Oracle Apex - Creating own Login page - database

I created a new login page wherein only those account that can be found on the database could login to our home page...
What i plan is when i click the login button, the user will be redirected to the home page.. I do this by creating a new branch and then in the conditions tab, i put the code for checking the existence of the account that has been inputted in the text field.. but what happened is it just show an error message 'invalid login credentials' always...
i'm sure that the code in conditions that we put is correct,,,, it could detect that the username and password is wrong because it shows the error message i created that returns when this happend...
here is the code in my conditions.. check_login is a procedure that returns true if the account is found in the database...
if CHECK_LOGIN(:P111_USERNAME, :P111_PASSWORD) then return true;
else
return false;
end if;
could anyone help us with this one? Thanks in advance

You need a custom authentication scheme to solve this, not conditional branching etc. You also do not need to build a new login page. The standard login page will hold all you need, and will simply use the current active authentication scheme. Authentication schemes can be found under the Shared Components.
You can find some oracle documentation here. There are also plenty of blog posts to be found when you search for "oracle apex custom authentication" on google!
Also, when creating a custom scheme, you can click the item labels for help. For example, this is in the authentication function name help:
Specify the name of the function that will verify the user's username
and password, after they were entered on a login page. If you enter
nothing, you allow any username/password to succeed. The function
itself can be defined in the authentication's 'PL/SQL Code' textarea,
within a package or as a stored function.
This function must return a boolean to the login procedure that calls
it. It has 2 input parameters 'p_username' and 'p_password' that can
be used to access the values an end user entered on the login page.
For example, enter the following code in the 'PL/SQL Code' textarea
function my_authentication (
p_username in varchar2,
p_password in varchar2 )
return boolean
is
l_user my_users.user_name%type := upper(p_username);
l_pwd my_users.password%type;
l_id my_users.id%type;
begin
select id , password
into l_id, l_pwd
from my_users
where user_name = l_user;
return l_pwd = rawtohex(sys.dbms_crypto.hash (
sys.utl_raw.cast_to_raw(p_password||l_id||l_user),
sys.dbms_crypto.hash_md5 ));
exception
when NO_DATA_FOUND then return false;
end;
and
my_authentication
as 'Authentication Function'.
Note that your function requires parameters p_username and p_password!
You can leave the other fields blank, they will be handled by default functions!

Related

Laravel 8 Fortify User UUID Login Problem

I am currently setting up a new project using Laravel 8. Out of the box, Laravel is configured to use auto-incrementing ID's for the user's ID. In the past I have overrode this by doing the following.
Updating the ID column in the user table creation migration to
$table->uuid('id');
$table->primary('id');
Adding the following trait
trait UsesUUID
{
protected static function bootUsesUUID()
{
static::creating(function ($model) {
$model->{$model->getKeyName()} = (string) Str::orderedUuid();
});
}
}
Adding the following to the user model file
use UsesUUID;
public $incrementing = false;
protected $primaryKey = 'id';
protected $keyType = 'uuid';
On this new project, I did the same as above. This seems to break the login functionality. When the email and password are entered and submitted, the form clears as though the page has been refreshed. Thing to note is there are no typical validation error messages returned as would be expected if the email and/or password is wrong.
To check that the right account is actually being found and the password is being checked properly, I added the following code to the FortifyServiceProvider boot method. The log file confirms that the user is found and the user object dump is correct too.
Fortify::authenticateUsing(function(Request $request) {
\Log::debug('running login flow...');
$user = User::where('email', $request->email)->first();
if ($user && Hash::check($request->password, $user->password)) {
\Log::debug('user found');
\Log::debug($user);
return $user;
}
\Log::debug('user not found');
return false;
});
Undoing the above changes to the user model fixes the login problem. However, it introduces a new problem that is the login will be successful but it wont be the right account that is logged in. For example, there are 3 accounts, I enter the credentials for the second or third account, but no matter what, the system will always login using the first account.
Anyone have any suggestions or ideas as to what I may be doing wrong, or if anyone has come across the same/similar issue and how you went about resolving it?
Thanks.
After digging around some more, I have found the solution.
Laravel 8 now stores sessions inside the sessions table in the database. The sessions table has got a user_id column that is a foreign key to the id column in the users table.
Looking at the migration file for the sessions table, I found that I had forgot to change the following the problem.
From
$table->foreignId('user_id')->nullable()->index();
To
$table->foreignUuid('user_id')->nullable()->index();
This is because Laravel 8 by default uses auto incrementing ID for user ID. Since I had modified the ID column to the users table to UUID, I had forgotten to update the reference in the sessions table too.

