Im am having problems with the remember me functionality of the grails acegi plugin (version 0.5.3)
The first time I login I check the remember me check box and login. This works. I then shutdown my browser and restart it and browse to the app. The login page is presented with the user name populated, password empty and remember me check box checked. I would have expect to navigate straight into the application (http://localhost:8080/application normally redirects to my landing page). If I try and manually login (enter password) it now doesnt work, I cant get past the login page.
Here is my login form:
<form action='${postUrl}' method='POST' id='loginForm' class='cssform'>
<p>
<label for='j_username'>Email</label>
<input type='text' class='text_' name='j_username' id='j_username' value='${request.remoteUser}' />
</p>
<p>
<label for='j_password'>Password</label>
<input type='password' class='text_' name='j_password' id='j_password' />
</p>
<p>
<label for='remember_me'>Remember me</label>
<input type='checkbox' class='chk' name='_spring_security_remember_me' id='remember_me'
<g:if test='${hasCookie}'>checked='checked'</g:if> />
</p>
<p>
<input type='submit' value='Login' />
</p>
</form>
SecurityConfig.groovy
/** rememberMeServices */
cookieName = 'grails_remember_me'
alwaysRemember = false
tokenValiditySeconds = 1209600 //14 days
parameter = '_spring_security_remember_me'
rememberMeKey = 'grailsRocks'
This is just the default generated behavior. Am I missing something simple? Do I need to manually setup rememberMeServices or something?
I have confirmed that the "grails_remember_me" cookie is being created by using the chrome developer tools. I also get this same behavior with firefox.
Any ideas? Thanks
Never really got to the bottom of this. The way I "fixed" it was by upgrading to the new spring security plugin.
http://grails.org/plugin/spring-security-core
Related
This happens on all the Scaffolded Identity Razor Pages that do not include a route parameter in the Form definition, but let's take the ForgotPassword one as an example:
Here is the form as defined on the scaffolded page:
<form method="post">
<div asp-validation-summary="All" class="text-danger"></div>
<div class="form-group">
<label asp-for="Input.Email"></label>
<input asp-for="Input.Email" class="form-control" />
<span asp-validation-for="Input.Email" class="text-danger"></span>
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
When I click the submit button, nothing happens. The browser dev tools confirm nothing happens. The page does not submit to the server. (and yes, I have entered a valid email address; if I don't, then the jquery validation correctly displays the appropriate error messages.)
But I've found that if I change the form definition to include a route parameter, as follows:
<form asp-route-unusedArg="SomeValue" method="post">
then the submit button works fine, and the form is submitted to the server. (Even though the OnPostAsync method defined by the server code does not expect a parameter at all; it is defined as public async Task<IActionResult> OnPostAsync()). The way I figured this out was to compare the form definition with that of the Login form, which was working fine, and had a route parameter for returnUrl.
What is going on here? Why is the form not submitting unless I add a route parameter?
I am using WSO2 5.2. I have created a custom UserStoreManager that extends JDBCUserStoreManager and is readonly. Here is a snippet from user-mgt.xml.
<UserStoreManager class="org.arbfile.wso2.user.ReadOnlyJDBCUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property>
<Property name="ReadOnly">true</Property>
<Property name="ReadGroups">false</Property>
<Property name="WriteGroups">false</Property>
........
</UserStoreManager>
In terms of user authentication, I'm doing user/passw verification in the doAuthenticate() method of my custom class. I'm also doing other checks like IP filtering and user account locked. I can throw UserStoreException when these other items fail. The problem I'm having is setting the appropriate error message based on certain failure conditions. I found the following link https://docs.wso2.com/display/IS500/Customizing+Authentication+Error+Messages, however the information is too vague. I need to know how to set a "new" custom error message so the authentication endpoint can pass it to the login.jsp where it is rendered. Right now I get the exact same error message no matter what error occurs.
EDIT: Adding html form code for clarity:
<form action="../commonauth" method="post" id="loginForm">
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-12 form-group">
<input id="username" name="username" type="text" class="form-control" tabindex="0" placeholder="Username">
</div>
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-12 form-group">
<input id="password" name="password" type="password" class="form-control" placeholder="Password" autocomplete="off">
</div>
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-12 form-group">
<input type="hidden" name="sessionDataKey" value='e04168f9-95c7-4b87-93af-60e1ecdc6273'/>
</div>
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-12 form-group">
<div class="form-actions">
<button class="wr-btn green-ltgr col-xs-12 col-md-12 col-lg-12 uppercase font-extra-large" type="submit">Login</button>
</div>
</div>
</form>
I am using SAML and this is the form presented for form based login on the WSO2 server. The form action is "../commonauth". The form submission with username and password appears to be going against a different web app (and not the authenticationendpoint web app). The above code comes from basicauth.jsp.
