Yii-User and Yii-eauth integration - authentication

I am trying to put together an application using yii-user and yii-eauth extensions but I am coming up short. When I create a new webapp and install eauth I can get it to work fine so I know that I am not doing anything wrong on that end. I think the problem lies with my urls. This is a demo of what it is supposed to be like: http://nodge.ru/yii-eauth/demo/login. When someone clicks on say google it should bring you to the google sign in page but on my application I am getting a 404 error that states "The system is unable to find the requested action "login"." The url for this is user/user/login/service/google_oauth whereas the url should read user/login/service/google_oauth. Upon typing this into the browser manually I am redirected to the right page.
So I took a look into the EAuthWidget.php class to see if I could find out where it was getting that extra "user" from but I could not figure it out. I think it may have something to do with the fact that I have this in the user module which is in the /modules/user directory in my webapp. I also tried to use the URLManager to point to the right address but with no luck.
Does anyone have any similar experiences setting this up? Or any suggestions?

You just need to change the widget initialization code in your view(namely change the action property of the widget), somewhat like this:
<h2>Do you already have an account on one of these sites? Click the logo to log in with it here:</h2>
<?php
$this->widget('ext.eauth.EAuthWidget', array('action' => 'login'));
?>
Just to add, keep in mind that this action depends on which view you are including this widget, if the view is protected/views/site/login.php (which is yii's default site login view) then action should be able to go to the yii-user module's login action, so it'll be : 'action'=>'/user/login' , however if you are including this widget in yii-user's protected/modules/user/views/user/login.php then the action will be 'login' as already mentioned.

Related

Auto login to website using script or bookmark

I've been trying to figure this out using various different methods. I'm trying to create a script/bookmark or some type of quick action to open a browser tab or window with a specific URL, and automatically log me in using my credentials. I'm not all that concerned about security for this at the moment.
At first I figured I'd try to use a javascript bookmark to do this, but nothing I found in my research worked. Next I tried to create a bash script, but I couldn't figure out how to send the credentials in via the terminal. Most recently, I literally copied the source code of a site, created a local file and tried to hack together something where I could prefill the form data with credentials and use JS to submit the form, and I've gotten close with this, but for some reason when I use the JS submit function, it errors out and says that the username and password are invalid. But when i turn off the submit function and manually click "log in" on my local html page, it works as expected. I want this to be a one click process, so the idea of using onload/submit or something to that affect is really important to me.
The site I'm testing with has a Rails backend and my next attempt might be trying to use POST to do what I'm thinking, but that's currently outside of my level of knowledge on the subject.
Anyone answering: i do not want to use a password manager to accomplish this.
My requirement is that i will either be able to a) run a script or b) use a 1-click option to do this per website. Ideally i'd be able to set this up in a sort of programmatic way to do this with multiple sites, but I'd be happy with 1 at the moment.
i know similar questions have been answered before, but I haven't been able to use information from those posts (the ones I've seen anyway) to figure out a good way to do this.
Create a bookmark for the current page you have opened.
Edit the bookmark
Change the value for the URL to something like this.
(javascript:(function(){CODE_GOES_HERE_FROM_BELLOW})();
find the field for username and password on the page.
Given example for hotmail
var inputs = document.getElementsByTagName('input'); for(var i=0;i<inputs.length;i++){if(inputs[i].name === 'passwd'){inputs[i].value = 'YOUR_PASSWORD'}else if(inputs[i].name === 'loginfmt'){inputs[i].value = 'YOUR_USERNAME'}}; document.getElementById(document.getElementsByTagName('form')[0].id).submit();
OR
try out casperjs.
The proposed solution didn't work for me and rather than spending tons of time installing a testing framework that I'll never use other than for this purpose, I decided to try to do this another way.
First, I found out that the reason my JS wasn't working before is because the site did not allow a JS submit to be done, or atleast that's what it seemed to be when I got this error: "Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience"
The javascript I was using was in fact working, just not submitting. I used the following code to fill the fields (using "Class Name" elements on the page since there was no name or ID):
document.getElementsByClassName('username')[0].setAttribute('value', 'user');
document.getElementsByClassName('password')[0].setAttribute('value', 'password');
As I mentioned, the problem was when I tried to use JQuery to submit the form: document.getElementsByClassName('loginForm')[0].submit();
Which is when the above error cropped up. I can't really say for sure whether this is the root of the cause, but the page does submit, but I get an invalid username/password error when I do
I haven't figured out a great way to get around this just yet, but my short-term, "hacky" solution was to use Applescript to send a return keystroke to the browser to submit the form. I'd ideally like to figure out how to get the submission to work using JQuery, but I'm not sure how to get around it.

