I have to freeze or lock out an external user based on a custom logic. Once the custom logic condition sets to true, I need to freeze or lock out that user so that the user wont be able to login until the admin unfreeze or unlock that external user.
I tried with isPasswordlockout API field, but i got the error as 'Field is not re-writable' so I tried with freeze option but since when the user already logged in and the salesforce apex code or trigger runs in that user mode , i got the error "CANNOT SELF FREEZE" self frozen is not allowed.
My requirement is to lock or freeze that user when he performs some action and based on my custom logic , the user should be locked or freezed.
Also, I cant use the site.login method for 3 invalid attempts. So that option is gone apart from that anything is possible?
I tried with system.runas method but that works only in case of test method.
Any suggestion??
I assume you tried setting UserLogin.IsFrozen when you got the "CANNOT SELF FREEZE" message.
You could try and find a way to switch the transaction user. Some options:
Use a future or batch method. This may encounter the same issue with the transaction user being the user you are trying to freeze.
Add the user record to a queue that will be frozen by a scheduled/batch job.
Use the API to perform the freeze as another user. See Freezing Users from Visualforce
Related
In my site the guest users have access to the flow and they able to run the flow and even create records. When the flow try to find the created record the next error accrue:
Because Get_Record is passed to an action, subflow, or Lightning component, store the values of all Request_for_ChemTox__c fields that the running user has access to.
I gave access to every field for that user and still keep getting this error.
Any ideas?
It's probably not field level security (~table columns) but whole record's security (~table rows).
Check your site/community/experience settings as described in this article: https://help.salesforce.com/s/articleView?id=000352970&type=1. If there's something set - the ownership of created record is immediately transferred over to that internal user and guest loses visibility. It sucks but it's there to protect you, makes sure that if you have for example Leads or Cases submitted by guest users - they immediately "disappear", guest/hacker can't report on them, experiment with IDs in the url to learn other people's data...
You can Check Setup -> Sharing Settings for this object and create new sharing rule. (I can't upload image right now but start making new sharing rule with step 2 "rule type = Guest user access, based on criteria")
https://help.salesforce.com/s/articleView?id=sf.networks_guest_record_default_owner_best_practices.htm&type=5 has some good tips too:
If you’d like to create a different experience for guest users, use
flows in System Mode to redirect guest users to a different custom
screen after they create a record
I'm leveraging the LogoutEventStream object to make a custom Callout to an SSO provider at logout but I need to use Auth.AuthToken.getAccessToken(), a method that runs for the Current User.
Problem is, the trigger I attached to LogoutEventStream is running as some sort of system user, autoproc#00dr00000009dz7eae according to UserInfo.getUserName(), and not the user that logged out of Salesforce. So the getAccessToken() call always returns Null. Has anyone dealt with this issue before?
Scratching my head on this one. This is for an Open ID Connect provider, but I don't even think that's relevant.
Thanks.
I have a multi-tenant REST app. When a new user first tries to access my application ( and assuming their admin has already granted the app permission for their directory ) I create a user row in my User table and store their name/email and other fields. I perform this in the TokenValidated event of JwtBearerEvents.
Unfortunately, I'm ending up with multiple users rows attempting to be inserted because of simultaneous (parallel request) hitting my web API. I do a simple SQL query for the User by ObjectId, and then create if necessary. This isn't threadsafe. I tried wrapping it in a SQL transaction, but the select isn't blocking and I'm not sure EF Core lets me perform the kind of locking I'd need to block other selects from completing.
I'm basing my code off the TailSpin PnP and they perform the same logic here as well. My guess is their site logic is forcing a single call the the WEB API first as part of the sign-in/login process, where the new user is created if they don't exist. In my flow, the REST API is hit right off the bat with multiple HTTP GET's and I just have to validate the bearer token in the headers and let ADAL cache it.
Aside from changing my client logic, and forcing the first call to API to be a single HTTP GET, how else can I make this work in a REST world? I can't use SESSION logic to block other calls in the same session. I'm not sure how I can perform a lock across the whole server ( Which works only if there's one server ). I could use the DB layer to hold a write lock, but that seems dirty. Maybe there's a better place to put the Create new user logic? Is there some other way for me to safely perform a one time atomic operation?
Based on the description, it seems you were create the user record(sign-up) when the users call the REST API and after the token is validated.
To fix the duplicates records issue, one possible way is that separate the sign-up progress from token validation as same the code sample TailSpin PnP. For example, we can custom the token handler to verify whether the users is sign-up and provide the UI for the users sign-up.
Another way is that, you can insert the users sequentially by using the lock. For example, here is the code for your reference:
private Task tokenValidated(TokenValidatedContext context)
{
lock (obj)
{
//query db and insert users here
}
return Task.Delay(0);
}
Wanted to know if there is any way to find when your session is about to expire while using class Ext.data.Session, as the Ext.data.Session does not provide any event. As per the definition of the class it is used to store session information with the server data being loaded.
What I want do in my application is user login session management. That is when a user logs in it starts a session and when the session is about the expire I prompt to the user that your session is about to expire. Any event performed in the application resets the session timeout time.
I have checked this example on Miami code but as per the logic, the session will be tracked from the time of loging in. But wont be updated whenever there is some event in the application. Hence irrespective of user performing any event the user will be promted that his session is about to expire. This not helping me, as I need to reset the timer if the user performs some activity.
Let me know if I am driving the question in the right direction, else will rephrase accordingly.
Well, Ext.data.Session and User Login Session what you need are two entirely different things.
Ext.data.Session manages data stored in various records such a way that it ensures consistency, uniqueness of the data and saving data to the server.
Thus, Ext.data.Session cannot be used for your purpose.
I need my (python) google app to perform an action (submit a form) if the user logs out. This is simple enough to do if they use the logout links in my app, but if they log out from a gmail page or something, I don't know how to handle it.
Another possible source of error would be if the user closed the browser window, shut down their computer, etc. resulting in a log-off. Is this scenario is equivalent to what I describe in the previous paragraph, or are they different somehow?
To expand this question since it seems the above is not at all trivial: if I set a cleanup function on a timeout, will the python session in fact continue to run in the GAE cloud after the cookie expires, and actually execute the timeout function?
Close browser window and shut down computer result log out because of session expired (cookie). It is slightly different from user click log out manually.
In both case, I don't think GAE can track these behaviors.
The best thing that I can think about is to develop a browser extension.
Or just don't design the service based on detecting user's log out.