This may be really simple, but I'm wondering how browsers that offer a 'remember your password' facility select the 'username' to save?
I'm working with some asp.net that is spitting out it's usual incomprehensible id/name values and the browser is offering to remember the registration form's 'postcode' field as the username, rather than the email address we'd like it to use.
Is the browser looking for a specific 'username' field name/id?
If there is no 'username' then what does it look for next?
Can we specify which field to use?
HTML does not offer any way for the web authors to support the password management mechanism. Browser basically have to guess which fields hold the username and the password. The latter is a bit easier due to the 'password' input type but not the solution itself, because that input type has no semantic value, it just says how user agents should render those fields.
As far as I can tell you, browsers would simply look for the first password field and then assume that the field before it is the username. So, in your case, you'll have to make sure that the password field strictly follows the username.
Another solution, which I am not sure would help the browsers do the right choice, is to turn off autocompletion on all the fields except the username and the password by setting the autocomplete attribute to off.
Related
I'm still learning REST API principles and this one still confuses me. Password inside User Resource is private and of course cannot be placed in a response, while sometimes we need to get user data for public (e.g. when someone seeing someone else's user page). How do we handle this based on REST API principles? Should I remove password inside response before sending it?
Yes, you should not return the password in response. I would suggest you should create two DTOs
UserInputDTO: This contains the password and other values
UserOutputDTO: Here you have only those fields which are useful for the output and we can exclude password field and fields related to your internal implementation.
If your input and output looks same then you can add JsonIgnore annotation on the password field.
If by removing you meant setting it null then still the user can see the fieldname password, and if at any time you forgot to set it null then it will be a security issue. To solve this issue, you can use the JsonIgnore annotation.
I need a link for an action, which I could send per email.
This works fine with using the viewhelper "f:link.action". Here an example:
<f:link.action action="changePw" id="changePw" absolute="true" arguments="{email : uSetup.uEmail, user : uSetup.uName}"></f:link.action>
Now I have the problem, that in the used form, the user can update his email. In this case, the link is not useful, because it includes the old email address and not the new one, which would be required!
I have looked for hours, but I could not find any useful solution.
The best would be, if could create the link in a php programm and than run a Typo3 php routine, which is creating me the required cHash value. For security resons, I would not switch off the cHash feature.
Is there a Typo3 function, which could create me the cHash value?
The other way, would be to update the viewhelper, that it is using the actual value from the email textfield. But how could I do it?
Thanks in advance for your support.
A cHash is generated automatically if you generate an URL.
Data can be transfered from the client to the server in two ways: GET and POST parameters.
If you want to protect these parameters you secure them with a cHash. the hash represents a list of static parameters. These are replaced on server side overwriting any values coming from the client.
so it is clear: you can't use a value in the cHash if that value could be changed in a form. you need to exclude the emailadress from cHash for the form where the email can be changed.
You might define an alternative field (other name => other URL parameter) where a new email can be inserted and after the submit the email could be updated by the alternative field.
I am making an Action in Zapier for my App.
I have two fields where only one needs to be filled.
For eg: The user can either enter the email or phoneNumber but not both.
So I cant use the 'Required' attribute because it will ask user to enter both.
I couldnt find a solution in the Zapier Documentation also.
Kindly Help
Thanks
David from the Zapier Platform team here.
The best way to do this is mark neither field as required, but include help text for each field that mentions that either one or the other is needed.
Then, before you make your request, verify that a || b is true. If it's not, throw an error telling the user they have to supply either.
Hope that clears it up!
I'm developing an application with Symfony2 and I try to translate texts form validation (required). Validation is done by the browser and I get eg "Veuillez renseigner ce champs" I wish I could translate the customer or switch also navigation.
My forms are made with buidform.
Thank you in advance for your help
Olivier
If you are referring to the browser validation raised when a field has an attribute required, this does not depend on symfony. I'm not sure you can set a language for these messages as they are generated by the user's browser.
A solution for you might be to disable browser validation (ie set required to false in your formBuilder fields) and rely on Assertions in you entities whose messages you can customise, you'll find more about this here.
I have a Ektron client with Ektron installed. They would like to add the functionality to change a password to something they want. Do I need to be concerned with the ektron part or just go ahead and make my edit?
Is there an easy way to do that? Any links to information would be greatly appreciated.
If you're talking about Ektron CMS400 Membership Users, you can use the Web Service Method:
User.ResetMembershipUserPassword
If you're trying to set it for regular CMS400 users, you're out of luck. The administrator will need to reset their password (if they've forgotten it) and the user will need to log back in to the workarea and change their password there.
UPDATE
That method resets the password to a random value. To set the password to a desired value, you'll have to use:
Ektron.Cms.BusinessApi.dll
Ektron.Cms.UserAPI.ResetMembershipUserPassword(string Username,
string oldPassword,
string newPassword)