block redirect link to login in joomla and add a popup instead of that

In joomla the default function if a guest clicks a link with a registered access level, is to redirect guest to the login page.
Is there a way to show a popup instead, for all of registered access level links?
For example it redirects to
your.com/login.html
But i want to show a login-button before the guest is redirected.
I found another template where it works like this, but it wont work in my own template. How can I do it in my template?
if(JFactory::getUser()->guest) {
//do user logged out stuff
}
else {
//do user logged in stuff
}
There is no simple fix. The problem is that when it is added, you dont really have information about where a link leads to. If you create an article that is public, and you add a link to an article that is restricted, then joomla does not check this when you add the link.
In the event that joomla can know this beforehand, like restricted menu items, or listing of article links in a category, restricted links will not be displayed to a guest user.
If you want to try to change the behaviour like you want to, then I would consider in what situation this actually happens. If it is links in articles that is the main problem, then the best would be if the editors, when adding links to restricted content, also added a predefined class or something to this link. Then use JQuery to disable the link and display a popup on click. A similar approach could be used in other contexts.

Yii CAPTCHA url is broken

I want to create an AJAX-registration form on my Yii-project. So on every page I have a login-button, which shows a popup if the user isn't authorized. In that popup he can see registration form with email field, password field, and CAPTCHA (default Yii captcha).
So, my model for user's registration is User. There is a validation rule:
array('code', 'captcha', 'allowEmpty'=>!Yii::app()->user->isGuest),
My controller, where all user's actions are, is User (url: site.url/user/) and I added there captcha action:
'captcha'=>array(
'class'=>'CCaptchaAction',
'backColor'=>0xFFFFFF,
'foreColor'=>0x000000,
),
In my next code:
$this->widget('CCaptcha', array(
'clickableImage' => true,
'showRefreshButton' => false,
))
And here is a problem:( Being inside a popup, which can be shown on every page (index page, for example, which belongs Main controller) captcha wants to load an image from that controller (from /main/captcha, not /user/captcha).
Adding captcha in every controller is bad idea, so I added
'captchaAction' => '/user/captcha',
But after that captcha wants to load from an url
http://site.loc/user/captcha/v/4fe99aca1bbed
User-friendly url's crashed captcha and I can't avoid it (as I think, not being a yii-expert, it's because of common path-config).
Is there an easy solution to solve this? Should I repair URL's or re-configure CAPTCHA?
So, while I was waiting for help, I solved the problem by myself :)
In my project i separated my controllers into the next hierarchy:
/frontend
/backend
All controllers for common users are (of course) in Frontend section, including UserController and MainController.
Yes, I wrote some configs to hide /frontend/ in URL's like this:
'<c:\w+>/<a:\w+>' => 'frontend/<c>/<a>',
And i was sure, that string in my CAPTCHA config ('captchaAction' => '/user/captcha') knows where to go (and it was almost so!), but NO!
I should write FULL PATH to my controller and action like below:
'captchaAction' => '/frontend/main/captcha',
As I said in question, I placed my CAPTCHA action in UserController, but now you can see it is located in MainController (i deleted it from UserController)
And I got an error:
CCaptchaValidator.action "captcha" is invalid. Unable to find such an action in the current controller.
So, to solve this, I just had to use a property captchaAction of CCaptchaValidator in my User MODEL! Code:
array('code', 'captcha', 'captchaAction'=>'/frontend/main/captcha', 'allowEmpty'=>!Yii::app()->user->isGuest)
So, now my AJAX Captcha validation works correctly where I want.
Good luck with Yii's default CAPTCHA, dear community!

