I'd like to allow users to login with theire email as well as username like describe in FOSUserBundle. It works fine but when using PUGXMultiUserBundle, it does not.
app/config/config.yml:
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
pugx_multi_user:
users:
user_one:
entity:
class: UserBundle\Entity\Vendor
As I'm using sonata-admin bundle form to register one of my userType (UserBundle\Entity\Vendor), I put in UserBundle/Controller/VendorAdminController:createAction()
if($form->isSubmitted()){
$discriminator->setClass('UserBundle\Entity\Vendor');
$userManager = $this->container->get('pugx_user_manager');
$userOne = $userManager->createUser();
$userOne->setUsername($object->getUsername());
$userOne->setEmail($object->getEmail());
$userOne->setName($object->getName());
$userOne->setPlainPassword($object->getPlainPassword());
$userOne->setEnabled(true);
...
}`
At that point, every thing is fine, when I want to login with username but when I tried to login with email, I get the following error:
Invalid credentials.
Related
I have 2 separate platforms I use the same firebase confing for both of them
The first one is for the normal users , they can register and login and see the courses.
The second one is for the admins (ps: the admin is like a normal user , but I have a special collection called admins for the admin and another one called users for the normal users )
To check if the person who logged in is an admin , I check if his email exists in the admins collection).
So in the admin platform I should display a list of users
I want to enable and disable a spisific user (I can get his document Id, and UID)
when i use :
try {
await getAuth().updateUser(uid, { disabled: true })
getUsers()
} catch (error) {
console.log(`is error of ${uid} with ${error.message}`)
}
i got this erroe:
firebase_auth__WEBPACK_IMPORTED_MODULE_1__.getAuth)(...).updateUser is not a function
I using ASP.Net Core 3 Identity with Identity Server 4 for authentication ...
On the AspNetIdentity template the External Authentication Controller Callback method calls the AutoProvisionUserAsync method which has the following code:
var email = claims.FirstOrDefault(x => x.Type == JwtClaimTypes.Email)?.Value ??
claims.FirstOrDefault(x => x.Type == ClaimTypes.Email)?.Value;
if (email != null) {
filtered.Add(new Claim(JwtClaimTypes.Email, email));
}
var user = new User {
UserName = Guid.NewGuid().ToString(),
};
var identityResult = await _userManager.CreateAsync(user);
Basically it creates a user with a Guid as Username ...
In my database I am using Email as Username ... Is there any reason to use a Guid?
I suppose most External authentication services (Google, Facebook, etc) provides an Email.
So my idea would be:
Check if there is an User in the database already with that email.
If no User exists create one with the email obtained from the External authentication service.
Also add the external authentication to the User in the database;
If there is a User with the email in the database check if it has that External Login.
If the user does not have the external login register and add it.
Does this make sense?
Check if there is an User in the database already with that email.
On callback, first call is to FindUserFromExternalProviderAsync, it search users using nameIdentifier, then if not found there is call to AutoProvisionUserAsync
Basically it creates a user with a Guid as Username ...
In my database I am using Email as Username ... Is there any reason to use a Guid?
The ApplicationUser's base class is IdentityUser, IdentityUser has a prop for ID and one for email by design. thats why most of libraries take advantage of having GUID as ID in addition of email for extensibility. You can use the email for ID if you like to.
We have a customers AD system that we authenticate users against using LDAP, specifically by doing a bind using their username and password. Depending on how the username is structured the results of an incorrect password are different. If we include the domain name on the username then ANY password will return an authenticated result. I've pasted some results using LDP.exe for each of the scenarios:
Bind with myusername & invalid (non blank) password:
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='[username]'; Pwd= <unavailable>; domain = 'DC=[domain],DC=co,DC=uk'.}
Error <49>: ldap_bind_s() failed: Invalid Credentials.
Server error: 8009030C: LdapErr: DSID-0C090585, comment: AcceptSecurityContext error, data 52e, v4563
Bind with myusername#domain.org & invalid (non blank) password:
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='[myusername#domain.org]'; Pwd= <unavailable>; domain = 'DC=[domain],DC=co,DC=uk'.}
Authenticated as dn:'[username#domain.org]'.
What I have noticed is that the users full username is username#domain.org and the domain provided to LDAP is DC=domain,DC=co,DC=uk, not sure if this would make a difference?
Does anyone have any ideas on what maybe causing this and whether there is some sort of setup somehwere that needs addressing?
Cheers.
Is the Guest account enabled on the domain? If so, any random credentials will work. It will only tell you that the password is incorrect if you use a valid username.
When you use the myusername format, it must match the sAMAccountName attribute on the account. If you use the myusername#domain.org format, it must match the userPrincipalName on the account - so it's possible that myusername#domain.org is not really the userPrincipalName of your account.
I think I'm close, but there's just something I'm missing:
GIVEN:
We just want to be able to open our app, get the UserID from salesforce (which would match the UserID in our app), and log us in ... seems easy enough.
