Orchard CMS module that uses HTTP session state - session-state

I'm trying to write a simple shopping cart Orchard module that will store items in session state and then read them out when the user wants to check out. It needs to work for anonymous users.
I've downloaded the Jumpstart module but have not been able to find any way to get access to the session in the handler or the driver.
Any help would be great.

Simply inject IHttpContextAccessor into the constructor of your driver or handler. Then you can call accessor.Current() and get access to the Session

Related

How to send Session ID parameter out FROM Moodle?

I need to send user-specific values to an external system from Moodle. How can I force Moodle to send the session ID (or user ID, activity ID, etc.) to this third-party system? All of the articles out there seem to be written for calling into Moodle but this is not what I need to do.
Important:
I cannot alter the Moodle installation. The solution must only involve editing content. This means I cannot author a new plugin or alter any of the Moodle source code.
Edit:
I do have direct access to the Moodle database from a separate external API. The goal was to use this connection to validate the incoming parameters. However, I still need to be able to construct a parameterized URL to call out the external app. That app would then be able to validate the supplied values against the database. If the session ID is not available then I would need the values regarding the page, user, module, etc. to be sent via the parameterized URL.
For the session id do you mean the current user session? There is a session key stored in $_SESSION['USER']->sesskey but its not really useful data. It expires when a user logs out.
$_SESSION is server side, so you would need to use PHP code which isn't allowed in content for security reasons.
Have you got access to the database? You could pull user id and activity id from there. Otherwise you will need to use an API or a plugin.
EDIT: There is a URL activity that you could use to send data externally. But that would require the user to click the link.
Data includes user and course ids.
https://docs.moodle.org/311/en/URL_resource_settings
I can't think of any solution to send data externally without writing some PHP code or adding a plugin.
You can add javascript to every page via Site administration > Appearance > Additional HTML but the session variables aren't available without PHP.
https://docs.moodle.org/311/en/Header_and_footer

Sugar CRM REST API module extension

I am achieved the login functionality through REST API provided by sugarCRM ,
http://<url>/service/v2/rest.php?method=login&input_type=JSON&response_type=JSON&rest_data={"user_auth":{"user_name":"Vsree","password":"0141ffbe5e8d1cbaaeee96b3ca49cc49"}}
also updated the login response from
service\core\SugarWebServiceImpl.php
i am updated the response and its working fine . but it is a suiteCRM core module , i want to extend the login functionality with out affecting core modules, So how can i extend the modules inside suircrm .How can i achieve this
In order to change the login you need to create a custom version of the modules that the login process uses in the custom/modules directory.
The authentication is handled by the users module. You could create your own type of authentication by copying one from modules/Users/authentication/
and pasting it in custom/modules/Users/authentication/.
This will give you a means to extend or to create your own authentication method.
You may wish to simply copy the SugarAuthenticate. Then you can create a custom version of it.

Secure a REST interface without login

I recently succeeded in building a page that loads data via an ajax get call to a REST interface (that runs on my server) and then uses the data to construct a map overlay for Google maps via JS.
I managed to do this but now I have concerns about the security of my data. Obviously everybody could just use curl to load the overlay data from my REST interface. However, I do not want to make my data so easily available, since they are kind of the business value of my page...
Is saw many solutions on the web that all require a login of the user.
However, this should not be required on my page.
Is there an easy solution to this problem, without the user having to use a log in or something? Basically I only want to allow my web application to query data from my REST interface, but not anyone else.
One solution that came to my head is to pass the data directly from php into JS, when the page is loaded. However this looks like a real ugly solution to me...
On a RESTful interface, I suppose you want to avoid login into a session. You have basically 2 more ways :
use IP address filtering if the web application run on a private network with known IP addresses
pass an identification token in the request headers or as a request parameter. The token has to be passed along in all the requests.

Get Current User Login ID in OTRS

I want to get the login ID of the current user in OTRS. I dont know nothing about the Framework and Structure of OTRS. Tried to Google a lot but as I dont have any background in Perl I didnt understand anything. Just want to know How can I print or return Login ID of current user in OTRS.
You would want to write your own frontend module. From within the frontend module the active customer user is available as $Self->{UserID} and you can use it to call the remote webservice.
You can use remote web services via the WebUserAgent object.
Please note that writing OTRS modules is fairly easy but does require some effort. The question you had is really very basic and you could have solved it just by looking at other code in the framework.

creating user login in derby js

It seems that basic functionality such as user login, can not be done in simple manner: to have username and password field in form on client and based on that to create store.readPathAccess model access rights. Also, how to check if user is logged in to implement access rights on routes?
Based on examples and (poor) DerbyJS documentation, if I understood it correctly, you have to implement login in server module (lib/server/*) because:
store.readPathAccess must be used in server side
you want to store data in model session (which can be read only on server side)
But many questions arise:
if it has to be done on server side, how to get and store client form data on server side without having problem with second item below on the list (I have done it with manually submitting data to server-only route, but can not then save it in model with local key because I have to redirect to client route after that and local model data is lost)
how to read later that data if it must be stored in session?
even if the store access rights for model is managed, how to check if this specific user is logged in when in client routes?
I'm quite confused at the moment... liked Derby principles, but this authentication problems are playing with my nerves seriously.
I know I may not be quite clear, but there are many points to go in details and if anyone can help I'll gladly give more required info.
Thank you,
Eddie
I found this library today called derby-auth.
It uses passport for signing in and has a good example using a simple register and login form.
What it does is to set some routes on the server for logging the user, and a middleware to tell the client if it's logged or not.
It does have some bugs (a few callback calls missing that break some things), so i wrote my own based on that, but must clean a lot of things before uploading anywhere.
i'd be glad to send it to you if you want to, though.
The most current library is https://github.com/derbyparty/derby-login
It has been updated pretty regularly and works with derbyjs 0.6