Running the latest version of DotNetNuke, version 5.6.1 and cannot find a good answer to why Username and Password cannot be remembered on a DotNetNuke site. This thread goes on about cookies but really misses the point. User 'ptleitch' puts it best when he askes:
"Well thats all fine and dandy. You learn something new everyday. The problem is, my users are submitting issues along the lines of they expect the "remember login" feature to auto-populate the "username" field in the login control, and I've got nothing to tell them other than they're out of luck."
First, to enable the functionality, as orka said, you'll want to set the PersistentCookieTimeout in the web.config to something greater than 0 (value is in minutes).
In addition to that though, I'd suggest altering the verbiage presented to the user on the login screen to be more accurate. "Remember Login" does make it seem like it's just going to auto-populate your credentials - which, functionality-wise, doesn't really make sense.
So, I'd recommend changing "Remember Login" to "Stay signed in."
You access (and update) the verbiage through the DNN user interface by browsing to Admin -> Languages -> (edit English static resources for site link) -> Local Resources -> DesktopModules -> Admin -> Authentication -> App_LocalResources -> Login.ascx.
On a little bit of a tangent - I'd go as far as to suggest that you should change everything from "Login" to "Sign in" as well (e.g. User Sign In, Stay signed in, etc) - just because it makes more sense.
The short answer of long story is using PersistentCookieTimeout parameter at the appSettings section of web.config file. The parameter value is in minutes and should be set bigger than 0 (20160 for two weeks) to work RememberMe functionality properly.
I would add that many websites remember the username only. They autopopulate the username, and the user must enter the password. This is the functionality that many users expect. I don't know of a way to do it with DNN. As mentioned above, the "Remember Me" function is really "Stay Signed In" functionality.
Great answers here and I agree it should read "Stay signed in". One tip along these lines: For my DNN 7+ installs, I found the Language override here:
Admin -> Languages -> (edit English static resources for site link) -> Local Resources -> DesktopModules -> AuthenticationServices -> DNN -> App_LocalResources -> Login.ascx
This is because I use the standard authentication services (DNN). If you utilize other authentication providers, you may find the text to override lives in a different folder at the same level as the DNN folder.
Related
I'm doing a tutorial on communities, and after setting pages and themes, i wanted to add users. The access is made from the contact object.
I setup the community, but think i should have a link here
i setup the user of a contact like this:
User License = Customer Community
Profile = Customer Community User
Active = true
but when i try to log him in, i get: "Looks like this portal user is not a member"
I tried the same with another profile, a clone of the native Administrator profile, to which i added, in Profile Overview > App Permissions
Manage External Users = true
then, one by one, i activated all permissions, and still had that warning.
edit:
i'm using Classic
This is a developer licence
What am i missing?
The links disappeared because you killed off your own access to community (on Sysadmin, cloned profile etc). Do you remember editing this page? (sorry I had to censor some bits). If you removed System Administrator from the list of profiles - #fail.
If you can work with the new community and it's OK to have old one lying around - cool. If not - You might be able to resurrect it by exporting the community definition file, tweaking it and deploying back. I'm assuming you have some dev experience.
Prepare package.xml that contains
<types>
<members>*</members>
<name>Network</name>
</types>
Export the zip file (you don't neccessarily need developer tools, http://workbench.developerforce.com/ might be enough). Inspect the networks/YourCommunityName.network file. There should be a section similar to this
<networkMemberGroups>
<permissionSet>Censored1Access</permissionSet>
<permissionSet>Censored2Access</permissionSet>
<profile>Censored User</profile>
<profile>Admin</profile>
</networkMemberGroups>
Make sure "Admin" is on the list and deploy it back to org. It should give you access back and then you can add your customer community user's profile, permission set or whatever you plan to give them.
On my signup page i want to check if a certain user with the an email that i specify exists or not. I did try the approach on the answer given to this question (react native firebase check if user already exisits in real time database) but i get an error when i try to do that
I am aware that when you are doing firebase.auth().createUserWithEmailAndPassword it tells you weather user already exists or not, but for reasons that are complicated to explain, i dont want to do that for the time being. I do, however, have access to the config
If the create user func is done on a different page from where the actual form its-self is, then the options are:
Query the results as seen in the link above, given you fix the error
Use Firebase Admin SDK (the better option in my opinion), which gives you access to a number of useful functions, which won't require a form, one of which is:
admin.auth.getUserByEmail(email)
There are several functions that will get you the information you need.
Here is a guide for adding the Admin SDK to your project (should you wish): https://firebase.google.com/docs/admin/setup
In the firebase console you can already set it up under Authentication -> Sign-in method tab and scroll down to the bottom you will see Advanced and set 'One account per email address'
I am new to Salesforce, but am an experienced developer. I am provided a link to a Salesforce report, which mostly has the right filters (query). I would like to use an REST API to pull that information as CSV or JSON so that I can do further processing on it.
