Using the Salesforce Web Services API is it possible to check (or query) if a User is Locked Out (if they have attempted to log in unsuccessfully too many times and are therefore blocked from logging in)?
Although there is no specific field on the User object to indicate that they are locked out, you can query the LoginHistory object.
select Id, UserId, LoginTime, Status from LoginHistory where
UserId = 'xxxxxxxxx' order by LoginTime desc limit 20
Then loop through the results, checking the value of the Status field. If the user has been locked out, the most recent login attempts will have a value of "Password Lockout" in this field.
Other possible values of this Status field include:
Success
User is Inactive
Invalid Password
Failed: API security token required
Failed: Computer activation pending
Failed: Computer activation required
Failed: Invalid Timestamp
Failed: Mobile License Required
Nevermind; I found the answer.
It says in the documentation:
The password lockout status and the ability to reset the User locked-out status is not available via the API. You must check and reset the User password lockout status using the user interface.
For admin users - it's now possible to unlock users on iphone / ipad via the SalesforceA mobile app. https://itunes.apple.com/au/app/salesforcea/id731117958?mt=8
In Apex, I can check the IsPasswordLocked field on UserLogin object to check if a User is locked out or not by using the following SOQL -:
[SELECT IsPasswordLocked FROM UserLogin
WHERE UserId = 'ENTER YOUR USER ID HERE'];
Related
We're using Azure AD as the Identity Provider for User Provisioning into our system.
We have started getting this error of late.
EntrySynchronizationError
Result Failure
Description Failed to match an entry in the source and target systems User 'XXX#XXX.com'
ErrorCode SystemForCrossDomainIdentityManagementMultipleEntriesInResponse
There has been no change in our scim server code. The error message is obviously stating it's fetching more than 1 entry when it should return 1 but in reality, there is no user with the said username & Azure AD should be sending a request to create a new one.
This is happening under the action "Other", I'm guessing it's a GET.
Any idea on what's going wrong here?
A GET operation with a filter (ie: GET /Users?filter=userName eq "Test_User_dfeef4c5-5681-4387-b016-bdf221e82081") is expecting either 0 or 1 result to be returned, but is receiving more than one result. Either your configuration in provisioning is matching on an attribute that is not uniqueness constrained (ie: department eq "Sales") or there's a problem with your logic for returning filtered results.
I need a work flow rule which should satisfy below conditions
email should be sent to lead owner when a Specific__user(specific user i have here) creates a lead
and email should be sent when Specific__user changes lead owner
To send email i have email alert designed already.
Using below but it is not working
Rule criteria: created, and every time it's edited
AND(ISCHANGED( OwnerId ), PRIORVALUE( OwnerId) = 'Specific__user_Id')
If you want the same email to be sent for the following conditions, try using the formula below.
Send email when a specific user creates a Lead.
Send email when a specific user changes a the Lead Owner of an existing Lead.
OR(
AND(
ISNEW(),
CreatedBy.Id = Specific__user_Id
AND(
ISCHANGED(OwnerId),
$User.Id = Specific__user_Id
)
)
We have built an Email Audit Application for one of our customers. The app utilizes the Gmail REST API and provides a front-end interface that allows users with permission to run audit queries based on a selected date-ranges. The date-range that is provided by the user is utilized in the Email Thread search query.
We have noticed, however, that the API is showing a discrepancy between the threads that are returned and the actual items that are in the inbox of an audited user. For example, in order to collect everything within 1 day, say 4/28, we need to expand the audit range from 4/27-4/29.
The documentation for the Gmail REST API provides no explanation nor highlighting of this behavior. Is this an issue with the API or are there additional parameters that perhaps can specify the time-zone for which we can search for these email threads?
Below you will find a snippet of code that is utilized to grab such email threads:
def GrabAllThreadIDs(user_email, after_date, before_date):
query = "in:inbox " + "after:" + after_date + " " + "before:" + before_date
# Create the Gmail Service
gmail_service = create_gmail_service(user_email)
raw_thread_response = ListThreadsMatchingQuery(gmail_service, 'me', query)
for item in raw_thread_response:
all_ids.append(item['id'])
return all_ids
======================================================
def ListThreadsMatchingQuery(service, user_id, query=''):
"""List all Threads of the user's mailbox matching the query.
Args:
service: Authorized Gmail API service instance.
user_id: User's email address. The special value "me"
can be used to indicate the authenticated user.
query: String used to filter messages returned.
Eg.- 'label:UNREAD' for unread messages only.
Returns:
List of threads that match the criteria of the query. Note that the returned
list contains Thread IDs, you must use get with the appropriate
ID to get the details for a Thread.
"""
try:
response = service.users().threads().list(userId=user_id, q=query).execute()
threads = []
if 'threads' in response:
threads.extend(response['threads'])
while 'nextPageToken' in response:
page_token = response['nextPageToken']
response = service.users().threads().list(userId=user_id, q=query,
pageToken=page_token).execute()
threads.extend(response['threads'])
return threads
except errors.HttpError, error:
print 'An error occurred: %s' % error
======================================================
That is how the Advanced search is designed. after gives messages sent after 12:00 AM (or 00:00), and before gives messages before the given date. Asking for after:2015/04/28 and before:2015/04/28 would result in a non-existent timespan.
I like to use the alternate form after:<TIME_IN_SECONDS_SINCE_THE_EPOCH>. If you would like to get all the messages received on 2015/04/28 you would write after:1430172000 before:1430258399 (2015/04/28 00:00 to 2015/04/28 23:59:59)
Is it possible in CakePHP 1.3 to login a user by indicating the user's id in the users table?
Now, to do a "manual" login, I do this (which works):
$this->data['User']['username'] = username;
$this->data['User']['password'] = password;
$this->Auth->login($this->data);
I would like to be able to indicate the specific user, for example adding $this->data['User']['user_id'] before the login() function. (I've tried that but it doesn't work).
The reason I want to do this is because in the users table there are different users records of users who have the same username and password. It seems odd but in my case makes sense, since one same user may create several accounts for different reasons, and he may choose the same username/password.
Any ideas would be much appreciated!
EDIT:
I'm going to give a specific example of what I'm trying to do, maybe it helps to bring some ideas.
Say I have this 2 records in the users table (fields are user_id / username / password / account_id):
Record 1: 1 / johndoe / password1 / 10
Record 2: 2 / johndoe / password1 / 15
So this 2 records have same username and password, but different user_id and account_id. When the login is processed, I know what account_id the user has chosen. So I want to log in the corresponding user. So if the user chooses account 15, then logs is, I should be logging in the user with id 2.
However, the way cake's login works, it always retrieves the first record that matches username / password. In this example, cake would be logging in the user with id 1.
Is there any way I can do what I want?
Doesn't sound like a very good idea to me, but if you really want/must do it that way, then have a look at AuthComponent::userScope. You can use it to define additional conditions for authentication lookups, for example:
$this->Auth->userScope = array('User.account_id' => 15);
That way authentication would only be successful when username and password match and the users account_id is 15, ie the resulting query would look something like this
User.username = 'abc' AND User.password = 'xyz' AND User.account_id = 15
Is there a way to get user security attibutes (like password expiration warning time, maximum age for password and so on) by AIX 5 API?
Look at the getuserpw() API for password information, and getuserattr() for the more generic user information.
Note that you will have to be a member of the appropriate group(s) in order to access the files in /etc/security.