I need to set a custom page login in apex5.0
If login is invalid, the standard error msg should be displayed.
However, i have a table that contains an expiry date for the user. I want to add a check user is expired then he should not login the system and message 'No access' displayed. if sys_date > expiry_date.
How is it possible to do that?
The best way to do this is to create your own authentication scheme.
Create your own function which checks if username and password match with your user table, and then check if expiry_date > sysdate. Add a new authentication scheme (shared components -> authentication schemes -> create and select custom as the scheme type. Then add your function in there.
Related
I am integrating Keycloak with Djnago
https://github.com/Peter-Slump/django-keycloak/issues
Keycloak Server
This is what my keycloak User Screen looks like
BUT when I log within django,
user.email is proper (whats present in keycloak)
user.username is getting set as ID from keycloak.
Is there a way to retain djnago username as keycloak username?
https://github.com/Peter-Slump/django-keycloak/issues/39
In general user.username is actually the username in keycloak, unless the framework you use has a custom mapping to change the values (most probably with sub value from token in your case). If it is the case, you can add a duplicate property in token to get username as follows:
Login to Keycloak Server with admin credentials
Go to Clients section and click on the application client you are working on
Select Mappers subsection in your client page
Click on Add Bultin, select username checkbox and Save the settings
After you have added the token, you use it to get the username. In case the name conflicts(when mapping of username shares same syntax as to get property username from token), add a custom mapper where you can rename the property name for same username value. Custom mapper should look something like:
How can I create an authorization schema for pages?
For example: I have
pages like page1, page2, page3 and page4 with
users as user1, user2, user3 and user4.
When I login
user1 should get only page1 and page4
user2 --> page2 and page3
user3 --> page1 and page3
user4 --> page2 and page4
I.e in a priv table the page numbers and the users are stored. The boolean return value function is working for components, but for the page it shows an error.
How can I write an authorization schema for the above roles?
1 - Go to Shared Components
2 - Click on Authorization Schemes
3 - Create a new scheme of the type "PL/SQL function returning boolean"
4 - Your function should return "false" to denied access
In this pl/sql code you have access to :APP_USER variable and :APP_PAGE_ID (page number).
If you have a function that receives the user and the page and return a boolean checking if he has or no access, so just do:
BEGIN
RETURN MYFUNCTION(:APP_USER, :APP_PAGE_ID);
END;
5 - Go to "Edit Application Properties" > "Security" and choose your
authorization scheme.
6 - You don't need to set for every page the authorization scheme, just do the step 5.
I don't know how is your table. But supposing that it's have two columns like
USER PAGE_NUMBER
user1 1
user1 4
user2 2
user2 3
user3 1
user3 3
user4 2
user4 4
So your function look like this:
CREATE OR REPLACE FUNCTION "MYFUNCTION" (p_user IN VARCHAR2, p_page_number IN NUMBER)
RETURN BOOLEAN AS
v_count NUMBER := 0;
BEGIN
SELECT count(*) INTO v_count
FROM mytable
WHERE user = p_user AND page_number = p_page_number;
IF v_count = 0 THEN
RETURN false;
END IF;
RETURN true;
END;
You should consider a custom Authorization Scheme&Authentication Scheme..
1- Create a table for the users to store each user name and password and put a column for 'user_type', in this column you will have the types of users you have for example: 'dev' for developer and 'adm' for admin ans so on ...
2- Create an plsql function that returns a Boolean (true/false) based on
a query that compares the user name and password you get from the user with the ones stored at your users table.
This function will also set 'Session Variables' to pass the user_name and
user_type after a successful login, something like:
apex_util.set_session_state('SESSION_U_TYPE',temp_type);
apex_util.set_session_state('SESSION_USER_NAME',in_username);
3- At the shared components of your application create 'Application Items' by the same exact names you use in your function (here SESSION_U_TYPE, SESSION_USER_NAME)
4- Edit your 'Log-In' page and remove or comment out the default code and use your function and pass the user_name and password via binding variables
5-Now go to shared components again and create a custom Authorization Scheme, give it a name and choose 'SQL exist' as type and write a sql
query to check the user_type of the current user, something like:
SELECT * FROM my_users
WHERE user_name = :SESSION_USER_NAME AND user_type = 'dev';
Repeat this step to create as many 'access levels' as you need
6- Finally, go to each page and under security section choose the
scheme or the user level you want to allow to access this page
-- Notes:
This is fast solution (but working fine) and you can add many improvements to it for example you should create a procedure to handle the log-in and pass the parameters to the authentication function
YOU HAVE TO HASH THE PASSWORD AS YOU SHOULD NEVER STORE PASSWORD IN PLAIN TEXT!
