I am using Apex 18.2.
I have created a report with a form for displaying and entering employees data. Employees can set their own usernames and passwords. My problem is that When I try to create a new employee or edit one that did not have a username and a password set before. The browser populates those two fields with some values. I think with the last entered username and password in the browser. I can not guarantee that users would refuse the browser's offering to save passwords. And if they do not then the next one tries to create a new employee will get the previous password entered. And I think that handling it using JavaScript through emptying the items, for example is not a good idea because the client-side can always be manipulated. I want to control it through the app not the browser. Or maybe better, control the browser through the app and prevent it from saving passwords for the app. Is there a way to do so?
Here is a sample:
https://apex.oracle.com
ws = ESLAM_WS
user = forhelp
pwd = forhelppwd
app = TEST
page = 14 and 15.
If it's the browser's offering to save the password you're trying to avoid, there are existing discussions on this
How to prevent a browser from storing password
You APEX form seems to behave as expected.
And you should not be saving passwords in clear text. Hash your data.
Related
Is there a way to use django's inbuilt password reset function without sending reset links via email or without the email option. I am currently developing a simple system with a few number of users on which sending emails are not needed.Thanks in advance
There are some options in django.contrib.auth that allows you to change the password without needing to send an email:
PasswordChangeForm: A form that lets a user change their password by entering their old password.
SetPasswordForm: A form that lets a user change set their password without entering the old password
You can implement one of them in your view to change the users password.
You can change password with forms and in the views.py use the function
make_password()
if passwordForm.is_valid():
password = passwordForm.cleaned_data['password']
request.user.password = make_password(password)
request.user.save()
[make_password][1]https://docs.djangoproject.com/en/1.11/topics/auth/passwords/
I'm not familiar with django but I've worked on other apps before where access was gained for any user, even the initial admin, via password reset. In all those cases the method of working has been similar - the reset link is formed from some URL stub plus a unique key that is found in some database table somewhere. Manually assembling the link and using it worked out just fine, though one system used an emailsentdate column and refused to do anything unless it was populated , so check for anything similar if you don't get success with a simple approach
If you absolutely have to have an email server, there do exist simple ones intended for dev use like smtpdev, they behave like an smtp server to fool an app that demands one, but they don't send the emails onto anywhere, they just display them. Intended for debugging but might help you if django insists on one being configured that looks like a real mail server
I am using Django rest framework to build my application backend. I have used Django-rest-auth (https://github.com/Tivix/django-rest-auth) to enable login and registration for my app. It is already working.
However as per my new requirement, I have a list of usernames and only those usernames can register into my system. How can I achieve this?
I had few ideas (do not know if they make total sense):
1. A new model to store usernames, so that in future more usernames can be added via admin interface
2. Whenever a user makes a call from client: the entered username is checked against this new usernames table and if it exists in the table registration is allowed.
Or there can be a still easier way to do this? Any code snippets?
We have digest authentication in our application. For some reason we are seeing for a few users having different id, username as in "auth_user" table but for some reason in the django_digest_partialdigest the user_id is different but the "login" column has the same username.
I Am not able find out what scenario would lead to this kind of entry in the db.
we allow signup/activation of account/resetting password.
I will try to answer why this was happening for us, i worked on it long time ago so will try to recollect as much as i can.
We were allowing admins to modify the login id of the user, This would go and change the email id int he partial digest table. A lot of times they would use this to disable an account by changing the login id of that user. Now what would happen is this user who's not able to login as his id is changed did a trial registration with us using the same email id/password as before and hence now the partial digest table will have two entries.
I have a webapp that allows authenticated as well as anonymous users to start entering some form data. If a user is happy with his/her input, he/she can save that form to the server. This is a very similar problem to a shopping cart application that does not require login until checkout time.
For the authenticated user, implementing a save button is trivial. However for the anonymous user, the form data need to be stored somewhere while authentication is taking place, then correctly retrieved after logged in. Can someone please suggest some general strategies to go about this?
I found this link that is promising but I want to be thorough about this topic.
I think the correct way of doing this is to use django sessions. Basically each user (anonymousUser included) has a session during its stay on the website (or even more).
If you have a form that you want to store for a specific session, you can do it by using
request.session['myform'] = form
you get it by
request.session['myform']
and you can delete it using
del request.session['myform']
Basically Django pickles a dictionary of the session and saves it in a place (typically the database, but can be on other place as explained in django sessions).
To learn Django, I was making a very basic app which does the following:
Takes a user's login (checks id password in a database).
If user exists and password is right, give user option to either insert,delete or update.
If insert, user can insert an entry into a common table.
Similarly for delete or update.
I was cruising through this but I just got stuck.
My Login page is /index/.
Option for insert/delete/update is at /application/.
Now next, page is displayed according to insert/delete/update at /application/action/
Now the problem is that after completing one insertion, I want to return to /application to carry on my next operation.
But if I do that, I get this error
"Key 'userid' not found in <QueryDict: {}>"
So the view for /application/ is expecting the userid and password in request.POST.
How do I get around this without using external user login modules. I just want a very basic login system just to learn.
Django comes with user authentication built in. I don't think it is external as it is included in django.contrib.
If you use the built in user authentiaction and User model, you will not have to pass the userid to each view. Django will automatically retrieve the logged in user from the session and make it available as a property of the request object.
So using built in user and authentiaction, after logging in a user, you can access that user at
request.user