I have created Connected App in Salesfoce and have customized the login screen (changing logo, button css etc., using Visualforce). When user logs in for the first time or logs in from different browser or device, it prompts for 'Verify your identity' (to enter verification code).
I know we can customize the option of sending the verification code to mobile or email. But, I would like to customize the 'Verify your Identity' screen like changing the logo, button css etc. I didn't find it under Visualforce Pages.
Where is this located and how can the styles be customized?
This will be possible in Winter '20. From Release Notes:
When external users register a verification method, either a phone
number or email address, Salesforce displays a Verify page for users
to enter their verification code. You can replace the default Verify
page with your own, for example, to reflect your brand or meet your
corporate guidelines
Related
Currently, Firebase offers the option to send an email to a users email who wishes to change their password. Unfortunately, Firebase does not allow you to edit their password requirements which I believe is locked at requiring only 6 characters.
For many people this is inadequate and insecure.
I recently made an application that allows users to create quizzes either for themselves or for others. In this application, I stores personal information of my users and I wanted to make sure that their accounts were secure so I required more from my passwords. Unfortunately, when a user wishes to change their email, the default Firebase function does not keep my security which leads to confusion as a user can change their passwords according to Firebase's lax constraints but then they still couldn't log in because they used an invalid password. (I blocked invalid passwords from the text box before even checking with Firebase).
After I encountered this error, I came to StackOverflow for help to see if anyone else had this issue and came up with a solution. Unfortunately, I was met with harsh criticism and harassment by users who claim to be Firebase officials and Administrators who did not care about my question.
Then, I after a week of research and testing, I found the solution using React and 3rd party libraries to handle this.
Please, see my answer below and if you have a more creative solution, I would be interested in seeing that as well.
To solve this problem, the only answer is to create your own mailer service with your own basic mailer service, host website, and API.
What you need:
An application which uses Firebase.
A hosted API which uses Firebase and a 3rd party Mailer such as Node with NodeMailer - hosted on Heroku
A React app which can communicate with the API
What I did:
First, I created my API which accepts calls from my specified IP addresses. This API can receive requests to reset a password when the password is known or unknown. When the password is known, I send an email to the user using NodeMailer and I send a special HTML file so the email looks official. It is quite easy to copy the layout of Firebase's emails if you wish.
More Info can be found here: https://nodemailer.com/message/
Then, I created a React App that is hosted on Heroku. When the user clicks a link in the email, it will send them to this website with the required information in the query. This app, much like when the Firebase link is clicked is just a simple text box and submit button. However, now you can customize it to require password confirmation with a second text box. You can also add a company logo and custom colors so it isn't so HTML 1 looking like the link you see from Firebase. Most importantly, you can now control the password that the user enters to add your unique requirements.
On submit, the app will send the new password, username and old password if available to the API.
If you do not know how to create a React App or a Node API, you can see a detailed tutorial here: https://www.techandstartup.com/tutorials/build-api-with-node-express-and-mongodb
Finally, the API can log into the users account if a password is present and then change the password. Detailed steps can be seen from: https://www.codegrepper.com/code-examples/javascript/firebase+user+change+password
If a current password is not present, then the API can delete the user and recreate it with the desired password. Deleting a user can be seen: https://www.codegrepper.com/code-examples/javascript/firebase+delete+user Then you simply recreate a user. Example code: https://www.codegrepper.com/search.php?q=firebase%20createUserWithEmailAndPassword
With these steps, you can now send a password reset email to a user. The email will be completely unique as you will be designing it yourself. The password will be to your exact specifications as your React App will control the data on submit. And the page itself will look much more user friendly as it's not the default Firebase page.
Hopefully this helps you or your company with working around the Firebase reset password with email function. I am still holding out hope that another user may have a more elegant or basic solution than this as creating an API and hosting a website just for 1 function is not appealing in many cases.
I want to build a multistep registration Auth flow where these are the required steps and flow:
In the first step User verifies mobile number with otp.
In the second step User uploads image of some ID proof.
In the third step User fills some extra details such as name, email, address, etc.
Finally user submits the form.
