I don't want to use the AuthController way of creating a login form, because I'm building a website for backend administrators. There won't be any registration needed. (That controller I will use in the future for users login and registration)
How do I actually compare the inputted login data from the form with the rows in my database?
Everything else, beside that, seems to work perfectly in my login mechanism.
To validate a users credentials, use Auth::attempt()
if(Auth::attempt(['email' => $email, 'password' => $password]))
{
// redirect
}
Of course, the email and password are supplied by your user in the form.
You might also want to "remember" the user. That's the attempt() methods second argument
Auth::attempt(['email' => $email, 'password' => $password], $remember)
Remember, you will miss out on stuff like ThrottlesLogins that's added to the default authentication method. But you can of course add that to your own method.
Use the trait Illuminate\Foundation\Auth\AuthenticatesUsers in your relevant controller.
Alternatively, use the code in the postLogin method of the above trait as a template to create your own authentication code.
Related
I want to do some customization when a user logs in. The problem is that the project is using flask-security which implicitly handles user login.
I want to check some records of users in the database when users log in.
How can I override "login" function in flask-security?
I saw a similar post, and tried it but it's not working.
Plus, it is not exactly what I want to do.
I maybe need to stop the default behavior in case of some users.
So, is anyone having this kind of issue? How can I do it?
You can override the login form when you are setting up Flask-Security:
user_datastore = SQLAlchemyUserDatastore(db, User, Role)
security = Security(app, user_datastore, login_form=CustomLoginForm)
Then create your custom login form class that extends the default LoginForm. And override the validate function to do stuff before or after the login attempt.
from flask_security.forms import LoginForm
class CustomLoginForm(LoginForm):
def validate(self):
# Put code here if you want to do stuff before login attempt
response = super(CustomLoginForm, self).validate()
# Put code here if you want to do stuff after login attempt
return response
"reponse" will be True or False based on if the login was successful or not. If you want to check possible errors that occurred during the login attempt see "self.errors"
Greetings,
Kevin ;)
after registering the flask security extension, you can create an endpoint with the exact same name/route and it should override the one registered by Flask-security.
If you are using blueprints, make sure you register your blueprint before registering Flask-security.
I've extended the User model in my loopback application, and added phone number as a login method, I use the username field to do this, the only deal is that on login I get the 'email not verified' error, I have my own phoneNumberVerified field, and have overwritten the confirm method to validate the token against the emailVerificationToken and against the phoneNumberVerificationToken and update the corresponding flag, I thought of overwriting the original login method to not allow login only if both emailVerified and phoneNumberVerified fields are false (not just the email) but I don't know how to actually do the login the way loopback does it (I believe it creates an AccessToken or something), and I'm asking for some help on how to do this, thanks XD. I can do the overwriting and validations myself I just need to know how to do the actual login without using the original login method, since I'll be rewriting it.
So I figured out that I actually don't need email or phone number verified validation at all on login (later on the workflow will be required, but that'll be another use case, so it's irrelevant on login to me now XD). So when I was looking on how to overwrite the login method I realized that all the models code it's on the node_modules folder xD
node_modules/loopback/common/models/user.js
And found there in the login method a flag that validates if should check email verified or not, so on my startup script I just put this:
app.models.MyUser.settings.emailVerificationRequired = false;
That stops the email verified validation on login.
And maybe if some of you would like to override the login method I believe copying the whole method from the original user model up there and attaching it to your model and doing some modifications might work xD, it invokes the createAccessToken from the user model (itself) and that's what I believe creates the 'login', what I came to understand is that there is no "session" data, it creates an accesstoken when you successfully login, and as I've been doing just sending the token id to every request 'authenticates' your logged user.
Thanks for reading, have a nice day :)
I wonder what's the best practise for passing user 'model' around. I take http request and convert it to user model in my controller. I don't want to explicitly add an argument to all the templates for this model, and neither to main.
What are the best practises for doing this?
THanks.
If you are logging in, and the user is your authenticated user, then you should put the user in a WrappedRequest and make your request implicit in your templates. If you use something like SecureSocial, then UserAwareAction will provide you with a RequestWithUser (see http://securesocial.ws/guide/user-service.html) and you can do things like
#()(implicit req:RequestWithUser)
Email = #{req.user.map(_.email)}
in your template.
Use the Session scope.
Here is documentation for Play 2.0
http://www.playframework.com/documentation/2.0.2/ScalaSessionFlash
So for example, on the login, add the user to the Session
And on logout remove the user from the Session
Cheers!
I'm pretty sure this is not possible, but I was wondering if anyone can think of a way to allow anonymous users to edit webform submissions. We are allowing users to sign up for a job search agent where they anonymously provide their email address and then submit a few preferences on the type of jobs they are looking for and then we email them jobs that are available when they become available. We don't want these users to have to create an actual Drupal registration and have to remember another password. We want it to be super easy for them. So they can submit the form anonymously, but the problem is if they want to come back and edit their preferences at a later date, they can't because Drupal wont know who they are. I was thinking of possibly creating an official user registration behind the scenes using their email address and a basic password when they submit the webform and when they come back to the site, they provide their email address in a separate form I create in a custom module, then I can do a user lookup based on the email address and auto log them in (if that's even possible) and then send them to the webform? Do you think that would work, or is their a better solution to this predicament?
I think your solution will work. I've done something similar in the past.
Users just logged in by visiting a particular url such as /login/USER_NAME. Then you can send out emails with this link and they are automatically logged in as soon as they hit the site.
To create the users account use something like this:
$new_user = array(
'name' => $name, // this could also just be the email address if you are not collecting a name
'pass' => 'password', // hardcoded password - same for every user
'mail' => $email,
'status' => 1,
'init' => $email,
);
user_save('', $new_user);
Then to log them in you can use:
if ($uid = user_authenticate($username, 'password')) {
global $user;
$user = user_load($uid);
$login_array = array ('name' => $username);
user_login_finalize($login_array);
}
I have a site in Zend Framework. I want to hide one particular controller name in the URL. Explaining the requirement below.
Current URL: http://abcd.com/user/john (which is a profile page of a user)
Preferred URL: http://abcd.com/john
The preferred URL will be displayed in the browser. Also, if a visitor types a username (for eg. http://abcd.com/smith) in the url, the browser will display the user profile.
I have some other controller as well in my site (for eg. http://abcd.com/registration) and don't want to modify or hide those controller name.
I know this can be toodifficult to make a difference to recognise which is the username and which is the controller in the url, but i really want to accomplish this. Please suggest me the needful.
Please note that i am using the below html code to display user profile link.
John
Also added the below mentioned router in bootstrap.php file.
$routeUser = new Zend_Controller_Router_Route ('user/:username/',array('controller' => 'User','action'=> 'index'));
$router->addRoute('user', $routeUser);
Routes are checked in reverse order, so you can change user route to be just :username but then the router has no way of knowing that example.com/registration is not a user profile, which is why this would break your other route. The easiest way to fix this would be to add another route after the user route which handles the registration request:
$router->addRoute('registration',
new Zend_Controller_Router_Route('registration/:action', array(
'module' => 'default',
'controller' => 'registration',
'action' => 'index'
))
);
Alternatively if you are fairly comfortable with ZF and want to handle the user requests properly without breaking the standard routes, you could create a custom route class specifically for your user profile requests. I wrote up a blog post a while ago on how to do this, see: http://tfountain.co.uk/blog/2010/9/9/vanity-urls-zend-framework