I have web application that uses Yii2 as API and Angular for frontend stuff. I am wondering, what would be best way to pass user permissions from Yii2 to Angular so i can show / hide data per user permissions.
My first idea was to make a api call for that data before angular starts and than use that data inside angular.
I see this as a problem if user permissions change while user is working. Users data would refresh only when he refreshes whole page which is not so often in Angular.
My second idea was to push permission data to user with every API request, but i dont know how to do it.
Any ideas?
Related
I have a request page which every users have access to it but everyone can access to their own requests and can change it with some functions that work with AngularJS.
The thing is that if the user logs out in another page, while the user haven't refreshed this page angular functions are continuing to work.
I know I can Check the loged in user in the controller, but is there any way that angular prevent it?
(I Use ASP.Net Authentication and MVC)
You have to use some sort of communication channel such as signal r or sockets to achieve that. One solution could be to intercept http request and check if the user is login. If isn't navigate to login page.
I have a scenario where login and logout API's from third party service provider. Redirection to the above API's call happens in my web layer(using Spring) based on the available cookies and using Angularjs as front end.
Coming to my question, How can I redirect to previous Angular state after log-on into my application once user hits logout.
You can go about this two ways that I can think of. If the data is simple enough, you can add it to the url as a query parameter. If it is more involved, then you may want to look into using local storage. You can save the state to local storage, and then retrieve it when you get redirected back into the app. There are some edge cases you will have to consider, but that should work for you.
I'm using Laravel 5 with AngularJS for a project, in a way so that Laravel is used as an API and the API routes are in Laravel, while the client side routes are in AngularJS (app.js).
Is it possible to use Laravel Middleware to protect AngularJS routes, so for example, I want it to use the RedirectIfAuthenticated Middleware on the angular login form page route so people can't go to that page if they are logged in, except normally as far as I know, the middleware is specified in the Laravel controller, which doesn't have logic for angular side routes - hence, the problem.
So the question is, can I use Middleware or do I have to make angular send a get request asking laravel if the user is logged in on every page? Wouldn't that be less secure?
What I ended up doing was making a client-side cookie on login in angular to keep track of whether the user is logged in or not for user experience purposes (hiding information, redirecting before the view is rendered), and using Laravel Middleware to protect API calls to make sure the user can't interact or get information from the API on the server and to keep it secure in case the user changes their cookie to lie about their login status.
Alternatively, you could also send a request to the server before each page loads instead of the cookie check, but that adds quite a bit more overhead, and isn't any more secure - as far as I know, since that API call to check if the user is logged in is just for UX purposes too and the javascript for that can be removed by a malicious user.
I have one problem and want to ask for a "angularjs way" to solve it properly.
I have a several services that will be used into me application. Before using it I must use login service and "log in"
the user. So I also have a service that returns status of user - AUTHENTICATED or NOTAUTHENTICATED. I using ngRoute. Me first idea was to put the check for user status into service and call if in every controller. If the user is not authenticated I will display login popup. Other option is to use global event but I don't like it. So what is the best way?
Best regards.
IMHO the best way would be to put login functionality in a service that way it can be easily injected where necessary. You can check if user is authenticated when he is interacting with a backend service.
i.e. angularjs do http/resource call to backend for a listOfUsers then backend either returns valid json or it returns response with login specific failure, then you can that kind of response process in angularjs and display a loginbox
I'm developing an AngularJS app used by third part applications. The third part application and my AngularJS application have a common database where users preferences/credentials are stored. User can login from the third part application and, by redirecting the user into my application, I need to maintain the user logged in, without asking a new authentication procedure.
I can't use cookies because the two applications are in two different domains.
I can't pass a session TOKEN (correspondant to the user logged iin) in query parameters due to man in the middle risks.
Is it possible to make a POST request to an angularJS page? Third part app call my AngularJS login page POSTing a token in the body request. My app take the token, verifyies it and log-in the user.
Constraints:
App in different domains;
Maintain user logged in;
No sharing cookies;
Try to prevent man in the middle;
No query parameters;
HTTPS protocol;
web based applications.
Am I missing something in the https protocols/sharing sessions?
Are there other solutions supported by AngularJS?
How can I redirect the user from one application to another and maintaining the user logged in in a simple way? Is there a simple flow I haven't figured out?
AngularJS is based on REST api communications. I can ask for a webpage (GET the webpage), but I can't make a POST to an AngularJS page. Is there a way to pass/share some values from the first application to my second app in a secure way?