Create a sitecore admin website - sitecore

A sitecore newbie here. We have an existing website that's built using Sitecore 8. It's live in our production environment. I recently joined the company and my background is backend .NET development. I have been asked to write a utility module that allows us to remove registered users that meet certain criteria. The website provides the ability for users to register and the registered users are stored in the core database. My initial thought was to go directly against the DB but quickly learned that the data stored is serialized. I also thought about writing a c# console application to do this but it appears that there are a lot of configuration/setup steps to do this and that it's better to do it from a web app. Does anyone have any tips on how I could set up a simple utility web application to connect to an existing Sitecore database? I expect that I will be asked to add more functions/features down the road.

For an admin function like that, I would be tempted to use Sitecore Powershell Extensions: https://marketplace.sitecore.net/en/Modules/Sitecore_PowerShell_console.aspx
The Get-User command can pull users out of the system:
Get-User Documentation
PS master:\> Get-User -Filter "michaellwest#*.com"
Name Domain IsAdministrator IsAuthenticated
---- ------ --------------- ---------------
sitecore\michael sitecore False False
Then you can use Remove-User to delete them: Remove-User Documentation
There are a lot of great resources on how to use SPE, its awesome for stuff like this.

As i understood, the objective is to be able to remove certain users.
The easiest way to do that would be using Sitecore PowerShell module, but for you as a newbie that would not be probably as easy (and you would need to have module installed). With PowerShell module you don't even need to create user interface.
Here is the documentation how to do use Remove-User with PowerShell
If PowerShell option does not work for you, you can use that from the code utilising Sitecore API, so your Delete method would look something like below:
public void DeleteUser(string userName)
{
try
{
Sitecore.Security.Accounts.User user = Sitecore.Security.Accounts.User.FromName(userName, true);
user.Delete();
}
catch (Exception ex)
{
Sitecore.Diagnostics.Log.Error(string.Format("Error in Client.Project.Security.UserMaintenance (DeleteUser): Message: {0}; Source:{1}", ex.Message, ex.Source), this);
}
}
So you would just call this method when iterating usernames to be deleted. Depending on which credentials you would run that code, you may need to wrap it with SecurityDisabler to omit permissions check for delete operation:
using (new SecurityDisabler())
{
// you code to delete here within using block
}
Hope this helps!

Related

File browser with Django and Alfresco

I have a Django site and a local install of Alfresco (community edition). One of my model contains a file reference which maps to a document in Alfresco. The view should have a field that spawns a file browser that can access the repository structure within Alfresco so that the user can pick whichever file they want at whichever version.
I looked at the CMSIlib module and it seems to be providing all the interaction I need for the back end code. Although downloading a document seems clunky.
There are lots of Django file browsers but none seem to interface with CMSIlib.
Do I have to code my own or have I missed something?
The version is Alfresco Community v5.0.0 (d r99759-b2) schema 8022 Spring Surf and Spring WebScripts - v5.0.0.
To be honest, I am not a python guy ! But I heard over the official #alfresco IRC channel that cmislib is not so much of an active project, and questions about it only bump once in a while .... The RESTful api however may be considered as a good alternative in your use case:
To access alfresco content using the RESTful api, you should be querying this webscript: /alfresco/d/<d|a>/<workspace>/<store>/<nodeId>/<filename>
where :
d and a refer to direct / attached mode
<workspace>, <store> and <nodeId> reference your content nodeRef
<filename> a file name of your choice
So you should be making a GET Request an a URL that looks something like this http://<host>:<port>/alfresco/d/d/workspace/SpacesStore/8444ad61-4734-40e3-b2d4-b8b1c81347fd/myFile.ext
Note : Depending on the permission set on your node, you might need to attach an alf_ticket to the URL for an authenticated alfresco user. Please check this for further insights.
UPDATE 1:
If you have a problem identifying your file nodeRef, then you can setup a repo webscript implementing your custom logic (browsing some folder / searching for a document by name or metadata ....)
If your are not familiar with webscript development check Jeff Pott's tutorial on the subject
UPDATE 2:
To get started with your webscript development check out Alfresco docs/wiki!
Check this wiki page to learn how to retrieve children for a given node !
Or check this wiki page to learn how to develop webscripts implementing your custom business logic.
If you do not have anything against the YUI javascript library (that is no longer actively maintained), you can integrate the object-finder already available in Alfresco Share. The library is in
share/components/object-finder/object-finder.js
You will need to modify it a bit given that you are not inside Share.
To be totally honest, I do not know if it is feasible because it has other dependencies but being a browser site library, in theory can be integrated everywhere.

