of valid e-mail. I couldn't change that from admin panel because this user didn't have the rights to edit superadmin account.
But that's not all. In testing account edit form there was superadmin's e-mail inserted instead of the one i actually logged in with...
That's messed up!
So I went to my phpmyadmin to check what's going on. But there everything seems to be ok. E-mail addresses are correct. I even changed the superadmin password using this tutorial: http://paikialog.wordpress.com/2010/11/08/prestashop-generate-and-change-cookie-key/
Nothing works. But it's even worse now - testing account stopped working also. Changing it's password doesn't work. I cannot log in to admin panel at all.
What's wrong?
You may try changing the email id of the user from phpmyadmin and try forget password option from admin.
I am very curious to know some of the points regarding registration and login related points as a developer points of view. Please see below the steps for any online account which is publicly open for all,
CREATE USER ACCOUNT : Insert the data entered by user along with a column activate which default value is 0
SEND A LINK TO ACTIVATE : a link has been sent to user email at the time of registration
ACTIVATE THE ACCOUNT : user clicks over the link and the link is verified and update the column 'activate' with value 1
Why to sent a link & verifying is necessary which I supposed that is not utmost required. I asked to clients why u want such verification and i get the answer almost same e.g. checking the authenticity of the user and it'd be helpful to stop the duplicity of the user.
but practically at the time of user login, i suppose it is useless to verify each time the activate column along with password for every user.
I would appreciate if u explain the points which is very important regarding my concern.
This is really a slippery slope, but there are reasons. Obviously spam users will try to create accounts as quickly as possible, for spam reasons. Email and captcha verification will handle this.
Another is the issue of clumsy or accident-prone users that will forget their passwords, which can be worked around by email reminders/resets. Sadly, users may try to add fake email addresses(or mistyped ones) and lose access to their accounts, requiring admin intervention. Simple verification can force users to get their account into a self-rescuable state before adding any data.