We are using QuickBlox's iOS SDK for chat implementation.
Currently we have only two view controllers 1). Login and 2). UserList
After successful login app moves to UserList view in this view we have Logout button.
According to QuickBlox API we have use below method for logout
[QBUsers logOutWithDelegate:self];
on button click and its delegate method :
- (void)completedWithResult:(Result *)result
{
if([result isKindOfClass:[QBUUserLogOutResult class]]) // QuickBlox User Logout result
{
// Success result
if(result.success)
{
[self.navigationController popToRootViewControllerAnimated:YES];
}
}
}
After successful logout app moves back to login screen.
Problem :
When user clicks on logout and app moves to Login screen and again if user input same user name and password then log prints
Chat App[3183:5903] -[QBChat loginWithUser:] -> return. Already logged in
How to resolve this issue ? OR What is the best practice to implement Login/Logout flow ?
According to SDK reference, exist session, simply user login and login to chat.
1) you need create session. You may create it simply:
[QBAuth createSessionWithDelegate:self];
or with extended request:
QBASessionCreationRequest *extendedAuthRequest = [QBASessionCreationRequest request];
extendedAuthRequest.userLogin = #"garry";
extendedAuthRequest.userPassword = #"garrySant88";
[QBAuth createSessionWithExtendedRequest:extendedAuthRequest delegate:self];
(If you create session with extended request, pass second action)
2) Perform simply login by
[QBUsers logInWithUserLogin:currentUser password:pass delegate:self]
3) after that for using chat:
[[QBChat instance] loginWithUser:currentUser];
For logout you should perform logout methods in back order.
[[QBChat instance] logout];
after that:
[QBUsers logOutWithDelegate:self];
and:
[QBAuth destroySessionWithDelegate:self];
Recreation of session not necessarily. You can create one session and many times login/logout.
Related
I have successfully implemented group based authorization in an MVC application by using the [Authorize(Roles = "Admin")] tags in my controller.
However, the default behaviour when a user requests a page they are not authorized to view is to redirect them to the login page. This far from intuitive, and causes too much confusion amongst users who will repeatedly try to login.
Instead I would like to display a custom screen, or at the very least have a message display on the login screen stating that they are already logged in, but with insufficient privileges.
A User.Identity.IsAuthenticated tag exists, which can be used in the base logic, but there doesn't appear to be a similar IsAuthorised tag.
How can this behaviour be implemented?
I believe you have already partly solved your problem. This because because when authorization fails, the user will be redirected to login page. Verify if the user is authenticated before displaying the login view. If they are authenticated re-direct them to appropriate page instead.The code snippet below will not display login view if the user is authenticated and the cookie has not expired. They will be redirected to "DashboardOrSomeOtherView.cshtml" instead
[HttpGet]
public ActionResult Login(string returnUrl)
{
// Before showing login view check if user is authenticated.
// If they are redirect to suitable page,
// and print appropriate message
if (ControllerContext.HttpContext.User.Identity.IsAuthenticated)
{
// You can even use TempData as additionally, to hold data here and check in
//the view you redirect to if it is not null and is true ,
// then they are authenticated and show some message,
// e.g. You have been redirected here because you do not
// have authorization to view previous page.
TempData["UserAlreadyAuthicated"] = true;
return RedirectToAction("DashboardOrSomeOtherView");
}
// If they are not authenticated , show them login view
return View();
}
In the DashboardOrSomeOtherView
<div>
<h1>DashboardOrSomeOtherView</h1>
#{
if(TempData["UserAlreadyAuthicated"] != null && TempData["UserAlreadyAuthicated"].ToString().ToLower() == "true")
<div>You have been redirected here because of inadequate authorization</div>
}
</div>
I need to logout user from my app.
I use TwitterKit/Fabric to logIn.
[TwitterKit logInWithCompletion:^(TWTRSession *session, NSError *error)
{
}];
and try to logOut with this :
[TwitterKit logOut];
the TwitterKit login set the user account in the iPhone -> Settings -> Twitter and
when I try to login again logInWithCompletion automatically the logIn the user
when I use logOut nothing happens.
Would love to hear suggestions to this problem.
[TwitterKit logOut];
It Deletes the local Twitter user session from this app. This will not remove the system Twitter account nor make a network request to invalidate the session.
ref:https://dev.twitter.com/twitter-kit/ios-reference/twitter
I'm implementing social login with oauth using the package oauth-4-laravel in my laravel application.
Following the instructions of the package I'm able to connect with facebook or with google.
Now I don't want to store user data but still I want a user to access a page only if legged with facebook or google.
I have to check if a user is logged with oauth in a route filter. Something like this
Route::filter('auth', function()
{
if (!OAuth::check()) return Redirect::guest('login');
});
How do I do that? Or should I use another method?
Typically even when you use OAuth as authentication method, your application will still have to store user_id or name, and their email isn't it? If so, you can still apply laravel authentication like so:
//After the OAuth authentication
$user = User::where('email', $email)->firstOrFail(); //$email is the email returned from OAuth
//without acessing DB
$user = new User();
$user->email = $email; //this is an eg, can be replace with whatever user's properties you have.
Auth::login($user); //login the user using laravel
//To logout user manually
Auth::logout();
//In your filters.php
Route::filter('auth', function()
{
if (Auth::guest())
return Redirect::guest('login');
});
when user tries to log in (does sign in) and forgets his password then he tries to reset his password then how does the app call Rest Password by email, since the user has not signed in-ed to Quickblox yet. Doesn't the user need to be signed in to QuickBlox in order to call an API?
just create session (without user) and reset your password
[QBAuth createSessionWithDelegate:self];
-(void)completedWithResult:(Result *)result{
if(result.success && [result isKindOfClass:QBAAuthSessionCreationResult.class]){
//success
// reset password
[QBUsers resetUserPasswordWithEmail:#"myemail#gmail.com" delegate:self];
}else if (result.success && [result isKindOfClass:Result.class]){
// you did it
}
}
User can use forget password feature if he can't login the app.
So no, user doesn't need to be signed in to QuickBlox in order to call an API.
When a user comes to my site, i used to open a new window to authenticate the user and ask for permission through my app(call it as UseCase1). But when a user is already logged-in i was trying to fetch the logged-in user info through PHP SDK so that i need not open a new window and check for the same(You will be avoiding opening a new window that closes after a while since the user is already logged in). But the getUser() method doesn't return me anything. The same method works fine when i go through the UseCase1(open new window which closes automatically).
Below is the code i am trying to use:
$facebook = new Facebook(array(
'appId' => $appId,
'secret' => $appSecret,
'oauth' => true
));
$me = $facebook->getUser();
if ($me) {
try {
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
//code to redirect to login url
// USECASE1
// use $facebook->getUser() one USECASE1 is over
// now the user info is generated properly
}
}
All the times the user is going through USECASE1(but with an empty window since user is logged in and already authenticated the app) even though he is already logged-in and already authenticated the app previously.
Any idea why this is happening
In your code, if the user is getting to 'USECASE1', then it shows that '$me' is being set, because it is getting to your try/catch.
Using $me = $facebook->getUser(); is not a test for whether a user has accepted permissions for your application yet.
I suspect that the reason for the 'FacebookApiException' Exception being thrown is because you haven't got your user permissions yet.
I'd suggest reading the authentication flow and the example PHP SDK authentication flow, see the following links:
http://developers.facebook.com/docs/reference/php/facebook-api/
http://developers.facebook.com/docs/authentication2/