How to configure CouchDB authentication in Docker?

I'm trying to build a Dockerized CouchDB to run in AWS that bootstraps authentication for my app. I've got a Dockerfile that installs CouchDB 1.6.1 and sets up the rest of the environment the way I need it. However, before I put it on AWS and potentially expose it to the wild, I want to put some authentication in place. The docs show this:
http://docs.couchdb.org/en/1.6.1/api/server/authn.html
which hardly explains the configuration properly or what is required for basic security. I've spent the afternoon reading SO questions, docs and blogs, all about how to do it, but there's no consistent story and I can't tell if what worked in 2009 will works now, or which parts are obsolete. I see a bunch of possible settings in the current ini files, but they don't match what I'm seeing in my web searches. I'm about to start trying various random suggestions I've gleaned from various readings, but thought I would ask before doing trial and error work.
Since I want it to run in AWS I need it to be able to start up without manual modifications. I need my Dockerfile to do the configuration, so using Futon isn't going to cut it. If I need to I can add a script to run on start to handle what can't be done there.
I believe that I need to set up an admin user, then define a role for users, provide a validation function that checks for the proper role, then create users that have that role. Then I can use the cookie authentication (over SSL) to restrict access to my app that provides the correct login and handles the session/cookie.
It looks like some of it can be done in the Dockerfile. Do I need to configure authentication_handlers, and an admin user in the ini file? And I'm guessing that the operations that modify the database will need to be done by some runtime script. Has anyone done this, or seen some example of it being done?
UPDATE:
Based on Kxepal's suggestion I now have it working. My Dockerfile is derived from klaemo's docker-couchdb, as mentioned below. The solution is to force the database to require authentication, but a fresh install starts out as Admin-Party. To stop that you have to create an admin user, which secures the system data but leaves other databases open. First, create an admin user in your Dockerfile:
RUN sed -e '/^\[admins\]$/a admin=openpassword\n' -i /usr/local/etc/couchdb/local.ini
(just following klaemo's sed pattern of using -e) and when CouchDB runs it will salt and hash this password and replace it in the local.ini file. I extract that password and replaced "openpassword" with this so that my Dockerfile didn't have the password in plain text. CouchDB can tell by the form of it not to hash it again.
The normal pattern to now secure the other databases is to create users/roles and use them in a validation function to deny access to the other databases. Since I am only interested in getting a secure system in place for testing I opted to defer this and just use the settings in local.ini to force everyone to be authenticated.
The Dockerfile now needs to set the require_valid_user flag:
RUN sed -e '/^\[couch_httpd_auth\]$/a require_valid_user = true\n' -i /usr/local/etc/couchdb/local.ini
And that requires uncommenting the WWW-Authenticate setting:
RUN sed -e 's/^;WWW-Authenticate/WWW-Authenticate/' -i /usr/local/etc/couchdb/local.ini
Which, since the setting shows Basic realm="administrator" means that the NSURLProtectionSpace in my iOS app needs to use #"administrator" as the realm.
After this I now have a Dockerfile that creates a CouchDB server that does not allow anonymous modification or reading.
This hasn't solved all of my configuration issues since I need to populate a database, but since I use a python script to do that and since I can pass credentials when I run that, I have solved most problems.
To setup auth configuration during image build, you need to check not API, but configuration for server admins. TL;DR just put [admin] section into local.ini file with your username and password in plain text - on start, CouchDB will replace password with it hash and CouchDB wouldn't be in Admin Party state.
P.S. Did you check docker-couchdb project?

