I'm working with IBM Watson API's a few months ago.
I want to know more about Regex inside the Conversation Service. And how to get the login from the user, if they type some like:
My login is sayuri.mizuguchi!
My login? ooh, is sayuri.mizuguchi
The default is always firstname.lastname.
I want use input.text.find to get the login, and with one context variable I'll save the login, like:
{
"context": {
"loginUser": <? input.text ?>
},
Simon did the same but with other data, 11 numbers and works amazingly.
In this case I'll use just input.text because my input.text.find inside the node with IF condition will extract my data.
I find this solution with regex, #revo help with one example.
Try this inside the if condition:
input.text.find('\w+\.\w')
And only if user types login, the conversation will flow.
Related
I'm currently working on revising the registration procedure of our recruitment ATS, made with AngularJS and Meteor, and I need to verify the new user's email during the registration procedure.
The logic would go as followed:
1- User fills in a form on the 'get-started' page and when clicking on 'sumbit', the ATS sends a verification email(I'll be using 'sendVerificationEmail' from Meteor)
2- After the user clicks on the link from the email, they'll get redirected to the 'register' page where additional information is required and the registration procedure is concluded.
As mentioned above, I'm planning to use 'sendVerificationEmail' to verify the user but I also want to use it to send back the userID.
From what I read on the Meteor API, I can pass extra data to the token with 'extraTokenData'
Accounts.sendVerificationEmail(userId, [email], [extraTokenData])
Now how do I declare the 'extraTokenData' object?
Could I do it like this: Accounts.sendVerificationEmail(userId, "", { _id: userId })
And how do I retrieve the 'userId' with 'Accounts.onEmailVerificationLink'?
your help will be greatly appreciated.
The email and the extra tokens are optionals, but if you want to send them send it as a string.
If you want to send the extra token but no emails you can try using Accounts.sendVerificationEmail(userId, undefined, "extra token") or if it doesn't work you can request the user's deatil user Meteor.user(). then call user.emails[0].address.
To retrieve information you have to get user by token and all data are there on user document under services.password.reset field. Look here how Accounts.generateResetToken is implemented https://github.com/meteor/meteor/blob/1e7e56eec8414093cd0c1c70750b894069fc972a/packages/accounts-password/password_server.js#L609.
I would like to know how to display a file when a user types something.
Ex: Show me the course details
Output: The file(pdf format) which is on my PC gets displayed.
Basically, you need to know how to work conversation: is one API for creating Intents, Entities and your Dialog flow.
Your application will access all nodes with the return from the API, and you will create conditions to get something for know if the user asked something about "Show me the course details".
I recommend to you create one intent like #aboutCourse and show examples to Watson know if the user will ask something with this purpose.
Something like:
Watson says: Hi! How can I help you?
User: Please show me the course details
Watson will recognize your intent and response what you paste within the node with the Intent condition #aboutCourse.
Make sure if the user really want this with:
Watson says: You really want to know details about the course?
User: yes / ok // or something to confirm
Or you can add some Intent confidence level for this node condition like: intents[0].confidence >= 0.75
And your code will check if the Intent is #aboutCourse and the entity is #yes, and do something in your application.
Or, you can create one context variable too, because, depends on your node flow, the intents will modify within your flow because every time Watson try to recognize what the user wants.
With your dialog flow, you will create one context variable and check if user says yes, like:
{
"context": {
"courseConfirm": "<? #yes ?>" //create one intent with confirm examples and value equal yes
},
"output": {
"text": {
"values": [
"Ok, you say #yes. I'll check, one moment."
],
"selection_policy": "sequential"
}
}
}
And within your application:
function updateMessage(input, response) {
if (response.context.courseConfirm == 'yes') {
//do something with code with code
}
}
Or you can create one function inside my example, like this answer.
Obs.: This code example is with conversation-simple project, from IBM Developers, but you will do something like my example with the same logic:get the return from API and do something within your application.
I'm actually creating my first app using meteor, in particular using angular 2. I've experience with Angular 1 and 2, so based on it. I've some points of concern...
Let's imagine this scenario...My data stored on MongoDb:
Collection: clients
{
name : "Happy client",
password : "Something non encrypted",
fullCrediCardNumber : "0000 0000 0000 0000"
}
Now, on my meteor client folder, I've this struncture...
collection clients.ts (server folder)
export var Clients = new Mongo.Collection('clients');
component client.ts (not server folder)
import {Clients} from '../collections/clients.ts';
class MyClients {
clients: Array<Object>;
constructor(zone: NgZone) {
this.clients = Clients.find();
}
}
..and for last: the html page to render it, but just display the name of the clients:
<li *ngFor="#item of clients">
{{client.name}}
</li>
Ok so far. but my concern is: In angular 1 & 2 applications the component or controller or directive runs on the client side, not server side.