Upon receiving the form details an Admin(having direct access to firebase console and firestore) manually checks the details , if they seem real he/she sends a newly generated Id(can be email or phone no.) and Password (created by admin) to the User through email or sms with which he/she can finally login.
I know it is complicated and might not be possible with firebase but I still want some insight and answer to my problem. Thank you.
I have DNN 7.4.2 installed. Besides standard registration/login I would also like to utilize Facebook,Twiiter,Windows Live, and Google authentication. However, I don't like the current workflow. I am now familiar using the Christoc templates to build custom modules, but is this what I want to do, or do I need to build a custom authentication provider. A lot of the examples out there reference old versions of DNN.
Here's the flow I want:
1) If User is not logged into site, check to see if they are logged into one of the social sites, and if so check their id to see if it is associated with a User on my site. If so, log them in automatically to my site.
2) If User is not logged in yet, display "Register" and "Login" Links on my menu.
3) If they click the "Register" link, a jquery popup should appear. Buttons for normal registration, and a button each for registering with one of the social sites should appear.
4) If they click on the regular registration, they should go directly to un-pre-populated registration form.
5) If they click on one of the social buttons, it should retrieve whatever info it can from the particular social site, and then go to the same registration form, but pre-populate the controls with the info it retrieved.
6) The registration form should have all the standard fields, plus a place for the avatar (which can be prepopulated from the pic retrieved from social site). In addition, I am using DISQUS comments, and so I want them to be able to enter their DISQUS login info and/or create a DISQUS account.
7) Once the user hits submit, only then is the User actually created. User should be returned to whatever page they were on when they started the registration process.
8) If User is not logged in, and they click "Login" link, a jquery popup will give them Username/Password controls if they want to login in standardly, and also have buttons for logging in with each of the social sites.
9) Id login is unsuccessful, jquery popup content would be replaced with "Unsuccessful" content, and content for retrieving lost usernames / passwords.
10) If login is successful, then they should also be logged into DISQUS.
If there is already a good module that will do all this, then I would prefer just to spend $100-$200 to get it. However, if there isn't, I would just like a push in the right direction on how to program all of this.
1) If User is not logged into site, check to see if they are logged
into one of the social sites, and if so check their id to see if it is
associated with a User on my site. If so, log them in automatically to
my site.
This point is unpossible. Every web page is isolated from each other. You can't determine that user is logged in or not in another webpage. Also you can't identify not logged user (in your website) to check if he is logged in with API (by userId).
I thnik all other points can be reached by this module: http://store.dnnsoftware.com/home/product-details/social-login-and-social-sharing.
While I thank Aram for his suggestion, I believe I am going to have to write my own custom authentication providers from scratch. I hate the fact that I could get no other responses. I also hate the fact that there is seemingly no good options for me to make a reasonable on-time module purchase to at least get something resembling what I need.
I have design a page where every time user go to page submit a code after entering a code or password then access all other website pages.
I know rest of work is achieved through Access Control List means only logged in users can access.
Now I need page where you can enter only password without enter username.
Here is an example click here
Currently this page is non joomla page ..rest of the site is joomla based.
How can I edit login page so that login page only have password filed.
also when user close browser he logout automatically
requirement is only one code is used thorough out the website for every user ....
Best Regards
Got to this directory
components/com_users/views/login/tmpl
Find default_login.php and modify it as per your usage. Make sure you are checking in active template directory.
This is scenario I'm going for:
User visits the site, site.com, meta tag detects that the user is on a mobile device, and bounces the user over to m.site.com. Then, the user sees a link for "View full site," and clicks on it.
But then, the site bounces the user over again.
Is there a clean way of handling this? Allowing the user to choose which version he/she wants to see, but by default, first going to the mobile site?
Thanks!
Tonnes of ways I can thing of.
You could have a parameters/page which the user visits. For example google have /ncr (no country redirect). When the user visits this particular page you could set a session/cookie which can be monitored to prevent redirection.
-You could only redirect the user if a particular cookie is not detected, and they are using a mobile user-agent.
You could check the referer in addition to the user-agent, and if the referer has come from m.site.com then don't redirect.