Guest user added to AD group not visible using Graph API from groovy script

When I use graph API withinh POSTMAN in order to add a guest user to a group I process as follow :
Add the /invitations endpoint to add my user ( I do not use email invitation)
Then I can see from my AD users that it has been added properly
Next I user the /groups/{Group ID}/members/$ref to add the created users in step 1
Then I can see from my AD that users has been added to group right a way
Then this exact steps, I add it in a script that is executed at a dedicated time as follow: 1. use the /invitations endpoint to add my user and Send an invitation by email 2. The return userID by first call is then used to add right away the user to the group by using the /groups/{Group ID}/members/$ref endpoint with body set as
{ "#odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/{userID}" }
Then response to add user to group is successfull
Then what is strange is that when I check in my AD , I can see the user which has been created BUT I do not see that user as a member of the group it has been added. It is not displayed while no error was return during the API call
Does it means it takes some time to get it visible ? Does it means that user need to validate the invitation before it is added to the group ?
Thanks for your help
regards
That was my mistake,
I get a scrip flag error which prevent the api to complete

Logging a user in after registration in CakePHP

I did a lot of research, followed many different examples, but still cannot get it to run properly.
So here is a part of the controller action from the registration:
if(!empty($this->request->data)){
$this->request->data['Company']['start_date']= date("Y-m-d");
unset($this->Company->User->validate['company_id']);
if($this->Company->saveAssociated($this->request->data)){
$user = $this->request->data['User'];
$data['User']['password'] = $user[0]['password'];
$data['User']['email'] = $user[0]['email'];
if($this->Auth->login($data)){
$this->redirect($this->Auth->redirect(array('controller'=>'customers', 'action'=>'index')));
}...
So the user is saved and a new array of user's email and password is created. It is then passed to $this->Auth->login. The login seems to pass, but the following error is on redirection to customers controller:
Notice (8): Undefined index: role [APP\Controller\CustomersController.php, line 32]
Notice (8): Undefined index: role [APP\Controller\CustomersController.php, line 36]
Even though the role field is autoset as manager on user creation.
Here is how the CustomerController looks like:
public function isAuthorized($user){
if($user['role'] == 'manager'){
return true;}
if (in_array($this->action, array('add', 'edit', 'index', 'view', 'delete', 'users'))){
if($user['role'] != 'manager'){
return false;
}}return true;}
Any help is very much appreciated.
Check the docs and the source for AuthComponent::login()
http://api.cakephp.org/2.4/class-AuthComponent.html#_login
http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#manually-logging-users-in
http://api.cakephp.org/2.4/source-class-AuthComponent.html#583-606
When passing user data to AuthComponent::login(), you are logging a user in, but no authentication is going to happen! "Logging in" in this case means, the data provided is being stored in the session, and on following requests the user is being treated as logged in in case data is present in the session (in the specific key used by the component), ie you could even just pass 123456, the user would be treated as being logged in.
Authenticating on the other hand would cause a DB lookup, where all the user data would be fetched and consequently being stored in the session.
So the role field is not available because you haven't passed it to AuthComponent::login(), you've only passed email and password, consequently these are the only fields being available later on. Btw, DO NOT supply the password when doing such a manual login! You don't want to carry such sensitive information in the session!
To fix this problem, either pass the role field too, or call AuthComponent::login() without passing any data at all (make sure you are using Form authentication so that the data passed in the request is being used), so that it's going to authenticate the user and fetch its data from the DB.
See also http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html

Salesforce- Creating contact and user by importing CSV file & send notification email to User