Role access for Sitecore admin tools like Update Installation Wizard

NOTE: Sitecore 6.6 Update 6 (rev. 20130529)
Hey folks, I'm trying to allow for certain users in a role to be able to access the admin tool for the Update Installation Wizard so that they can deploy .update packages to an environment.
However, short of giving these users full "is administrator" privileges, I can't seem to figure out which roles will give this access.
I've tried the following roles:
sitecore\Developer
sitecore\Sitecore Local Administrators
These pull in a variety of developing and maintaining roles and give most of the tools (including standard package installation). However, users with this access are still prompted for login when visiting the admin URL (/sitecore/admin/UpdateInstallationWizard.aspx)
Any thoughts?
You could take a look at Sitecore.Ship as an alternative means of deploying Sitecore update packages into an environment.
Essentially the tool exposes an endpoint that allows remote installation of update packages over HTTP. This approach has some advantages over the Update Installation Wizard as it allows Indexing to be disabled whilst the package is installed, leading to faster package deployment.
Unfortunately, as the folder structure would suggest (/sitecore/admin) the users need to be full Administrators.
The CheckSecurity() method of the UpdateInstallationWizard base class specifically checks for this:
private bool CheckSecurity()
{
User user = Context.User;
if ((Account) user != (Account) null && user.IsAdministrator)
return true;
SiteContext site = Context.Site;
string url = (site != null ? site.LoginPage : string.Empty) + "?returnUrl=" + this.Server.UrlEncode(string.Format("{0}.aspx{1}", (object) this.PageUrl, string.IsNullOrEmpty(this.Request.QueryString.ToString()) ? (object) string.Empty : (object) ("?" + this.Request.QueryString.ToString())));
if (url.Length > 0)
this.Response.Redirect(url, true);
return false;
}
You can check this yourself in dotPeek decompiler. It's defined in class Sitecore.Update.UpdateInstallationBase in the Sitecore.Update dll

sitecore: unable to access analytic (Login fail)

All the databases are stored in a remote server where I need to access remotely.
I need to access to Analytic db from my code behind file to get most viewed page.
So, I tried with something like this:
SqlConnection thisConnection = new SqlConnection("Data Source=xxx.xxx.xxx.xxx;database=xxxx ;User id=xxxx;Password=xxxx;");
But an exception was thrown (Login in failed ... )
And I have found few guides, but not really understand how it is used.
Guide 1: using Creating LINQ to SQL Classes (O/R Designer) as mentioned in http://learnsitecore.cmsuniverse.net/en/Developers/Articles/2009/09/mostviewedList.aspx
can anyone tell me or guide me what should I do? I have totally 0 idea on doing this.
Guide 2: using configuration manager (I haven't tried this yet)
string connectionString = ConfigurationManager.ConnectionStrings["ApplicationServices"].ConnectionString;
using(SqlConnection SqlConnection = new SqlConnection(connectionString));
Which version of Sitecore are you using? Are you using OMS or DMS? The article you linked to is for querying OMS, in Sitecore 6.5/DMS you should just be querying via the Sitecore.Analytics API and therefore should need a sql connection reference.
How to get item page views using sitecore 6.5 Analytics API
Jim mentions in this answer that he ended up writing his own calls. May be he might be a source of more information.
Moreover I am not aware that what exactly is your requirement but have a quick look at this page and see if this code offers what your are after.
Hope this helps.

Is there any available Django already built package for login

Django has its well designed admin site which is normally located at your-site/admin.
The interface is very powerful. However, you have to set permissions if you have multiple users with different rights and you have to modify a lot if the user asks you for very customised features.
So now my questions are:
should I build my own login site to provide website-specific features?
is there any already built package which I can re-use and add my own features into it?
When I need to use (and probably customize) a login application I always use django-registration.
It is a very complete app, I has email activation key and some other interesting features. And if you want to add/modify some new functionality you just have to create a new backend (you can inherit the common behaviour from the default backend.
https://bitbucket.org/ubernostrum/django-registration
https://github.com/nathanborror/django-registration
Hope it helps
You can create User Groups in django-admin to simplify assigning permissions instead of setting permissions to individual users.
Django-admin has a number of limitations, but there is a lot of extensions to manage them.
The app django-userna will take your pain away.
http://django-userena.org/
But personnaly i use Pinax. When i start a project all account (login/password reset/email management etc ...) is built in and i can focus on what makes my project different instead of reinventing all the user management stuff.