I tried to get password for the particular profile, but I'm struggling to do so.
My friends suggested that we can get profile information when we pass profile id. Can any one help me how to do this?
Here is a code snippet of what we've done so far using profileId:
Repository repository = getConnection();
RepositoryView view=repository.getView("user");
RqlStatement stat=RqlStatement.parseRqlStatement("email=?0");
Object param[]={resetEmail};
RepositoryItem[] emailCheck=stat.executeQuery(view, param);
Map profile= new HashMap();
profile.put("userId",profileId);
Please help me get profile information when we pass profile id.
First of all, in ATG the Profile's password is hashed to prevent any malicious attacker from reading it in clear text. Depending on your ATG version it will be hashed in MD5 or SHA-1 plus some salt, so you will NOT be able to see a clear text password.
Second, why do you need to access the password? If you have a specific requirement, such as logging the user in, post it and I will be able to assist.
That said, assuming that you have a valid scenario where you need to access the hashed password, how to do it depends on whether you just need the password of the user that is logged in, or some other user.
For the currently logged in user, you just need to resolve the /atg/userprofiling/Profile component, and do
String password = (String) profile.getPropertyValue("password");
Obviously the "password" string should replaced with a constant or with the Profile propertyManager, depending on your project's coding practices.
If you want to access the password (remember, you can't access the clear text password, only the hashed version of it) of any other user, you need to locate the user first. The /atg/userprofiling/ProfileItemFinder component has tools to help you with these, so you'll have to inject it into whatever component you are writing:
RepositoryItem user = profileItemFinder.findByEmail("your#email.com", "user")[0];
String password = (String) user.getPropertyValue("password");
Hope this helps.
Edit
If all you have is the profile id, you can use the following snippet after injecting the /atg/userprofiling/ProfileTools component:
Profile user = profileTools.findProfile("profile id");
String password = (String) user.getPropertyValue("password");
Related
I create a widget on which my user can edit his email, but I need to use "reauthenticateWithCredential" to make it works.
But how can I use reauthenticateWithCredential without asking my user to enter his password again ?
Thanks
I use to use firebase for that it has own example code for that, it working and does not asking password again. In some case when your users token has expired, your authantication maneger has to do that automaticly(reAuth).
"Linking/re-authentication with email link#" read this headline in following link.
https://firebase.flutter.dev/docs/auth/email-link-auth
I'm still learning REST API principles and this one still confuses me. Password inside User Resource is private and of course cannot be placed in a response, while sometimes we need to get user data for public (e.g. when someone seeing someone else's user page). How do we handle this based on REST API principles? Should I remove password inside response before sending it?
Yes, you should not return the password in response. I would suggest you should create two DTOs
UserInputDTO: This contains the password and other values
UserOutputDTO: Here you have only those fields which are useful for the output and we can exclude password field and fields related to your internal implementation.
If your input and output looks same then you can add JsonIgnore annotation on the password field.
If by removing you meant setting it null then still the user can see the fieldname password, and if at any time you forgot to set it null then it will be a security issue. To solve this issue, you can use the JsonIgnore annotation.
I've extended the User model in my loopback application, and added phone number as a login method, I use the username field to do this, the only deal is that on login I get the 'email not verified' error, I have my own phoneNumberVerified field, and have overwritten the confirm method to validate the token against the emailVerificationToken and against the phoneNumberVerificationToken and update the corresponding flag, I thought of overwriting the original login method to not allow login only if both emailVerified and phoneNumberVerified fields are false (not just the email) but I don't know how to actually do the login the way loopback does it (I believe it creates an AccessToken or something), and I'm asking for some help on how to do this, thanks XD. I can do the overwriting and validations myself I just need to know how to do the actual login without using the original login method, since I'll be rewriting it.
So I figured out that I actually don't need email or phone number verified validation at all on login (later on the workflow will be required, but that'll be another use case, so it's irrelevant on login to me now XD). So when I was looking on how to overwrite the login method I realized that all the models code it's on the node_modules folder xD
node_modules/loopback/common/models/user.js
And found there in the login method a flag that validates if should check email verified or not, so on my startup script I just put this:
app.models.MyUser.settings.emailVerificationRequired = false;
That stops the email verified validation on login.
And maybe if some of you would like to override the login method I believe copying the whole method from the original user model up there and attaching it to your model and doing some modifications might work xD, it invokes the createAccessToken from the user model (itself) and that's what I believe creates the 'login', what I came to understand is that there is no "session" data, it creates an accesstoken when you successfully login, and as I've been doing just sending the token id to every request 'authenticates' your logged user.
Thanks for reading, have a nice day :)
I'm using Firebase in an application written in Swift and cannot understand how to have the email of the current logged user. Can anyone help me?
The answer depends on how you are authenticating (password? Facebook?) but a code snippet will probably suffice.
All of the user data is stored in an FAuthData variable authData, and within that, there's a providerData dictionary that contains specific information.
To read a current users email, define authData as as your-firebase.authData
let email = authData.providerData[#"email"]
There's a section on the Firebase website Email and Password Authentication that defines what is contained within the authData variable.
I have a Ektron client with Ektron installed. They would like to add the functionality to change a password to something they want. Do I need to be concerned with the ektron part or just go ahead and make my edit?
Is there an easy way to do that? Any links to information would be greatly appreciated.
If you're talking about Ektron CMS400 Membership Users, you can use the Web Service Method:
User.ResetMembershipUserPassword
If you're trying to set it for regular CMS400 users, you're out of luck. The administrator will need to reset their password (if they've forgotten it) and the user will need to log back in to the workarea and change their password there.
UPDATE
That method resets the password to a random value. To set the password to a desired value, you'll have to use:
Ektron.Cms.BusinessApi.dll
Ektron.Cms.UserAPI.ResetMembershipUserPassword(string Username,
string oldPassword,
string newPassword)