I want to create the contact & user related to account by importing csv file.After creating user, generated username & password should be send to the respective user's email address.
I am planning to use Vf page for accepting the csv file & the Contact & User API for adding contacts & Users. But I am not sure regarding the email notification to user through API.
So can anyone please provide me the best solution for this?
You'll need to use Database.insert() flavor instead of straightforward insert users;
Check out the DML options help topic, especially the "emailHeader" property
Something like this should do the trick:
List<User> users = new List<User>(); // fill in with data from your CSV
Database.DMLOptions dlo = new Database.DMLOptions();
dlo.EmailHeader.triggerUserEmail = true;
database.insert(users, dlo);
Be aware though that you can't insert an inactive user. You can deactivate them straight after the insert but then they can't login so you'll probably want to suppress the sending of email, not enforce it. Make sure you have sufficient amount of licenses before you start!
Last but not least - you can cheat by setting the same password for them with System.setPassword('user id', 'new password') :) It's not recommended to expose this functionality to your end users though, can process only 1 user at a time and wastes 1 DML statement...

Need help debugging a custom authentication plugin for Moodle

I'm trying to authenticate against the user db of my website (CMS based) and it uses a slightly different approach at storing hashed passwords. It uses a randomly generated salt for each user. The salt is stored in the user db along with the hashed passwords. Hence, direct field-mapped authentication (as the External DB plugin does) won't work for me.
To start off, I just mirrored the DB plugin and modified the user_login() procedure to read the hashed password and the salt from the database and then hash the entered password again with the salt and match it up with the password in the database. Here's the code for my user_login() function
function user_login($username, $password) {
global $CFG;
$textlib = textlib_get_instance();
$extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->extencoding);
$extpassword = $textlib->convert(stripslashes($password), 'utf-8', $this->config->extencoding);
$authdb = $this->db_init();
// normal case: use external db for passwords
// Get user data
$sql = "SELECT
*
FROM {$this->config->table}
WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."' ";
$authdb->SetFetchMode(ADODB_FETCH_ASSOC);
// No DB Connection
if ( !$rs = $authdb->Execute( $sql ) ) {
$authdb->Close();
print_error('auth_dbcantconnect','auth');
return false;
}
// No records returned
if( $rs->EOF ) {
$rs->Close();
$authdb->Close();
return false;
}
// Get password
$db_password = $rs->fields['user_password'];
$salt = $rs->fields['user_salt'];
// Close DB Conn
$rs->Close();
$authdb->Close();
// Return match
return sha1( $extpassword . $salt ) == $db_password;
}
But when I try to login, username / passwords corresponding to the website (CMS) database are failing. However, the password (for the same user) that was stored in Moodle earlier on (before I tried using this custom plugin) is getting me through.
That means, either my authentication routine is failing or moodle's internal db based auth mechanism is taking precedence over it.
I've enabled ADODB debug mode - but that isn't helping either. When I enable the debug output from Server settings, the error messages are being sent prior to the page headers. Thus the login page won't display at all.
I have all other forms of authentication turned off (except for Manual which can't be turned off) and my own.
Any ideas on how to solve this issue?
Can you confirm the order that the authentication pluggins are displayed? This will determine the order in which they are used. See..
http://docs.moodle.org/en/Manage_authentication
Either way, the behaviour you're seeing suggests that your code is returning false and the fall through logic described here...
http://moodle.org/mod/forum/discuss.php?d=102070
... and here...
http://docs.moodle.org/en/Development:Authentication_plugins
... is kicking in.
Have you tried returning "true" always from your plugin to ensure that it's being called. Then, you can start returning "true" based upon other things (hard coded usernames etc). This approach will allow you to get to the point where you are either continuing to fail or seeing more targetted failures. Are you sure, for example, that it's the user_login function and not the subsequent call to update_user_record that is failing?
Finally, are you sure you're generating the salted password in the exact same way that it was created in the first place? This would be, for me, the most likely cause of the problem. Can you take control of the creation of the salted password so that you own both creation of new users and authentication of users - this would ensure that you were in sync with how the salted password and hash were generated.

Resources