I hope this was useful
The above authorization schema with return boolean function works for components if we save the component id along with the page id and check for components
But for page authorization its not working and showing error.
tested with the above table structure and function
enter image description here
How can I create a signup page in odoo website. The auth_signup module seems to do the job (according to their description). I don't know how to utilize it.
In the signup page there shouldn't be database selector
Where should I store the user data(including password); res.users or res.partner
you can turn off db listing w/ some params in in odoo.cfg conf
db_name = mydb
list_db = False
dbfilter = mydb
auth_signup takes care of the registration, you don't need to do anything. A res.user will be created as well as a partner related to it.
The pwd is stored in the user.
User Signup is a standard feature provided by Odoo, and it seems that you already found it.
The database selector shows because you have several PostgresSSQL databases.
The easiest way is to set a filter that limits it to the one you want:
start the server with the option --dbfilter=^MYDB$, where MYDBis the database name.
User data is stored both in res.userand res.partner: the user specific data, such as login and password, are stored in res.user. Other data, such as the Name is stored in a related res.partner record.
We use sitecore to manage our registered users (extranet domain) and when creating new virtual users we give it an email using the Profile.Email property and then call the Profile.Save() method.
Another property somewhere else reads the userProfile.Email, everything is fine at the beginning.
Plus we use Forms authentication with the remember me feature.
The problem is when we close the browser and reopen it Sitecore.Context.User contains info about the actual user who clicked remember me but the User.Profile always has the Email null.
I tried Reload() and initialize() they don't work. I also tried getting the user again via the username (User.FromName()) but the returned user object also doesn't have the Profile Email.
What is being done wrong?
There is one very important remark in Security API Cookbook. It is related to Sitecore 6 but as far as I know it should work with Sitecore 8 as there was no important changes in Security model. It worked for Sitecore 7.
Important You must log in a virtual user only after you assign Roles and Profile properties to them. The Roles and Profile properties that are assigned after logging in are lost upon subsequent request.
Sitecore.Security.Accounts.User user =
Sitecore.Security.Authentication.AuthenticationManager.BuildVirtualUser(#"domain\user"
, true);
if (user != null)
{
string domainRole = #"domain\role";
if (Sitecore.Security.Accounts.Role.Exists(domainRole))
{
user.Roles.Add(Role.FromName(domainRole));
}
user.Profile.Email = "user#domain.com";
user.Profile[“Custom Property”] = “Custom Value”;
user.Profile.Save();
Sitecore.Security.Authentication.AuthenticationManager.LoginVirtualUser(user);
}
I'm using a custom login function resulting with a true/false value whenever the user should be allowed to login or not (a standard thing).
My problem is: when the function returns "false" the standard message is displayed "invalid login credentials"
even if the credentials are correct. Is there any chance to customize this message?
EXAMPLE: login function checks the credentials (ok) AND some additional, non relevant things (fe if the user is allowed to login into this particular application) (not ok) -> login = false -> invalid credentials message.
A small workaround that I know of is to raise a user defined exception in the login function but I'd like to omit that scenario as basically the run should be without errors (everything worked and was verified).
You need to create a validation on your login page. Like this:
In Page Processing click on Create validation:
Select Page as the validation level
Name the validation and select 'Inline in Notification' as the Error display location
Select PL/SQL as the validation type
In this case I will create a validation to avoid the login until January 1st 2025, so I chose PL/SQL expression as the sub type of PL/SQL validation
Enter the PL/SQL expression (it has to be a true/false evaluation) and the error message that will be displayed in case the condition return false.
Select the login button and allways as the condition type
And that's it. This validation will occur every time the login button will be pressed and return the custom message. Here's a working example try to login with any username or leave it blank and first will check the date condition.