I set my html just to show the name of the client. but since it's ah html rendering, probably with some skill is pretty easy to inject some code into the HTML render on angular to display all my fields.
Or could be easy to go to the console and type some commands to display the entire object from the database collection.
So, my question is: How safe meteor is in this sense ? Does my concerns correct ? Is meteor capable to protect my data , protect the name of the collections ? I know that I can specify on the find() to not bring me those sensitive data, but since the find() could be running not on the server side, it could be easy to modify it on the fly, no ?
Anyway...I will appreciate explanations about how meteor is safe (or not) in this sense.
ty !
You can protect data by simply not publishing any sensitive data on the server side.
Meteor.publish("my-clients", function () {
return Clients.find({
contractorId: this.userId // Publish only the current user's clients
}, {
name: 1, // Publish only the fields you want the browser to know of
phoneNumber: 1
});
});
This example only publishes the name and address fields of the currently logged in user's clients, but not their password or fullCreditCardNumber.
Another good example is the Meteor.users collection. On the server it contains all user data, login credentials, profiles etc. for all users. But it's also accessible on the client side. Meteor does two important things to protect this very sensitive collection:
By default it only publishes one document: the user that's logged in. If you type Meteor.users.find().fetch() into the browser console, you'll only see the currently logged in user's data, and there's no way on the client side to get the entire MongoDB users collection. The correct way to do this is to restrict the amount of published documents in your Meteor.publish function. See my example above, or 10.9 in the Meteor publish and subscribe tutorial.
Not the entire user document gets published. For example OAuth login credentials and password hashes aren't, you won't find them in the client-side collection. You can always choose which part of a document gets published, a simple way to do that is using MongoDB projections, like in the example above.
I've been going through the rules guide but haven't found an answer to this.
App users are able to submit "scores" of different types, which are then processed in JS and written to a "ranking" node. I have it set up so that every time a new score is submitted, the rankings are automatically recalculated and a new child is written if the user doesn't exist or updated if the user exists.
My question is how to secure this "ranking" node. Everyone should be able to read it, nobody except the system should be able to write it. This would prevent people from submitting their own rankings and aggregate scores.
EDIT
This is the operation:
Ref.child('rankings').child(uid).once('value', function (snapshot) {
if (snapshot.exists()) {
snapshot.ref().update(user); //user object created upstream
} else {
var payload = {};
payload[uid] = user;
snapshot.ref().parent().update(payload);
}
});
How would I add custom authentication to this call? Also, since I'm using AngularJS, is there any way to hide this custom token or would I have to route it through a backend server?
The key part of your problem definition is:
only the system should be able to write it.
This requires that you are able to recognize "the system" in your security rules. Since Firebase security is user-based, you'll have to make your "system" into a user. You can do this by either recording the uid from a regular user account or by minting a custom token for your "system".
Once you have that, the security for your ranking node becomes:
".read": true,
".write": "auth.uid == 'thesystem'"
In the above I assume you mint a custom token and specify thesystem as the uid.
I am using iOS 6 Social framework for accessing user's Facebook data. I am trying to get likes of the current user within my app using ACAccount and SLRequest. I have a valid Facebook account reference of type ACAccount named facebook, and I'm trying to get user's likes this way:
SLRequest *req = [SLRequest requestForServiceType:SLServiceTypeFacebook requestMethod:SLRequestMethodGET URL:url parameters:nil];
req.account = facebook;
[req performRequestWithHandler:^(NSData *responseData, NSHTTPURLResponse *urlResponse, NSError *error) {
//my handler code.
}
where url is #"https://graph.facebook.com/me/likes?fields=name"; In my handler, I'm getting this response:
{
error = {
code = 2500;
message = "An active access token must be used to query information about the current user.";
type = OAuthException;
};
}
Shouldn't access tokens be handled by the framework? I've found a similar post Querying Facebook user data through new iOS6 social framework but it doesn't make sense to hard-code an access token parameter into the URL, as logically the access token/login checking should be handled automatically by the framework. In all examples that I've seen around no one plays with an access token manually:
http://damir.me/posts/facebook-authentication-in-ios-6
iOS 6 Facebook posting procedure ends up with "remote_app_id does not match stored id" error
etc.
I am using the iOS6-only approach with the built in Social framework, and I'm not using the Facebook SDK. Am I missing something?
Thanks,
Can.
You need to keep a strong reference to the ACAccountStore that the account comes from. If the store gets deallocated, it looks like it causes this problem.
Try running on an actual device instead of a simulator. This worked for me.
Ensure that your bundle id is input into your Facebook app's configuration. You might have a different bundle id for your dev/debug build.