How does bot framework identify the user so it knows to go and grab correct state data? It identifies user correctly when same channel is used, even on different machines. Does it user IP address or something similar?
It is based on the Id property of the user + the channel Id. This user Id depends on the channel: each channel has a specific format of user Id, hence those 2 fields.
Examples:
Webchat: by default is userid but can be changed: user: { id: 'userid' },
Emulator: user ID is always set to default-user
Facebook Messenger: the user ID is a PSID (Page Scoped ID) of the user
Slack: the user ID is made of the concatenation of several parameters: Slack's Team ID, Slack's channel ID, and Slack's User ID
SMS: it's the phone number
Email: it's the email address
etc
Related
I have a requirement to mask user IDs in log files if the user ID is an email address. I can't access the code to the software we are using, so logback.xml is the only option I have to try and mask the e-mail address -- they want user1234#mycompany.org to show up as u******4#mycompany.org, so they can still search the logs if they need to find entries for someone. To complicate matters, there are other outputs to the logs that have the pattern something#something.com that aren't user IDs, so I need to find some keywords ahead of the e-mail address. Here are a couple of examples:
Initiating save of object; type: [User], id: [steven#verizon.net]
Cleaning user record; user: [steven#verizon.net]
And to further complicate things.... they also want to mask the E-mail in rest calls:
Request ended; method: [POST], uri: [/api/v2/token/validate?aid=web_demo&uid=steven%40verizon.net]
I've been trying to get something like this to work, capturing the strings that should prefix an email address or user ID, but I'm banging my head against the wall...
<maskRegex>(?:"user: ["|"[User], id: ["|"uid ["|"savedUser: "|"email_address"|"user"|"uid")\([a-zA-Z0-9]{1}([a-zA-Z0-9\+\.\_\-]{1,128}).#.*)"</maskRegex>
<maskRegex>(?:user: [|[User], id: [|uid [|savedUser: |email_address|user:|uid:)([a-zA-Z0-9]{1}([a-zA-Z0-9\+\.\_\-]{1,128}).#.*)</maskRegex>
I've OTRS 5 working fine . I need to retrieve information from web
for example I received emails from support team they put in the subject (customer ID) I need to put in the body message of the Ticket the customer information based on Customer ID which will fetch it from another local system through Url e.x "skldfj.com/dslkde.php?id=23487893"
for example I received ticket in subject: customer 23487893 have issue
in body need to be something like
hello team this customer (ID 23487893) have issue
customer info (fetch it from skldfj.com/dslkde.php?id=23487893)
name
telephone and more
How can i get the user id from facebook url and get the basic info ?
This will be possible if i use the http://www.facebook.com/[username] '
In order to get the ID of a Facebook User, you need to authorize the User: https://developers.facebook.com/docs/facebook-login/
After that, you will get an "App Scoped ID" for that User with this API endpoint: https://graph.facebook.com/me?access_token=[user-token]
It is NOT possible to get the ID of a user by his username (or URL). Scraping is not allowed on Facebook - that i what some platforms do. But you do not need that ID anyway, you can just use the App Scoped ID instead.
I want to know is there any way to get user subscrition / unsubscrition to email campaign ?
Is it saved in one of databases/tables in MSSQL ?
If you use the approach with opting in and out being determined on the fact if user is in role, then it is stored in the aspnet_UsersInRoles table in your core database. This table does not keep the information when role was assigned to the user. That's why you cannot get information when user subscribed or unsubscribed to email campaign.
The only thing you can check is if user is in the role:
user.IsInRole(roleName)
The user's subscription is driven by the users role, but It is possible to get the users subscriptions in ECM, You just have to use the api.
You can get the contact from the email address:
string fullName = commonDomain + "\\" + Util.AddressToUserName(username);
var contact = Contact.FromName(fullName);
var subscriptions = contact.GetSubscriptions();
Once you have a contact you can call the GetSubscriptions() method which will return the recipient lists the user is signed up to. There are a host of other methods you can call on a contact and if there is a a way to get the date unsubscribed/subscribed it will be here.
If not reflect Sitecore.EmailCampaign.dll and keep looking! There might be some extra information in the automation states table in the Analytics database. More info on automation state here:
https://www.sitecore.net/learn/blogs/technical-blogs/sitecore-magnified/posts/2013/09/ecm-automation-states-magic.aspx
Also noticed there is a method GetUnsubscribersStatistics on the Sitecore.Modules.EmailCampaign.Core.Analytics.AnalyticsHelper class. This will have the date of unsubscription.
let me describe a simple scenario:
There is a rest resource represented by this URI: /api/messages/{userid}. After the user is logged in, a request is dispatched passing to this URI "userid" (logged user). This way, as soon as the user logs in, he gets his own messages based on his ID.
If user is not logged yet, the URI is not visible (there is a authentication filter).
The problem is: if a already logged user discover this uri, he can submit a request passing another ID what will lead to a security problem because he will be able to get messages from another user (simply passing any random ID).
Can you propose any security model to prevent this security flaw ? (what I believe its more likely a cross-cutting concern).
Thanks, in advance!
Just off the top of my head, have the endpoint either (a) only return those messages visible by the logged-in user, or (b) only return messages if the logged-in user is the same as the userId in the URI. Which one depends on your business rules.
In the endpoint you can check for the user and then see if that user id matches the pathparam
finding the userid from the user name is as easy as selecting the id using the user name from a database
import javax.ws.rs.core.Context;
import javax.ws.rs.core.SecurityContext;
import ... blablabla;
#GET
#Path("messages/{userid}")
public Response getMessages( #PathParam("userid") int userId, #Context SecurityContext context ) {
String username = context.getUserPrincipal().getName();
int id = getIdFromName(username); // define this yourself
if(userId==id) {
// output the message list
List<Message> msgs = getDemMessagesGURL(); // define this yourself
return Response.ok(new GenericEntity<List<T>>(msgs) {}).build();
} else {
// output Forbidden(403)
return Response.status(403).build();
}
}
and with oauth you can use a servlet filter to set the user principal based on the oauth signiture