Few months ago I had exactly same requirement but could not found proper solution. I found that BasicAutheticator every time sending the same error code to login page. As a workaround I changed my flow a little and decided to customize the login app instead of customizing WSO2 error code. I know it is a wrong practice but it solved my problem. Here is how my new architecture works.
I created a library with all logic of pre authentication checks, lets name it validation.jar
Then I added this library as maven dependency to login application which is authenticationendpoint.
Created a new servlet in login app, let's name it PreValidation.java
Modified the basicAuth.jsp and instead of submitting the form to /samlsso, Submitted the form to PreValidation servlet.
In PreValidation servlet, with the help of validation.jar do all validations except authentication ( which should be the task of WSO2).
If any Validation is failed, pass the corresponding error code back to to login.jsp and show the message on screen.
If all validations are done, submit the request to WSO2 and let the flow continue.
Hope this will help you.
Once the error codes are enabled from application-authentication.xml You can edit following JSPs to display error messages.
Login failed BasicAuth:- [IS_HOME]\repository\deployment\server\webapps\authenticationendpoint\basicauth.jsp
Remaining Attempts are over :- [IS_HOME]\repository\deployment\server\webapps\authenticationendpoint\retry.jsp
Please take a look at the URL in Get request. It contains the relevant error code. Hope this helps someone.
I am working on implementing Fastlink 2.0 integration for aggregation and IAV for my application. I am able to get the oauth token for both Aggregation and IAV but when I am using it along with the required parameters to render the Fastlink landing page I am getting the response as Cannot get resource.
The steps I followed are as below:
Logged in with Cobrand username and password and got the cobrandSessionToken (e.g. 08062013_0:26fe011eff898dc0babb8b54fad90ac522e753c6e4d29b7329eeb67e57b760975a9918d8a913c83a910199e6f1b9dd15652532011100010328dad2e6b29f49b3).
Using the demo username/password got the userSessionToken (e.g. 08062013_0:d1958fca493a02fadcad93019ba44bd3563cc4cb437331c60b3df77a4e353ed2137ba641c879a6736a112d613a146438f45fc8a5f5540ffb65ec17dee42fee46 )
Using the cobrandSession token, rsession(userSession) token and 10003600 (aggregation) as finappId got the oauth token.
Using the token generated in Step 3, rsession(userSession) token generated in Step 2 and app (i.e., finappId) invoke the Yodlee Fastlink using the following url.
https://node.developer.yodlee.com/authenticate/restserver
Complete url:
https://node.developer.yodlee.com/authenticate/restserver?app%3D10003600%26rsession%3D08062013_0%3A03cfae2bd46624e71b1306cbe9730a8f92085c28657f271f9fa84bf17ccf566428be4da399c2a995e95d1c5527442735398a49d96007826b3a2af118d7b53dc1%26token%3Db3298792d5a43473fa2434ae9c6453dffd74392b4ae0608a75b40922ca3d5325%26redirectReq%3Dtrue%26extraParams%3D
Kindly help if somebody knows how to resolve this
Thanks
You need to submit this as an HTML Form post, this is not a REST GET request. This means it will not work if you just append it to the URL and try to get it.
Here is the HTML Form you can replace the respective values-
<div class='center processText'>Processing...</div><div>
<form action='<nodeURL>' method='post' id='rsessionPost'>
RSession : <input type='text' name='rsession' placeholder='rsession' value='06142015_0:9d2817f2164ef0720282fd680c882b188b776d93e4af03155b0508a09ae8e274f0caab5d2d6819bee2ec69c85044410acb356807ba69ecd3e6e28643120dab61' id='rsession'/><br/>
FinappId : <input type='text' name='app' placeholder='FinappId' value='10003620' id='finappId'/><br/>
Redirect : <input type='text' name='redirectReq' placeholder='true/false' value='true'/><br/>
Token : <input type='text' name='token' placeholder='token' value='6ea1ef4aaa1ec923aba38b911a45cbe0019a387837b0a83738ec40a8c9a24613' id='token'/><br/>
Extra Params : <input type='text' name='extraParams' placeholer='Extra Params' value='' id='extraParams'/><br/></form></div>
<script>document.getElementById('rsessionPost').submit();</script>
As advised by Apoorv, this can only be done through HTML form post. If you set redirectReq as FALSE and do a HTTP Post you will get the FinAppURL, but the url will never work. If you need to display fastLink 2.0 inside iframe you can can achieve it by setting the form target to the iframe as shown below.
