I need to get the current user’s credentials ( user id & password ) and compare it to the custom user id field and password field from a suitelet. Is there a way to do this?
Appreciate all your help!
You can get the current user's id (email) with nlapiGetContext().getUser() in 1.0 or runtime.getCurrentUser() in 2.0. However you cannot get the user's password for obvious security reasons.
Related
I have a login form that has 3 fields- username, password, and company ID.
Browsers have no problem recognizing the username/ password, and saving/ autofilling them, but they do not recognize the company ID field.
Just to prototype, I've implemented my desired functionality with locaclStorage, but I of course want to do it in a more secure way without localStorage.
I'm working with Vue/vuex.
Much of what I've come across are solutions for autofilling forms, but I think this implementation needs to be different since it is pre-login authentication credentials.
I've looked into the Chrome/browser password manager api's but they seem to only handle user/password.
My basic implementation with localStorage:
On successful login, company ID is saved to localStorage:
localStorage.setItem('companyId', self.companyId);
Then on future logins, login form will be autofilled with the company ID, if one is found in local storage:
if(localStorage.getItem('companyId')){
self.companyId = localStorage.getItem('companyId')
}
Browsers don't autofill all kinds of form inputs. They actually handle a small amount of values, as documented on this Mozilla documentation HTML autocomplete
For your "company id" field, I'd suggest to use the name organization-title, which is supported by the autofill api, for the browser to save it:
<input name="organization-title" id="companyId" />
I created a login portal that we use for many applications.
This is not the standard login form, with 2 inputs, one for username and one for password.
It is a single page application, with this structure:
Initial page: input field for email
Once the user enters the email and continues, 2 thing can happen:
email is not valid (we do an API call to check if the email is present in our DB), in this case you get an error message
email is valid, and now you are presented with multiple buttons, one
of them is "login with password" (because the user can also login for
example with Office365, where we redirect the user on Microsoft
page).
if "login with password" is chosen, a input of type="password" is
now visible
Finally the user presses "login" and if the password is correct, he's now logged in.
This all happens in a single .html/.ts file, all done with ngIf to show and hide parts.
I want to implement that when the user successfully logs in with the password, the browser will ask if he wants to save the combination of username + password, but I don't know how, usually I know it works when both input fields (username and password) are one under the other, but in my case, not sure what to do!
edit: I saw that on Chrome there is a flag to allow : Username-first-flow, which by the description looks like what I want, so there should be a way to implement what I m looking for
My guess would be to not save the combination in the browser.
You should instead create a token in your back end upon successful login, then return it to the client, save it in a cookie that has flags secure and samesite to strict.
This token then can be used upon user return to authentify and thus skipping your login process.
Read more on auth process here: https://auth0.com/
The combination will get saved on a click of a submit button, so if you can like put the username in localStorage then when the user chose the password and fill it correctly you simply trigger a submit event but the form has to have the username input and the password input inside of it so this work. Any question?
I am learning to code and am attempting to build a to do web application in node using Express (I think that's the right wording).
I have a table('users') in postgresql which stores user_id,email and password.
When a user logs in to the website I want to loop through the table and ensure the email exists and it matches the password and then the user can log in and when they're logged in - their unique user_id is assigned and brings up their previous to do lists.. I would like to incorporate knex also if possible.
I am at a loss how to do this and would appreciate any tips/pointing in the right direction.
Thanks
Try something basic first
SELECT
user_id
FROM users
WHERE
email = _your_user_email
AND password = _your_user_password;
If the result you get back contains user_id or whatever you want returned, then the user exists. You can expand on this further by checking for email, and let the user know that the email exists but the password is incorrect, etc. Try the simple method first and see if this meet your need.
First of all, I would recommend you to name your id field for your users table as id.
It is best practice to name id fields as id and reference columns as <tablename>_id
(eg. table clothes.id unique identifier for iter and clothes.user_id – foreign key to table users).
Secondly, it is highly NOT recommended to store your passwords as raw data inside of the database (security reasons).
It is a common practice to keep user passwords as hashed data.
For example, take a look at bcrypt package.
To select users (there is no such thing as "loop" in terms of database, it is called "query") you need to
create a query like
select
id,
email,
<any_other_field_you_need>
from
users
where
email = 'your#email.com'
and password = 'your password hash'
In terms of knex it can be written
knex('users')
.select(['id', 'email', '<any_other_field_you_need>'])
.where('email', 'your#email.com')
.where('password', 'your password hash')
Your query params (email, password) you can get from express body.
Make sure you are using POST HTTP method to send your request and pass your data as a body.
In case you don't know express – it's an npm package.
It helps in the creation of web-services. They have a hello world guide on their
official website. Feel free to check it out. Or just simply google "express tutorial for beginner" there are a lot of great tutorials over the internet about it. It's quite popular.
I want to invite a new user (that not used the website before) to edit an existing Firebase record. (edit record of a location where I know the email address of the owner).
What is a possible approach?
Saving records should be generally protected by rules: email is verfified(!) and userId corresponds to a field in the record.
I could manually set up the user with password and random password first and save the userid in the record. But I do not see a way to set the email as verified (to allow later saving)? Even if I could, how do I sent a link to a user so he can sign in with his user credential.
There might be another way that I do not see. I would appreciate some direction. Thanks!
I'm wondering if any Node/Express gurus could give me a little advice on if the following scenario that I'm trying to achieve is possible. I think it is, I'm just a little unsure on the best-practise way to tackle the problem.
I'm currently in the process of building a small client that will be protected. To gain access to the following the following steps must occur:
Input name + email address in a form that then sends this data in an email to an admin.
The email will containing a prebuilt link containing query params of the data that was input into the field. The link will have an API URL prior to the query params.
When the link is clicked an API request will be performed that takes the query params (mainly the email address) and grants this email address access to the client for a specific period of time such as 2 hours.
The client will go to subdomain.domain.com, enter their email address (which gets validated to check that an admin has approved the email address) and have access to the client for 2 hours. There will also be a timer with the remainding session length.
The majority of this I can take care of but I thought I'd give you an insight in to the full picture of what it is I'm trying to achieve. The part that I have queries about is section 3 and giving an email address access to the client for a specific period of time. I don't want any passwords to be involved so what is the most-secure, more-advisable solution to this? Would I have to use tokens?
I will be building the server-side using Express unless I strictly have to use Node for whatever reason.
Thanks in advance!
When the admin approves the request, the api inserts a row into a db (mongo would be easy) which expires in 2 hours (or however long). Next, when the user goes to the subdomain, they enter their email address. Your express app checks if the email is in mongo. If it is, they have access. You can stick their email in a cookie and check it that way on future requests.