I am using the user-accounts package to manage the Account System in my app.
I have also integrated Google, Github, Twitter and other 3rd party Services.
The package works fine, but now that I need a specific page for every user, and for SEO terms, I need the url to be like this:
https://domain.com/user/username
I also have the accounts-password package. And I have added a username field, and it works fine.
But if thirdparty services are used, the popup closes and the page is redirected with the user successfully created. I read about calling Accounts.onUserCreate,
and this is my code:
Accounts.onCreateUser(function(options, user) {
var email = options.profile.email;
var ist = email.indexOf("#");
var uname = email.slice(0,ist);
user.username = uname;
if(options.profile){
user.profile = options.profile;
}
return user;
});
But it gives an error : Cannot read indexOf of undefined.
How can this be achieved?
There either can be a page, to enter the username, for every new user, or this way, the email should be sliced for username creation. (Second method is preferred.)
The error message is telling you your variable email has not been set.
When using third-party login services with Meteor, the user information is not stored within the profile of the user document. Rather, you should look for the email within the services data of that user document. For example, for Facebook, you should find this within services.facebook.email.
You may also want to consider using the user argument to find this information as the documentation states: "The user argument is created on the server and contains a proposed user object with all the automatically generated fields".
Related
I'm new to Next JS and this is my first time using Next Auth for authorization. I'm using the GitHub Provider and the Email Provider for authorization purpose in my app. For my app, I need the users to have a fullname and a username but I'm not able to figure out how to do it as I only get name and profile picture (from GitHub Provider, I get only email when using the Email Provider), and email. I want the user to be redirected to a page where they fill out a form with their fullname and a username, and only then I want the user object to be saved in the database. I'm using MongoDB here.
There are two sides, Admin and Users. I am using the same database in firebase for both Users and Admin. It means that Users that are registered in my firebase authentication, can login to Admin webpage. How do i allow only specific admin's email to login into the Admin page.
For example:
Admin has an email of admin#admin.com
User has various email like 123#gmail.com, 222#gmail.com and etc.
What i want is only to allow admin#admin.com to be able to login into the Admin page but restrict login for User emails to login to the Admin page.
Using a Javascript, a simple solution would be to split the email String on the #, which will return you an Array of substrings and compare the second part which is the domain. Then, you could condition the rest of your code to work only if the criteria is true.
An example would be:
const allowedEmailDomain = 'admin.com';
const email = 'test#admin.com';
if (email.split('#')[1] === allowedEmailDomain) {
// do something, we accept this email
} else {
// return an error or do nothing
}
I make the assumption that, on the back-end side, your application is correctly secured, i.e. you have security rules in your database that only allow the users with an "admin" profile/role to read or write "admin" data in the database.
If this is not the case you MUST set correct security rules, since securing your Firebase instance only from a front-end perspective is not sufficient, as it is not very difficult to reverse engineer your app code and write some JavaScript code that will interact with your back-end. For that you could use Custom Claims.
So, with this assumption, it means that you need to adapt your front end in such a way the admin screens are only seen by the admin users.
One of the best answer is again to use Custom Claims, as explained here https://firebase.google.com/docs/auth/admin/custom-claims#access_custom_claims_on_the_client (Section "Access custom claims on the client") and in this official Firebase video: https://firebase.google.com/docs/auth/admin/custom-claims#access_custom_claims_on_the_client
Note that trying to block a user based on his email domain may not be a good solution as it is easy, in few lines of JavaScript code, to register to your Firebase project as a user with a mail like whatever#admin.com or with any other email (using createUserWithEmailAndPassword)
Just block every other domain as #admin.com.
$allowed_domains = array("admin.com");
$email_domain = array_pop(explode("#", $email));
if(!in_array($email_domain, $allowed_domains)) {
// Not an authorised email
}
It's simply. Make an array for allowed domains, explode by #, get the last element of the array and check if it exists in the allowed domains array.
I'm building a Slack integration that is intended to modify some text and then post it to a Slack channel as though the user who triggered the command had said it.
e.g. /makeFace disapproval
#Ben 3:45pm
ಠ_ಠ
I ask for the client permission scope, which adds the chat:write:user permission. But when I hit the chat.postMessage endpoint, it only seems to allow you to post as the user who added the integration because the token it returns seems to be individuated for that user.
I know that giphy, for instance, sends its gif messages as though you are the originator, but I can't find out how they manage it. Is there any documentation for sending messages as other members of the team?
There are 2 ways to achieve this:
A. Overwriting username and icon
When you send a message with chat.postMessage it is possible to set a user name with the property username. The message will then appear as being send by that user (same for icon with icon_url).
However, this is not meant to impersonate real users, so even if you use the same username and icon as the real user the message will have the app tag, so that they can be distinguished from a real user.
