Access session from view - adonis.js

I built login from scratch using adonisjs but I don't know how to check session from view. I need to check when a user is logged-in and the session can be shared everywhere.
I am trying to use global in service provider but it's not possible.

If you use authentication with auth you can use this tag on view: Adonis - Authentication
#loggedIn
<h2> Hello {{ auth.user.username }} </h2>
#else
<p> Please login </p>
#endloggedIn
To manipulate the session object you can access it in HTTP Context: Adonis - Session
// Example
Route.get('/login', ({ session }) => {
return session.get('username') // 'virk'
})

Related

Call ajax of `django-restframework` api from template and the server checks who calls this api

I use google auth login in django project with django-oauth-toolkit
What I want to do is
Call ajax of django-restframework api from template and the server checks who calls this api.
For example, I can get if user is login or not {% if user.is_authenticated %} in template.
so, I can call the api with the user information like this.
var url = "http://localhost/api/check?id={{user.email}}"
$.ajax({
method:"get",
url:url
....
with id query server can understand who calls this request.
However in this method,id is written barely, so you can make the fake request.
So, I guess I should make some access token or some other key.
Is there any general practice for this purpose???

Rendering Grafana inside django website using API Key

I’m attempting to pass an API token for a user to grafana from our own internal website so that the main gui renders in an iframe. We don’t want the users to have to log into grafana after they have logged into our site, so we are creating their users in grafana, building an API token and attaching that to the user for our website. When the user goes to the page that has the grafana iframe, we are sending an ajax get request with the token so grafana renders the main dashboards with the users information.
If we do just a standard iframe everything works fine and we render inside the frame. We can get to the login page and do everything we need to. When I add the token so we don’t need to authenticate nothing renders and I see no errors/logs on either grafana or the website. If I send an invalid token I see the expected “401 invalid Api key” error on both the website and the grafana logs. This is what I’m sending from the website…
<div class="content">
<div class="container-fluid" id="container">
</div>
</div>
<script>
$.ajax({
url: "{{url}}",
type: "GET",
beforeSend: function(xhr){
xhr.setRequestHeader('Accept', 'application/json');
xhr.setRequestHeader('Authorization', 'Bearer {{token}}');
},
success: function(r) {
$('#container').html(r);
}
});
</script>
With the above nothing happens, I get no errors or logs. If I keep everything else the same and just adjust the token to make it invalid, grafana says it is invalid, so I know it is making it to the server. Why is nothing coming back to be rendered?
Thanks!
That' s an Error in Grafana-API, the generated API-Key. Use a Key that is generated inside Grafana

Can I send requests to the server from HTML rendered in email?

I am trying to implement the following functionality.
The server sends an email to a user who doesn't necessarily have an account in the server.
In the email, the user is asked to rate a certain model (send a request to the server).
Can I make it in such a way that the user can click the button and doesn't get redirected to some other page, but sends the request directly to the server.
<div>
<p> Hi {{ user }}, </p>
This e mail is to kindly ask you to rate {{ job_seeker }}, who previously
worked with you.
Please rate him from 1 to 3 below.
<button onclick="some function that wont work in email">1</button>
<button>2</button>
<button>3</button>
</div>
I am using django.
NO, you cant execute JavaScript in email templates.
Due to serious security issues, most of the email clients block JavaScript from executing. that's why your redirection script doesn't work.
the solution is to use an <a> tag with a URL that specifies the page link instead of <button>.

How to render Flask-Security forgot password form?

I have application with ready UI and I want to add login/logout/register/restore features with Flask-Security. Before I worked with that default behavior - when user clicked "forgot password" he was redirected to specific endpoint.
Now I want to have forgot password form on the same page (just in different panel which show when user clicks corresponding link).
I faced an issue that I cannot just add the same form with same endpoint because Flask-Security wants CSRF token. I think that I can somehow render its form on page and adjust styles. But I do not know how.
I do not want to turn off csrf check unless I definitely know that there is not other ways.
Since you are generating the form dynamically I will assume that you are using AJAX, the documentation speaks about it.
You have to enable the CSRF module with
from flask_wtf.csrf import CsrfProtect
CsrfProtect(app)
you will have access to csrf_token() on every page, and you can get it with:
<meta name="csrf-token" content="{{ csrf_token() }}">
var csrftoken = $('meta[name=csrf-token]').attr('content')
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken)
}
}
})

Csrf token verification fails between two Django web applications

I am trying to pass csrf token between two web application to make one POST data to the other.
"client" application (C) asks csrf token to "server" application (S) via a GET operation.
S responds to C with a form:
<form id='csrfRequestForm' name='csrfForm' action='http://{{ context_path }}/ajax/getcsrf' method='post'>
<!-- csrf token -->
{% csrf_token %}
<!-- datas to POST follow -->
...
</form>
C has to submit this form to action (mapped on a url used by S) in order to POST datas to S.
When C tries to do it, csrf verification fails. I've checked GET's result and csrf token is received with the form. I have django.middleware.csrf.CsrfViewMiddleware keyword listed under MIDDLEWARE CLASSES in settings.py and RequestContext is passed when rendering form's view with render_to_response(... RequestContext(request))
What am I doing wrong?
Thanks
Try defining your context and returning it like this...
context = RequestContext(request, {
'request': request
})
return render_to_response(..., context_instance=context)
This is by design, and disallows for cross site POST execution. One option you have is to mark the methods you would like to be able to execute as safe, as per the django docs:
https://docs.djangoproject.com/en/dev/ref/contrib/csrf/
I wasn't able to resolve it in your way, but I managed out how to do it:
C go directly to S via javascript opening a popup with:
window.open("http://<S_address>/<path_to_request_form>");
In this way, user using C that is logged via a third party authentication server (I forgot to mention it earlier, sorry), is still logged in the popup window in S and receives the form in it with a correct csrf token. I don't know if it's correct but it works.
Thanks for your time