We are trying to use the open source C# component AspNetSaml https://github.com/jitbit/AspNetSaml
I have a cloud instance that hosts our app, for testing:
The URL to get to our app would be something along the lines of: http://1.2.3.4/OurCompanyApp/app.wgx
SALESFORCE:
I didn't initiate this process, but I do see that in Salesforce we have it setup as an Identity Provider. So I see this information under Identity Provider:
Issuer: https://our-company-stuff.my.salesforce.com
Label: SelfSignedCert_04Nov2016_195856
Unique Name: SelfSignedCert_04Nov2017_195856
Key Size: 2048
Salesforce Identity: https://our-company-stuff.my.salesforce.com/.well-known/samlidp.xml
I did set up a Service Provider via Connected Apps:
Connected App Name: AppTest
API Name: AppTest
Description: AppTest
Start URL: http://1.2.3.4/OurCompanyApp/app.wgx
Enable SAML: true
Entity ID: http://1.2.3.4/OurCompanyApp/app.wgx
ACS URL: http://1.2.3.4/OurCompanyApp/samlconsume.wgx
Enable Single Logout: false
Subject Type: User ID
Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
IdP Certificate: Default IdP Certificate
ACTUAL CODE:
//var samlEndpoint = "https://csi1-dev-ed.my.salesforce.com/";
//var samlEndpoint = "https://csi1-dev-ed.my.salesforce.com/.well-known/samlidp.xml";
(one of these would be un-commented)
var request = new AuthRequest(
"http://1.2.3.4/OurCompanyApp/app.wgx", //put your app's "unique ID" here
"http://1.2.3.4/OurCompanyApp/samlconsume.wgx" //assertion Consumer Url - the URL where provider will redirect authenticated users BACK
);
string url = request.GetRedirectUrl(samlEndpoint);
Response.Redirect(url);
GetRedirectUrl encrypts this bit of xml:
xw.WriteStartElement("samlp", "AuthnRequest", "urn:oasis:names:tc:SAML:2.0:protocol");
xw.WriteAttributeString("ID", _id);
xw.WriteAttributeString("Version", "2.0");
xw.WriteAttributeString("IssueInstant", _issue_instant);
xw.WriteAttributeString("ProtocolBinding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
xw.WriteAttributeString("AssertionConsumerServiceURL", _assertionConsumerServiceUrl);
xw.WriteStartElement("saml", "Issuer", "urn:oasis:names:tc:SAML:2.0:assertion");
xw.WriteString(_issuer);
xw.WriteEndElement();
xw.WriteStartElement("samlp", "NameIDPolicy", "urn:oasis:names:tc:SAML:2.0:protocol");
xw.WriteAttributeString("Format", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
xw.WriteAttributeString("AllowCreate", "true");
xw.WriteEndElement();
The URL Returned, that I redirect to, would be something along the lines of (depending upon which endpoint I tried, I tested with both):
https://our-company-stuff.my.salesforce.com/?SAMLRequest=jZJdT8IwGIX%2fStP77oMx2Bq2BCHGJagLTC%2b8Md1WpEnXzn5M%2ffeWgQleSLxr3pxznvO%2b6UKTjvd4ac1BbOm7pdqAYp3B11kwn8SzZI%2bSuG3RdEZSVLfzGjVJTAL3COuogeCZKs2kyODECyAotLa0ENoQYdwoCBMURCgIqzDF0wiH0QsEpZJGNpLfMNEy8ZZBqwSWRDONBemoxqbBu%2bX9BrtEXJ9EGt9VVYnKx10FwVJrqoyDrqTQtqNqR9XAGvq03WTwYEyPfT%2beemnghXHohak%2fMGUs4bJ2voEqv5TaeEfEOcAbZMch%2bOy40Hg8x%2fVS%2fXkDmC%2bOajxurS781%2b3kpz%2fM%2f9N2kGO%2fhX%2fBOoF7%2fODCi3UpOWu%2bwK1UHTF%2fs136OGEt2o9SbIXuacP2jLburJzLj5WixNAMGmUpBH5%2bov7%2bHvk3
RESULTS:
I've tweaked Identity ID's, endpoint's, configurations, but Salesforce never hits our samlconsume.wgx, and all the redirect does is take me to my homepage at: https://our-company-app.salesforce.com/home/home.jsp
I'm at a loss right now. Any help would be much appreciated.
I'm using webapp2 for user authentication of Google App Engine, based on this article: http://blog.abahgat.com/2013/01/07/user-authentication-with-webapp2-on-google-app-engine/
Locally through the SDK, everything works exactly as expected. However when I deploy to production, the entities under UserToken only have {} as value for user. Because of this I can't properly use the authentication tokens.
What could influence this? The website is only accessible through HTTPS, but I can't imagine that that is causing it. Any input would be very much appreciated!
EDIT:
Adding requested code.
User model
import webapp2_extras.appengine.auth.models
from google.appengine.ext import ndb
from webapp2_extras import security
class User(webapp2_extras.appengine.auth.models.User):
def set_password(self, raw_password):
"""Sets the password for the current user
:param raw_password:
The raw password which will be hashed and stored
"""
self.password = security.generate_password_hash(raw_password, length=12)
#classmethod
def get_by_auth_token(cls, user_id, token, subject='auth'):
"""Returns a user object based on a user ID and token.
:param user_id:
The user_id of the requesting user.
:param token:
The token string to be verified.
:returns:
A tuple ``(User, timestamp)``, with a user object and
the token timestamp, or ``(None, None)`` if both were not found.
"""
token_key = cls.token_model.get_key(user_id, subject, token)
user_key = ndb.Key(cls, user_id)
# Use get_multi() to save a RPC call.
valid_token, user = ndb.get_multi([token_key, user_key])
if valid_token and user:
timestamp = int(time.mktime(valid_token.created.timetuple()))
return user, timestamp
return None, None
When creating the user, I use following code:
from webapp2_extras import sessions, auth
import webapp2_extras.appengine.auth.models
unique_properties = ['email_address']
user_data = self.user_model.create_user(email, unique_properties,
email_address=email, first_name=first_name, password_raw=password, verified=False)
The code that is then used to create a token for 'user' is:
user_id = user.get_id()
token = self.user_model.create_signup_token(user_id)
The problem I have exists in the signup process as well as e.g. the forgot password process. As far as I can see, this is where something goes wrong. Not sure what though.
I've checked to make sure that an id is actually passed, and it is. Funny enough, the keyname of the token does include the user id, however on production the user field is left empty. Working locally it does include the user field.