Here is an example how it looks like (from a gamer Slack about flying and killing space ships):
But depending on what your requirements are that might work for you.
If you want to use it make sure to also set the as_user property to false (yes, really) and it will not work with a bot token, only with a user token.
See here for more details on how it works.
This also works for the legacy version of Incoming Webhooks, not with the current version of incoming webhooks though. (You can still get the legacy version, see this answer)
B. Having the user's token
Another approach is to always use the token from the respective user for sending the message. In combination with as_user = true messages sent by your app will look exactly as if they would come from the respective user (no APP tag).
To make that happen your app would need to collect tokens from all users on your workspace and store them for later use. This can be done by asking every user to install your app (called adding a "configuration") through the Oauth process (same you use to install your app to a workspace), which allows your app to collect and store those tokens for later use.
Update: This doesn't work. It impersonates the user who installed the app, so it merely seems to work... until another user tries to use it (and they end up impersonating you).
Go to your App's management page. Select "OAuth & Permissions".
Add the chat.write OAuth Scope to your app as a User Token Scope, not a Bot Token scope.
Take note of your User OAuth Token at the top of this page (not your But User OAuth Token).
Call chat.postMessage with
username = user id of the user you'd like to post on behalf of
token = the token from step 3. above
The resulting post will be 100% impersonated. Not just the name and icon as mentioned in other answers, but it'll 100% function as if it came from the user.
I hope this will help those who are still facing this issue.
First give the chat:write and chat:write.customize scope to your bot. The scope chat:write.customize Send messages as #your_slack_app with a customized username and avatar
From "OAuth & Permissions" settings get the bot OAuth token or even bot access token (both will work).
Then set the arguments like the following.
username to specify the username for the published message.
icon_url to specify a URL to an image to use as the profile photo alongside the message.
icon_emoji to specify an emoji (using colon shortcodes, eg. :white_check_mark:) to use as the profile photo alongside the message.
You can visit the docs from here
I'm using the standard Email + Password auth-provider.
Through certain circumstances I have to create a firebase user manually. The flow would be something like calling a REST api with an defined email + generated password, and if succeeded sending a welcome email to the user with his password. Something like forward user registration.
I read through their docs and couldn't find much. (the new docs don't even offer a REST API section for user management.. well and just to be clear, the new "google" styled docs, pretty much suck anyway :) ).
Is there someone who has already done something similar and can help me out?
BTW: It would also be possible to create them client side through createUserWithEmailAndPassword(), but this function does automatically reauthenticate the new user, which must not happen in my scenario. Is it possible to use createUserWithEmailAndPassword() without automatically logging in the user?
You can create a new Firebase App context in your client and then call createUserWithEmailAndPassword() there:
var authApp = firebase.initializeApp({
// ...
}, 'authApp');
var detachedAuth = authApp.auth();
detachedAuth.createUserWithEmailAndPassword('foo#example.com', 'asuperrandompassword');
By adding a second argument to initializeApp you create a separate context that will not trigger re-authentication upon user creation.
UPDATE It seems that my personnal email address had not been used for years. Facebook marked it as inactive and did not return it as part of the JSON.
I am authenticating a user with Facebook on the client side using this url :
https://www.facebook.com/dialog/oauth?
client_id=xxx&
redirect_uri=https://www.facebook.com/connect/login_success.html&
scope=email
I receive a code I then exchange for a token :
https://graph.facebook.com/oauth/access_token?
code=xxx&
client_id=xxx&
client_secret=xxx&
redirect_uri=xxx
I then send the token to my server and I fetch the Fb Graph in order to get some user info, including the email.
https://graph.facebook.com/me?access_token=xxx
For some reason, I get all the user 'about' info, but not his/her email!
What did I do wrong?
According to the Facebook Documentation:
By default, not all the fields in a node or edge are returned when you
make a query. You can choose the fields (or edges) you want returned
with the "fields" query parameter. This is really useful for making
your API calls more efficient and fast.
This is valid from v2.4, (previous versions retrieved some default fields).
When you register a new app you are entitled automatically (without manual review) to three permissions: email, public_profile and user_friends. In your code "email" is in scope (which is good) so just change your query to:
https://graph.facebook.com/me?access_token=xxx&fields=email
You probably wanted the public_profile fields that you automatically got in previous versions of the API. Do so so, add "public_profile" to your scope:
https://www.facebook.com/dialog/oauth?
client_id=xxx&
redirect_uri=https://www.facebook.com/connect/login_success.html&
scope=email,public_profile
And now add the user name fields to your query:
https://graph.facebook.com/me?access_token=xxx&fields=first_name,last_name,gender,email,timezone,age_range,verified
Good luck