PrestaShop - Reload CMS page with additional parameters

Situation: I needed to add form with POST method to CMS page. I created custom hook and a module displaying the form successfully. Then I need to react to user input errors eg. when user doesn't enter email address I need to detect it, display the whole page again together with the form and with "errors" in user input clearly stated.
Problem: The problem is to display the WHOLE page again with connected information (eg. about errors etc.). In the module PHP file when I add this kind of code,
return $this->display(__FILE__, 'modulename.tpl');
it (naturally) displays ONLY the form, not the whole CMS page with the form.
In case of this code,
Tools::redirectLink('cms.php?id_cms=7');
I can't get to transfer any information by GET neither POST method.
$_POST['test'] = 1;
Tools::redirectLink('cms.php?id_cms=7&test');
I tried to assign to smarty variables too
$smarty->assign('test', '1');
(I need to use it in .tpl file where the form itself is created) but no way to get it work.
{if isset($test)}...,
{if isset($smarty.post.test)}...,
{if isset($_POST['test'])}... {* neither of these conditionals end up as true *}
Even assigning a GET parameter to url has no impact, because there is link rewriting to some kind of friendly url I guess, no matter I included other argument or not. ([SHOPNAME]/cms.php?id_cms=7&test -> [SHOPNAME]/content/7-cmspage-name)
My question is: is there a way to "redirect" or "reload" current page (or possibly any page generally) in prestashop together with my own data included?
I kind of explained the whole case so I'm open to hear a better overall solution than my (maybe I'm thinking about the case in a wrong way at all). This would be other possible answer.
The simplest method would be to use javascript to validate the form - you can use jQuery to highlight the fields that are in error; providing visual feedback on how the submission failed. In effect you don't allow the user to submit the form (and thus leave the page) until you're happy that the action will succeed. I assume that you will then redirect to another page once a successful submission has been received.
There's lots of articles and how-tos available for using javascript, and indeed jQuery for form validation. If you want to keep the site lean and mean, then you can provide an override for the CMS controller and only enqueue the script for the specific page(s) you want to use form validation on.
If the validation is complex, then you might be best using AJAX and just reloading the form section of your page via a call to your module. Hooks aren't great for this kind of thing, so you might want to consider using an alternative mnethod to inject your code onto the cms page. I've written a few articles on this alternative approach which can be found on my prestashop blog

Detecting Facebook canvas in Rails app

I'm using a before_filter to detect the signed_request query string Facebook generates when a user is referred to a canvas app.
Then, I set session[:canvas] = true and test for that when I need different app logic based on whether the user is in the canvas or on the native browser app. The problem is that if the user, for any reason, leaves the canvas and navigates to the browser-based app, the session[:canvas] variable is still set to true.
Is there a better way to detect the difference between the canvas and the native browser app?
I personally like to use an "alias" url for the Facebook app, e.g. use fb.mysite.com instead of www.mysite.com in the app settings and set things up so that the two domains point to the same place. Or something similar can be done with directories, e.g. www.mysite.com/fb/ pointing to the same place as www.mysite.com/ but giving an easy way for the code to determine if it's a direct access or from an app.
Using a session can work too, but you have to add an additional javascript check in the case you are currently in "app mode" (canvas==true). The javascript just checks to see if the page is inside an iframe, and if it is not then it redirects to something like www.mysite.com/thispage?app=0. Your pages should check for the app=0 parameter and clear the session if present (or set canvas=false). This way, if a user starts out inside Facebook but then visits your site directly, things automatically get adjusted correctly.
Instead of storing this information at the session, check for the existence of the signed_request parameter, if there is no parameter, it possibly means the user is not inside the facebook app anymore.
I might be completely wrong, but doesn't Facebook access your canvas content by a POST instead of a GET request? Wouldn't that be the easiest way to distinguish where the request came from?