Suppose I'm building a login system. The user enters a username and password into a field and it is sent via HTTPS to the server, which validates the login before the page loads. If a bad password is sent, the login obviously fails immediately, but one would want the error message to be displayed later in the page, near the login box.
The obvious solution is to set a global flag and have the login box check it and add the error message if necessary, but my understanding is that global variables are best avoided. Is there another straightforward method of achieving this functionality?
For a non-AJAX login page, it is common practice to redirect the user browser to the login page with an extra query parameter in the url, In pseudo-code, here is the login validation controller code segment:
success = checkLogin(username,password)
if (success == false)
redirect('http://example.com/login?failedlogin=true')
The login page controller would be responsible for detecting this query param and telling the view code to display a failure message. I don't believe the term 'global flag' applies to this practice so it should meet your requirements.
If the login page uses Ajax, the Javascript on the login page takes the results of the AJAX call and updates the appropriate DOM elements with the failure message.
Related
I have been doing the upgrade from React-Admin v2 to v3 for a while now. I'm almost finished, but there's something that I would like fine-tune.
Using v2, when user comes to our website at domain.tld without a token, Promise is rejected and user is redirected to domain.tld/#/login. No error/warning messages are shown.
Using v3, if the same situation happens, Promise is also rejected and user is redirected to the login page, but there comes the ra.auth.auth_check_error warning message - and twice!
I understand the logic, it may be useful most of the cases to display the warning message. For example if non-logged user tries to access domain.tld/#/settings, the user should be redirected to the login page and notify, that "you must login first". But if user comes to the website first time ever, he gets redirected to the login page as supposed to, but in this case that warning message should not be displayed. In this case the user is most likely known that he/she must login before seeing any content, so there's no point to warn the user since he/she didn't do anything wrong.
I don't know how easily this could be solved. Maybe just removing the notify completely? How that can be done?
Maybe some exception would be the other solution, that if user tries to access the root, domain.tld/#/, then the warning message would not be shown. And with other routes it would be shown. How this could be done?
Can the functionality what happens after Promise.reject() be overwritten somehow?
My checkAuth in authProvider.js:
checkAuth: () => localStorage.getItem("token")
? Promise.resolve()
: Promise.reject(),
In your Promise.reject you can add a string that will be presented to the user when their authorization fails.
checkAuth: () => localStorage.getItem("token")
? Promise.resolve()
: Promise.reject("You are not authorized to view this")
You could theoretically return a different message based on what page you're on but you don't have that info in the checkAuth.
You could also build your own login page and filter the messages so that no toasts popup for the login page.
Let us say the user is on the Settings page but goes away from the keyboard for a while.
Technically the user is not authenticated but is able to "surf" his/her settings page until the user hits a page where some new data from the server is requested.
Currently, I just catch the "Unauthenticated" response and reload the page so the user gets to /login.
I'm using Laravel, but the setting page is based on Vue + Vue router. The setting is thus a single page but acts as it has many.
So how do you handle this kind of situation? Are you checking the authentication status like every 1 minute?
Whether the user is logged in or not, when I call Meteor.user() in Meteor.startup(), the user is always undefined (not logged).
I want to perform an action (redirect the user to an external url where the login must occur) if it is not logged in as soon as the page loads. The problem is that if he is logged in, the page will only know it at some point in time (in milliseconds, of course). I can trap the eventual logged in user with Tracker.autorun, but I want to perform an action now (when the user is always not logged in) and I know only after whether I need to perform it or not (maybe the user is already logged in).
How to do this in Meteor?
EDIT
I ended up with the following working:
Tracker.autorun(() => {
if (!Meteor.user() && !Meteor.loggingIn() && Accounts.loginServicesConfigured()) {
Meteor.loginWithTwitter();
}
});
Try Meteor.loggingIn()
From the docs
if a login method (such as Meteor.loginWithPassword, Meteor.loginWithFacebook, or Accounts.createUser) is currently in progress. A reactive data source.
One solution to the problem is to use the meteorhacks:fast-render package. Its inclusion causes the initial set of data to be sent along with the application code, so the user information is available immediately in the startup method.
If you don't want to use that package, you can always restructure your app so that the "now" you speak of always happen after the initial data is loaded. For example, you can move this check to the onBeforeAction callback of your root controller. This will always run before any template is rendered, assuming you also subscribe to user data in the root controller.
I have a mobile XPages application which uses the single page application control (xe:singlePageApp) of the XPages extension library. The application also uses a workflow engine which sends out emails with links to documents to users so they can approve requests.
The link URL is composed like
http://hostname/app.nsf/m_page.xsp?action=openDocument&documentId=2A2A#requestForm
where requestForm is the name of the appPage containing the form to display a single request document.
If the user is already logged in, the browser opens and displays the document as intended.
However, if the user is not already logged in, the Domino login form is displayed (session based authentication). When the user then logs in, the same XPage is opened, but to the default page (selectedPageName attribute of the singlePageApp) instead of the appPage with the pageName requestForm. The reason for this behavior is that after submitting the login form the anchor part (#requestForm) is no longer present in the URL the browser is redirected to because the #requestForm-part is never sent to the server where the redirect URL is computed in the first place.
Possible solutions I can think of are
put the intended pageName in a real URL parameter (like documentId), parse the URL and modify the browser location (from ...&documentId=2A2A&pageName=requestForm to ...&documentId=2A2A#requestForm)
check the URL for the existence of the documentId parameter and modify the browser location (add #requestForm) if it is present
modify the Domino login form as per Jake Howlett's Suggestion (which is a not always permitted)
I was wondering now if there are more elegant solutions to this.
I would take the first option in your case. But instead of handling the url change at the client-side, I would handle this on the server-side. Otherwise, client will load the initial page once and submit an additional request to the server.
On the beforePageLoad event:
var url:XSPUrl=context.getUrl();
if(url.hasParameter("pageName")) {
var pageName=url.getParameter("pageName");
url.removeParameter("pageName");
facesContext.getExternalContext().redirect(url.toString()+"#"+pageName)
}
This will do the redirection before loading the page.
I have three page which are login.asp , check.asp and admin.asp . I want to block user to access page just typing url like www.xxxxxxx.xxx/admin.asp .How ı can do that ? is there a way to check redirected page.? ı want just check.asp page can redirect to admin.asp page
I know session solution but ı want to use another one
Essentially you need to set some kind of authentication token which identifies that the user has been authenticated. This is often done with either a cookie or a session value. Then, on any page which requires authentication, you check for the existence of this token.
If the token (which can be as simple as a boolean IsAuthenticated value or an integer UserID value, or as complex as a complete User object with everything you need to know about that person, their roles, etc.) is valid, render the page. If it is not valid, redirect or display a message of some kind.
IF Request.ServerVariables("HTTP_REFERER")="" THEN
Response.write("Not accessable")
response.end
END IF
' Put this code on top of page , Request.ServerVariables("HTTP_REFERER") which gives URL of previous page. so if any one directly paste URL in browser it will be blank , so we can track by this way.