I have created an apex application and I have some end users which should log in to the application and use it, I realized that there is not any change password or reset password option for end users !!!
How can I add it to login page ??
I have done that based on this link, but the problem is when any username is not entered, it goes to the change password page and after presseing the change password button an internal error box appears !
https://apex-de.blogspot.com/2017/11/change-apexuser-password-for-end-users.html
That page in the blog does not mention a username. And it shouldn't because a user should only be able to set/change a password for himself. Usually there are 2 ways to change a password, both can be implemented together:
A form that is accessible to any user that is logged in. That way you're sure that the password is changed for the actual user.
A link on the home page that points to a public form in which the user can enter his email address that is linked to his account. When the form is submitted the user gets an email with a link that contains a unique code that is linked to his email and only valid for x minutes. The email verification is needed to ensure the user that wants to change the password is who he says he is. Clicking on the link allows the user change the password. At no point the password is displayed to the user or emailed to the user.
Both of those can be implemented in apex - the api to change a users password is APEX_UTIL.CHANGE_CURRENT_USER_PW as mentioned in the blog.
The reason that by default there is no password management is that the authentication scheme "Application Express users" is rarely used for production applications. Usually it's social sign in, LDAP, SSO or SAML and "Application Express users" is only there for development purposes.
Related
I created new Google Play game and would like to change the email displayed on Google Consent Screen. Google Developers Console screen has a dropdown to choose email, but just one - admin's email - is here. I've added another user as the owner, but it is not appeared on the consent screen.
If you want to change the email address that is displayed to the user you have to:
Add permission for the new email address to handle the project: Menu > IAM & Admin > IAM, then click on the Add button, enter the email address and select Role > Project > Owner
Accept the invitation from the new email address. Check your emails, click on the confirmation url and accept the terms and conditions.
Log in to the Google Developers Console using the NEW email address. Only the new email address can change the displayed email address. You don't have to log out or open an incognito window. You can simply add a new account by clicking on your account photo (upper-right corner) and then selecting the Add account option.
Tip: When you visit the page, you will be logged in with your primary account by default. If you want to be logged in with the second account you just created, simply append &authuser=1 to the end of the url. If you have more than 2 accounts, you can use the value authuser=2 or 3 and so on. (The default value for your primary account is 0.)
You need a second email address then add that person / email as admin of the project. Then you will be able to add that email in the consent screen.
The Console has changed a lot since 2014, You need to add another user as the admin then you must login to console with that email and connect it. Then you will be able to change it.
A new user can be added via the Iam for your project.
While the above solutions work, I didn't want to make my support#my-company.com a Project > Owner of my GCP project since multiple people can potentially access it.
The page (https://console.cloud.google.com/apis/credentials/consent/edit) says that the permission needed is clientauthconfig.clients.update
So I made a Custom Role containing every permission in that category:
clientauthconfig.brands.create
clientauthconfig.brands.delete
clientauthconfig.brands.get
clientauthconfig.brands.list
clientauthconfig.brands.update
clientauthconfig.clients.create
clientauthconfig.clients.createSecret
clientauthconfig.clients.delete
clientauthconfig.clients.get
clientauthconfig.clients.getWithSecret
clientauthconfig.clients.list
clientauthconfig.clients.listWithSecrets
clientauthconfig.clients.undelete
clientauthconfig.clients.update
and gave my support email that Custom Role + the role Project > Viewer
One note, these permissions are not finalized yet. The 'Create a Custom Role' page gives this warning:
Not recommended for production use
These permissions might be changed
in backward-incompatible ways and are not recommended for production
use. They are not subject to any SLA or deprecation policy.
You can go here https://groups.google.com/ and create a group. Then simply refresh the consent page and you'll be able to pick the group. It is not your custom domain but it does the job I think.
There is a way to choose email without creating a new Gmail account and giving it Owner permissions. You can create a Group in GSuite with public email and then configure the group's forwarding to the email you want.
For example, you want to use support#company.com. You can create a group support.google#company.com which will forward everything to support#company.com
Then, you will be able to pick up support.google#company.com in the dropdown.
I have read through
https://sitecore-community.github.io/docs/xDB/the-xdb-contact/ and https://doc.sitecore.net/sitecore_experience_platform/81/setting_up__maintaining/xdb/contacts/contact_tracking.
I would like to know whether Sitecore contact tracking will work for my client or not.
I have created a simple newsletter subscription functionality (without WFFM form submission). Once a user submits his information along with personal details and email, I send a confirmation email link. After confirming the email address, I am creating contacts through code. Thanks to Brian!
My application session state mode is InProc.
My question is, if user is interacting with the site with a new session after subscription (after submitting email):
Will Sitecore identify user as contact (and merge in existing anonymous contact) or will it create new anonymous contact each time?
I am NOT using any of the following services in my solution:
Device detection
GeoIp Service
FXM
Your approach
It seems to me that manually creating contacts is completely unnecessary in your case.
As I understand from your post, here's what happens:
A user visits your website.
Sitecore creates a new contact (ID: xxx).
The user browses the website and submits your form.
A confirmation email is sent to the user's email address.
The user clicks on the link in the email and hits a confirmation page on the site.
Your code creates a new contact in xDB (ID: yyy).
As a result, you have two separate contacts in xDB that are not related to each other, from Sitecore's perspective.
Now, to your question:
Will Sitecore identify user as contact (and merge in existing anonymous contact) or will it create new anonymous contact each time?
If the user is visiting from the same browser, Sitecore will recognize them as the original contact (ID: xxx) based on a cookie. Sitecore will not create a new contact in this case.
If the user is visiting from another browser or device, he will not be recognized as any of the existing contacts and a new anonymous contact will be created (ID: zzz).
