My company is using a Parse backend for user accounts & I need to build out a password reset and other web based pages that will support our mobile apps. I've not done web dev like this in a while, so I'm wondering if anyone knows of a good tutorial?
I've found some that show me how to build out the whole system (users, password reset & email confirmation)...but nothing about hooking that up to Parse.
Any help would be greatly appreciated!
Parse provides an extremely simple solution for password reset out of the box, without the need of any plugin or mail server at all.
Something like:
Parse.User.requestPasswordReset("email#example.com", {
success: function() {
// Password reset request was sent successfully
},
error: function(error) {
// Show the error message somewhere
alert("Error: " + error.code + " " + error.message);
}
});
sends a link to the concerned user.
However, the page that will open will have two important points that I like to over-write:
It opens on the parse.com URL.
It, by defaults, opens the Parse default template.
You can go to your app settings and over-ride the URL as well as default template, so as to suite the needs of your app and so that your users are unaware of the usage of Parse.
Related
I am implementing google native login in my ionic app using this plugin. In google console I have a previous project xyz . I created a client ID using web application as application type (Authorized JavaScript origins and Authorized redirect URIs fields left blank).
I am able to login and view user data.
Now I followed the same approach with another project using different google account. This time I am getting an error code 10 in response.
P.S. Google+ API is enabled in both cases.
Here is my code where I am putting my client id for reference
window.plugins.googleplus.login(
{
'scopes': 'email',
'webClientId': 'XXXX.apps.googleusercontent.com',
'offline': true,
},
function (obj) {
alert(obj.email + "+++" + obj.displayName + "+++" + obj.userId); // do something useful instead of alerting
},
function (msg) {
alert('error: ' + msg);
})
P.S. Google+ API is enabled in both cases.
Same problem is stated here error code 10
Make sure that your webClientId is correct
As described link above
You need to pass in a Web Application type client ID to the login
function
check following things.
1. The problem occurs if you created sha1 fingerprint with different system and building your app in different system.
make sure you are building the app in the same system which you generated sha1 fingerprint to add in google developer console.
2. you no need to add webClientId id but you have to use webClientId while installing the plugin.
like
cordova plugin add https://github.com/EddyVerbruggen/cordova-plugin-googleplus --save --variable REVERSED_CLIENT_ID=myreversedclientid
I'm going to explain the problem better with an example, in this Firebase official example https://office-mover-demo.firebaseapp.com/ I can show the hidden page without login with a simple command in the console:
app.classList.remove('is-hidden');
Yes, of course, the data in firebase can be accessed only if a user successful logged in. So my question is: Can i do something to show the structure of the html private part only after a successful login of the user? (Only with static content and firebase auth)
From the Firebase documentation on monitoring authentication state:
// Create a callback which logs the current auth state
function authDataCallback(authData) {
if (authData) {
console.log("User " + authData.uid + " is logged in with " + authData.provider);
} else {
console.log("User is logged out");
}
}
// Register the callback to be fired every time auth state changes
var ref = new Firebase("https://<YOUR-FIREBASE-APP>.firebaseio.com");
ref.onAuth(authDataCallback);
Where the snippet calls console.log, you can just as easily show/hide the HTML.
My solution to this problem - as I understand it - is to set a cookie upon user login containing the user's id or, with an additional call to Firebase, a secret visible only to the logged in client. My server can then read the cookie and determine whether the user is authorized to view the content and only then download it. Thus, I am using Firebase for authentication, but my own server for authorization.
It works, and I can also log the user in to my server using this approach just as if I had received an Oauth token.
However, lacking experience with cookies, I would like to know how secure this is!
I get the following strange Error in my meteor application when users try to login with facebook. Its not that all logins are not working but as we launched today i get 4 or 5 every hour. Which also means im loosing many users.
Error:
Accounts.LoginCancelledError: No matching login attempt found
Method which throws the error(its called on client side):
Meteor.loginWithFacebook({requestPermissions: ['email']}, function(err){
if (err) {
console.log(err);
throw new Meteor.Error("Facebook login failed");
}
else
{
Router.go('browseCampaigns');
}
});
Also i add the FB Profile Picture in the onCreateUser() Method:
user.services[service].picture = "https://graph.facebook.com/" + user.services[service].id + "/picture/?type=large";
Can this cause this problem?
If you have facebook working when you test it this can be caused by:
the user closing the popup before authorising your app
your app being unable to talk to facebook (unlikely if you have logins working/if the site is hosted on commercial servers)
There's not much that can be done in the first case. You've mentioned in your code you ask the user for their email address. If a user is uncomfortable with this they are likely to close the login popup.
This error can be caused by an access to the application via http instead of https.
Compare two versions:
http://admin-react.herokuapp.com/
https://admin-react.herokuapp.com/
the first will not work.
I have a web app and I will like to integrate mailchimp such that when a user clicks the signup button on the page, the user's email is added to a mailchimp subscription list but I'm having difficulty in doing so. The problem is, the button on the page is created in a javascript file using extjs. I do not have that much experience in developing web applications . I already downloaded the api for integrating with php. I saw this: " AJAX Mailchimp signup form integration " but it seems to have security issues.
Can anyone help explain how to go about this?
Have the ajax call directed to your server, with the user's email.
From there, use the API (you downloaded) to add the email, and return the outcome of their response to your client.
When you do it behind the scenes (your server to theirs), there is no security risk, as you are not exposing your API key.
Client side code:
Ext.Ajax.request({
url: 'add_mail_to_chimp.php',
params: {
email: theUser_sEmail
},
success: function(response){
var text = response.responseText;
alert ('yay' + text);
}
});
Is there a way to validate the response from say:
FB.api(
{
method: 'fql.query',
query: 'SELECT name, pic FROM profile WHERE id= ' + FB.getSession().uid
},
function(response) {
//...
}
);
Validating the cookie for login is easy enough using a MD5 hash and the application secret key compared to the provided sig parameter. However in the case of the api calls, what would stop someone from using firebug to change the response? Obviously this can be done on the back end for sensitive information but i'd like to keep as much of the back and forth bandwidth to Facebook on the clients end as possible.
Any thoughts?
I can't think of anything harmful the user can do other than breaking his own experience in your application UNLESS you are getting these inputs (responses) and processing them/saving them to the DB for example:
Having an input field where the user can update his FB status through it, and you want to save that to your own DB too?
In this case you would/SHOULD do the usual input validations (mysql_real_escape ..etc) anyway.
Saving the user Email?
You already can get almost all the information about the user using server-side calls once the user is authenticated and grant your application access..for instance to save the user email you shouldn't wait for the user to send it to you when you can acquire it using the email permission
Any validation you might do in JavaScript(1) would be something the user could overcome with a little JS of their own.
If you need to ensure that communications to/from Facebook are secure and not interfered with... then do it on the server.
(1) e.g.
if you had a validateFacebookResponse(resp); function... an end user simply needs to re-declare the function...
function validateFacebookResponse(resp){
return true;//always return true!
}
and any "security" you had is out the window.