I have an issue with my SugarCRM reset password page. When a user visits the Reset Password form through the link provided through mail, he/she has to put the username. If the username is kept empty the form gets submitted but the password doesn't change.
I want to either make username required field or fetch the username using GUID. Thanks.
$user = BeanFactory::getBean('Users',$guid);
$username = $user->user_name;
The guid included in the password reset link is not the guid for that user (that would be a security risk). Instead, it is a guid to the users_password_link table. If you are using the guid passed in from such a link, then you could find the username by the following SQL statement:
select users.user_name from users join users_password_link on users_password_link.username = users.user_name where users_password_link.id = '$guid';
If you were working with the user's actual guid, egg's answer is the correct way to find the information using SugarCRM's best practices.
Related
At first I want to mentioned I did search for the answer but I did not get the concrete answer. So here I am asking again.
I am using MVC.net project and using Microsoft graph to get informaiton from Azure AD. I am trying to get EmployeeId along with DisplayName. For the scope I am using 'user.readbasic.all
With below query I am getting DiplayName for all the users but for EmployeeID I am getting null. Except for myself.
"https://graph.microsoft.com/v1.0/users?$select=DisplayName,EmployeeId";
When I use "me" then again get the EmployeeID.
"https://graph.microsoft.com/v1.0/me?$select=DisplayName,EmployeeId";
So using the user.readbasic.all I do get employee id but for myself but why not for others
This is due to for others Employee ID has not been set.
Example: Employee ID has not been set for a user ,so it is showing null.
Let me Set an employee ID for a user.
Now I am testing for with same API I am getting my EmployeeID value.
In below Picture you can see as I have set EID for Rahul Only and for others it is showing null.
round 2: trying to make this clearer:
I have two totally and completely separate services (both laravel 5.3).
One is an authentication service that has access to a user mysql database, permissions and role.
The other is a resource service. It couldn't care less about the user table and does not have access to any user table.
That means that any type of Auth::loginById()... would never work in this service because there is no user table.
I want to use JWT to have users access the resource service API, and have the user Auth to act as if a user is authenticated - but again - all I have are the claims inside the JWT - no user table. The claims include some information about the user - id, name, etc. I want to do something like this:
$userObj = JWTAuth::parseToken()->getPayload()->claims; // { id:4, name: Birdman, email: birdy414141#gmail.com}
Auth::login($userObj)
and then have access to the user object like usual
echo Auth::user()->name // Birdman
Has anyone tried anything like this?
I have found that doing this more or less works:
$u = new User();
$u->user_id = (JWTAuth::parseToken()->getPayload()->get('sub'));
$u->name = (JWTAuth::parseToken()->getPayload()->get('name'));
Obviously I can't $u->save() here because again - there is no user database.
I can do this though:
Auth::login($u);
and then I can later call Auth::user()->name properly...
I'm asking if I'm doing something exotic here or is this good stuff. Where will this fail?
I need to get the list of all courses available with their username who created it in moodle site programmatically from database. As I am using drupal with moodle. In drupal I connected the moodle database so I need to fetch the courses with username for further development. Please help me on this.
Regards
Neha Singhania
The only place where you can find out who created a course is in the mdl_log table. Look for an entry with module = course and action is something like 'create' (I haven't got the code in front of me right now to check). The 'course' field will match the id of the mdl_course table, where you can find the course name (fullname / shortname). The user field will match the id of the mdl_user table, where you can find the firstname, lastname and username for the user.
I'd like to save the user information to a database, such as username, email, password (or even hash value if I can't get the password). Then I checked the sample app below, but there is no password information. If no password, then how to save it to database?
https://github.com/jaliss/securesocial/blob/2.1.x/samples/scala/demo/app/service/InMemoryUserService.scala
Finally I found the hashed password is stored in Identity, we could catch it in the function of save() when change the password or create a new user. We could add the logic to store them in database. BTW, I am using email/password to do authorization, not facebook or google OAuth.
def save(user: Identity): Identity = {
// first see if there is a user with this Identity already.
val pwd:String=user.passwordInfo.get.password
val hasher:String=user.passwordInfo.get.hasher
val salt:Option[String]=user.passwordInfo.get.salt
Is it possible to add additional properties to the User object on the server in WAMS? I would like to store the Id primary key of my User table for (secure) use in my table scripts. At the moment the only id is the vendor specific authentication Id, but I'd like to be able to allow users to choose an authentication method. Currently my (simplified) table design is as follows:
User table:
id
googleId
twitterId
facebookId
name, etc...
League table
id
userId
name, etc
I'd like to store the user primary key in the userId field on the league table, and then query it to ensure that users only get to see leagues they created. At the moment, the user object in table scripts sends through a User object with the Google/Twitter/Windows authentication token and I have to do a query to get the primary key userID, everytime I want to carry out an operation on a table with a userId column.
Ideal solution would be that when the Insert script on my User table is called on registrations and logins I can do:
// PSEUDO CODE
function insert(item, user, request) {
var appUserId;
Query the user table using the user.userId Google/Twitter/Facebook id
If user exists {
// Set a persisted appUserId to use in all subsequent table scripts.
user.appUserId = results.id;
} else {
Set the GooTwitFace columns on the user table, from user.userId
insert the user then get the inserted record id
// Set a persisted appUserId to use in all subsequent table scripts
user.appUserId = insertUserPK;
}
}
Then, in subsequent table scripts, I'd like to use user.appUserId in queries
If all you are trying to do is authorize users to only have access to their own data, I'm not sure you even need the "user" table. Just use the provider-specific userId on the user object to query your "league" table (making sure the userId column is indexed). The values will be provider-specific, but that shouldn't make any difference.
If you are trying to maintain a notion of a single user identity across the user's Google/Facebook/Twitter logins, that's a more complicated problem where you would need a "user" table and the kind of lookup you are describing. We hope to ship support for this scenario as a feature out of the box. It is possible (but fairly messy) to do this yourself, let me know if that's what you're trying to do.