<div style="visibility: hidden">
<form action="https://auyirestnode.stage.yodleeinteractive.com/authenticate/private-ausandbox16/?channelAppName=auyirestmaster" method="post" name="rsessionPost" id="rsessionPost" target="yodleeIframe">
<input style="visibility: hidden" type="text" name="rsession" placeholder="rsession" value="#Model.RSession" id="rsession" /><br />
<input style="visibility: hidden" type="text" name="app" placeholder="FinappId" value="10003600" id="finappId" /><br />
<input style="visibility: hidden" type="text" name="redirectReq" placeholder="true/false" value="true" /><br />
<input style="visibility: hidden" type="text" name="token" placeholder="token" value="#Model.Token" id="token" /><br />
<input style="visibility: hidden" type="text" name="extraParams" placeholer="Extra Params" value="#Model.ExtraParams" id="extraParams"/>
</form>
In Prestashop I am doing a module. In that module I have view file(smarty template). In smarty I am doing form so that user can submit the form from frontend. Now when user makes fill the form and clicks on submit then the form should save all the vales to thae database. So for that in smarty I made a form like this
<div id="content" class="form-wrapper" >
<div class="form-content">
<input type="text" id="name" name="name" placeholder="Name" /> <br />
<input type="text" id="email" name="email" placeholder="email"/> <br />
<input type="text" id="phone" name="phone" placeholder="Phone Number"/> <br />
<input type="submit" name="submit-query" id="submit-enquiry" value="submit" />
</div>
</div>
and in the file where the values will be submitted I have made my code like this
<?php
include '../../../config/settings.inc.php';
include '../../../config/defines.inc.php';
include '../../../config/config.inc.php';
include(dirname(__FILE__).'/../../../../init.php');
if(Tools::getValue('submit-query')) {
$this->_html .=$this->displayConfirmation($this->l('Settings updated successfully'));
}
else {
$this->_html .= $this->displayError($this->l('You Have Some Errors'));
}
?>
Now when doing click on my submit button It is showing error like this
Fatal error: Using $this when not in object context in file.php on line 11
Now can someone kindly tell me what is the issue here and how can I make a form in smarty for frontend users so that they can submit the form and the value will be stored to the database. Any help and suggestions will be really appreciable. Thanks
First I would recommend to do the processing inside of your module, e.g. in init() function, you can get your module link using $this->context->link->getModuleLink('myModuleName'); and add it to the form action attribute, all variables can be assigned using $this->context->smarty->assign().
Storing values in database is quite a wide question. You have to provide some more details about it.
Check some tutorials from Prestashop e.g. Creating a Prestashop Module. You will find most of your answers there.
I am using Expression Engine 2. I wanted to create a simple members only section. I've created the relevant permissions using membership groups and I have implemented rights to certain pages for the membership groups.
I have used the login form tag (http://expressionengine.com/user_guide/modules/member/index.html) to create my login form. However when I log in, it just does nothing. I believe it was working before as the site was tested, signed off and in use a few months ago, but now the login form does not seem to work at all. It just submits back to the page without logging in. If I login via admin, it all works, so it is only the login form on the website!
The code in my EE page template is as follows:
{if logged_out}
{exp:member:login_form return="site/index"}
<label>Username:</label>
<input type="text" name="username" value="" maxlength="32" />
<label>Password:</label>
<input type="password" name="password" value="" maxlength="32" />
{if auto_login}
<p><input class='checkbox' type='checkbox' name='auto_login' value='1' /> Remember me</p>
{/if}
<p><input type="submit" name="submit" id="submit" value="Login" /><br />
Forgot your password?</p>
{/exp:member:login_form}
{if:else}
<p>Logged in: {username}<br />
Log out</p>
{/if}
I'm grateful for any help as to what to check, or any tips to resolve this. Thanks.
It could be the difference between viewing the site with/without the www prefix.
eg:
www.mysite.com = logged out
http://mysite.com = logged in
Check the site url in general preferences.