I am using devise_invitable in my application to invite users
https://github.com/scambra/devise_invitable
Using above plugin whenever any user is invited then that user is added in database.
User can accept invitation sent in mail and login into application.
Now, we have one more scenario in our application wherein invited user can also directly register into application with out accepting invitation.
When invited user tries to sign up into application, then validation message "User already exists" is thrown as user is already added in users table.
Can anyone please suggest best solution to allow invited user to register into application.
I don't know devise_invitable, but I think that you just have to override your Devise Controller, so that before trying to create an User, it will test its existence, and if the user has been added to the database but has never signed-in, you update its password and create a session instead of trying to create a new user with the same email !
Related
The problem is in my users table, we already have email of user existing in our DB, so we try to apply one more layer which include google SSO which allow user to log in if and only if that user have the same email in our DB. But it turn out every user can login event if they don't have one.
If user doesn't have the same email in DB, redirect back to login page.
I have 2 applications on the same Tenant.
I can configure an email template for the "Set Password" workflow on:
an Application Level
the Tenant level
When I register a new user using the UI, as far as I understood it will only be able to send the email configured on the tenant level since it won't know anything about which application the user can see until the next step when I add the registrations.
If I create a user and add registration to it right away (on the same step) then this takes the Template configured on the application level.
My questions are:
Can we do something like this through the UI interface too? My applications have a different user base (some have accounts on both) and it would be nice to be able to send them one email or the other.
Or is this only possible through the API?
If I register a user with both applications (through the API) which email do they get?
Thanks for the help!
Can we do something like this through the UI interface too?
This is not currently possible. Creating the User, and creating a User Registration are two separate steps. As you correctly stated, when creating the user in the UI, there is no context yet for an application. For this reason, the user will receive the template configured at the tenant level.
Or is this only possible through the API?
Correct. You must use the Create "User + Registration" API to do this in one step to use the application template for setup password.
If I register a user with both applications (through the API) which email do they get?
When using the API to Create "User + Registration" you can only register for one application at a time. The email is only sent during the User Create step, so if you register for a second application, the user will already exist and thus will not receive a second email.
I am using Cognito User pools and the hosted Cognito UI. I want new users to be disabled when they first sign-up.
I am trying to use a Cognito Trigger to disable the user.
The "Pre sign-up" trigger is to soon, the user has not been created yet. I have successfully used the "Post confirmation" to disable the user, however this is causing a side effect. After the user enters the confirmation code which is emailed to them, they see this message in the hosted UI "User is disabled".
Does anyone have a suggested solution on how to make the new users disabled by default?
We had a similar Business Requirement. For us we made use of a User Pool Group. This allowed the sign up and validation process to work as normal. We had the Post Confirmation trigger send our product team an email with details about the new confirmed user. We had a simple UI for the product team to add the group to a user if they should have access.
To Deny/Grant Access to the app: Our app checked the ID Token, once a user successfully authenticated, for the group (the ID Token has a 'cognito:groups' key which contains a list of all the groups the user is in). If the group was not present we displayed a page showing the user a customized access denied message
Im trying to add google oauth2 as my login method in superset. Users cant register by their own, the system admin must provide access for the user deppending on permissions/role.
When a annonymous user loged in, the system must check if the user email exist and what role is applied to him and show the user profile
I already have the google oauth2 linked in superset, i can click in the login google button the login pop apears and enter the email and pasword of an google acount. But when the login is done, it apears a message saying that the user is not authorized.
Login Page
After Login, with console error (page stays loading...)
The question is how i can associate an google user to a superset user, or register an user by this google oauth2 method with the respective role?
One thing you can do is set Flask App Builder's AUTH_USER_REGISTRATION = True and
AUTH_USER_REGISTRATION_ROLE = "some_default_role".
Then if you want to alter the registration flow, I'd recommend setting your own SecurityManager and overriding BaseSecurityManager.auth_user_oauth . I'd copy the source of that method and alter it.
I'd be great if FAB had a pre_registration hook in BaseSecurityManager for this purpose. Maybe it could receive the User object FAB is planning on creating (before it gets created) and could return a list of roles, or None if we want to abort the registration process.
I want to invite users to different events that are in my database and my user model is managed via devise.
With devise_invitable apparently every time I want to invite a user a new record is created or I get an error if the user identified by email already exists. Both is a problem in my use case since users should get access to events based on those invitations (which is handled already) and users potentially sign up to different events with different email addresses, still all should be one account.
So is there a way to convince devise_invitable to not create a new user account at the time of the invitation but only when the invitation is accepted and there isn't a logged in user?
Not really, Devise (and Devise_Invitable) was only intended as a registration for a User to a single service hence making the email address unique.
Have you thought of using Devise_Invitable purely as a registration service and just extending your User object to include a has_many EventRegistration attribute to store your event and email address combinations as you mentioned?