As you can see, Sitecore has no way of automatically using the contact you created (ID: yyy).
Suggested solution
The only way to make Sitecore recognize a user as a specific contact is to use the identification API. In short, what you can do is this:
Sitecore.Analytics.Tracker.Current.Session.Identify(identifier);
Here's what I suggest you to do:
Do not create new contacts manually—there's just no need for that.
When the user has submitted the form, you invoke Identify() and pass the user's email address as the identifier. This will set the user's email address as the identifier of the current contact.
When the user comes back from the email link you sent, you invoke Identify() once again. This will make sure that, even if the user is coming from another device, the same xDB contact will be used in his session. You'll need to pass the same email address to Identify(), so make sure you have access to it—for example, you can include it in your email confirmation link as a query string parameter.
Use Sitecore.Analytics.Tracker.Current.Contact and populate the current contact's facets with the information you've collected about the user.
If you have a login functionality, remember to invoke Identify() on successful login attempts—again, this is to ensure that the same contact is used for all sessions of the same user.
When using django allauth for social account registration allauth defines the username automatically as first_name grabed from 3rdparty. So, for example: if facebooks John Cucumber registers he gets username "john". I would like to change this to "john cucumber". Use both his first and last name as username. Didn't see anything about this in docs.
Thanks
EDIT : Some more explanation:
Anonymity is not default
I am trying to achieve that as default the users are not anonymous (using nicknames). They have the ability to change username to nick, but only after fully registered, by default they use full name from social network.
Registration is quick (no forms)
I also want to have them registered and login quickly (that is why I am using social network login in the first place, one click and you are a user of my page). So, I don't wanto bother users with registration forms. As pointed out in Andrew's post below the
current setup of allauth causes many names conflicts (there can be only one John all others need to change they username). There will be less conflicts with full names than with first names. But this is something I go after later, once this issue is solved.
I think it will be a short matter of time before your users start seeing conflicts with the generated usernames. As soon as you have more than one "John Smith" then you'll have a problem.
Also, many users may prefer not to have their full name as their username.
Personally, I always use email for the login, never usernames, but if you're adamant about it, I'd recommend that you show a form allowing the choice of username and giving the default as "%s %s" % (first_name, last_name) or similar.
To ensure the form is displayed, edit settings:
SOCIALACCOUNT_AUTO_SIGNUP = False # require social accounts to use the signup form
From the documentation:
[If true] Attempt to bypass the signup form by using fields (e.g. username,
email) retrieved from the social account provider. If a conflict
arises due to a duplicate e-mail address the signup form will still
kick in.
You should be able to use a hook to supply the suggested username before the form is rendered.
A working example* of django-allauth with Twitter Bootstrap is at https://github.com/aellerton/demo-allauth-bootstrap. However, it does not use usernames but it does show the signup form after social signup.
*Disclaimer: I wrote the example.
I have a login button in my site, which opens facebook login in new window, ask user to login fetch neccesary informations and immediately logout that user and close that temporary window. Problems comes when next user again click login button new window open and it doesn't ask for login informations it by default assumes that previous user has already logged in...How do I override these facebook logins for different users?
Facebook has support for re-authentication: https://developers.facebook.com/docs/howtos/login/client-side-re-auth/
This forces the user to re-enter his password. However, at this point the user cannot decide to login as a different user.
Support for re-authentication has just been added to the master development branch of django-allauth:
https://github.com/pennersr/django-allauth/commit/8a8f9902b4c7a1f5d079d1422be2976b51e5b7b9
If you prefer to use 0.9.0 (which does not contain support for this yet) you can easily override the "facebook/fbconnect.html" template and pass along the auth_type parameter to the FB.login API call yourself.
I have been trying to use django-allauth to provide Social registration, but I am having trouble configuring the profiles for the user. There is no documentation of django-allauth which tells
how a django user account is created when a user logs in via a third party such as facebook
What username is assigned to that user and what password is used.
Certain third party providers such as Facebook provide a lot of information about the user such as their name, email etc. so how can we get them and save in the user account/profile
If anybody has used allauth in their projects and can provide some details then it would be really helpful.
I am using django_allauth in my project.
(1) How a django user account is created when a user logs in via a third party such as facebook ?
You should take a look at :
your admin panel and see what happens when somebody logs in.
allauth.facebook.views.login and try to track the login process
It is something like this (in a few words):
When a user logs in your site via his Facebook credentials he is given an access token
This token is saved in the FACEBOOK_ACCESS_TOKENS table (you can see it in the admin panel)
With this access token and with the help of Facebook GraphApi we know his social_id
When we know his social_id - we can have his Facebook account from our database
If we haven't saved it in the db already - we save the Facebook account in the FACEBOOK_ACCOUNTS table (Facebook Accounts in the admin panel)
Then we create a user in the USERS table with the data present in the Facebook account. (you can see the new user in the Users section in the admin panel)
(2) What username is assigned to that user and what password is used ?
As I mentioned before with the help of Facebook GraphApi we get the username of the Facebook user and it is assigned to the User profile as User.username
(3) Certain third party providers such as Facebook provide a lot of information about the user such as their name, email etc. so how can we get them and save in the user account/profile?
Again - the Facebook GraphApi - it gets you the info you need.
I have integrated django_allauth in my site and it is working properly. I will be happy to answer(if I can) if you have more questions.
EDIT - For the avatar support...
I think you have to take a look at the django_allauth settings and particularly in:
SOCIALACCOUNT_AVATAR_SUPPORT (= 'avatar' in settings.INSTALLED_APPS)
Enable support for django-avatar. When enabled, the profile image of
the user is copied locally into django-avatar at signup.