Here are my questions:
Do I need special permissions to make API calls? What are they?
Do I need to create an "app" with client-key & secret? Does my admin need to grant me permission for this too?
There are a lot of REST APIs from Salesforce, which one do I need to get the info from the report? Analytics?
How do I authenticate in code?
You'd have to work with the System Administrator on the security pieces. Anybody who knows how the company works, can all users see everything, is there Single Sign-On in place, how likely is the report to change...
You will need an user account to pull the data. You need to decide if it'll be some "system account" (you know username and password and have them stored in your app) or can it run for any user in this org. It might not matter much but reports are "fun". If there will be data visibility issues 6 months from now, you'll be asked to make sure the report shows only French data to French users etc... you can make it in report filters or have multiple reports - or you can just use current users access and then it's the sysadmin that has to set the sharing rules right. (would you ever think about packaging what you did and reusing in another SF instance? Making a mobile app out of it? Things like that, they may sound stupid now but will help you decide on best path)
The user (whether it'll be system account or human) needs Profile permissions like "API Enabled" + whatever else you'd need normally ("Run Reports" etc). If you're leaning towards doing it with system user - you might want to look at Password Policies and maybe set password to Never Expires. Now this is bit dangerous so there would be other things you might want to read up about: "API only user" (can't login to website), maybe even locking down the account so it can login only from certain IP ranges or at certain times when the job's supposed to be scheduled...
Connected App and OAUth2 stuff - it's a good idea to create one, yes. Technically you don't have to, you could use SOAP API to call login, get session id... But it's bit weak, OAuth2 would give you more control over security. If you have sandboxes - there's little-known trick. You can make connected app in production (or even totally unrelated Developer Edition) and use client id & secret from it to login to sandboxes. If you create app in sandbox and you refresh it - keys stop working.
(back to security piece - in connected app you can let any user allow/deny access or sysadmin would allow only say these 3 users to connect, "pre-authorize". Could be handy)
Login - there are few REST API ways to login. Depends on your decision. if you have 1 dedicated user you'll probably go with "web server flow". I've added example https://stackoverflow.com/a/56034159/313628 if you don't have a ready SF connection library in your programming language.
If you'll let users login with their own credentials there will be typical OAuth "dance" of going to the target page (Google login, LinkedIn, Twitter...) and back to your app on success. This even works if client has Single Sign-On enabled. Or you could let people type in their username and pass into your app but that's not a great solution.
Pull the actual report already
Once you have session id. Official way would be to use Reporting API, for example https://developer.salesforce.com/docs/atlas.en-us.api_analytics.meta/api_analytics/sforce_analytics_rest_api_get_reportdata.htm
A quick & dirty and officially not supported thing is to mimic what happens when user clicks the report export in UI. Craft a GET request with right cookie and you're golden. See https://stackoverflow.com/a/57745683/313628. No idea if this will work if you went with dedicated account and "API access only" permission.
I am trying to learn BDD cucumber and i am trying to write a feature file for login scenario with valid and invalid usernames.
For valid user will be logged and will logout however for invalid username, the user will be asked to go to login page again and asked to write correct credentials.
I would like to ask, can we have both positive and negative scenarios in "Scenario Outline"?
Could you please help me in writing perfect feature file for this simple scenario?
Take a look at my feature file code ( PS, I am a beginner :))
Feature: Login Action
Description: This feature will test a LogIn and LogOut functionality
Scenario Outline: Login with valid and Invalid Credentials
Given User is on Home Page
When User navigate to Login Page
Then User enters "<username>" and "<password>"
And Keeping case as Valid
Then User should get logged in
And Message displayed Login Successfully
Then User enters "<username>" and "<password>"
And Keeping case as InValid
Then user will be asked to go back to login page
And Provide correct credentials
Examples:
|username|password|Case|
|abc#gmail.com|12345|Valid|
|abc1#gmail.com|dfsd2|InValid|
Scenario: Successful logout from application
When user logs out from application
Then Message displayed Logout successfully
And Browser quit by driver
'Perfect' - Ain't no such thing...
The ScenarioOutline you have written is very confusing and possibly a wrong interpretation of how scenariooutline works. Basically you are logging in twice with each row of the examples table ie. same username and password (line 3 and 7 in the SO). In a scenariooutline all the steps will be repeated with each row of data that u provide in examples. Refer to multiple tutorials available.
Why mix up valid and invalid logins? Keep them in separate scenarios. Easy to follow.
Move the logout to a separate feature file.
Then you can move the first 3 steps of the login scenario into a background. Reduces repetition.
You are going to have a problem with checking login functionality for the valid case for multiple data. Once a valid user logs in then most web applications store the login credentials in a cookie etc etc. So when a new request is made for login page it might just skip the login page and land up in maybe lets say home page. Then you will get the NoSuchElementException when the selenium code looks for the userid input box. So for valid cases you need to have a logout too.
#Login
Scenario Outline: Login with valid and Invalid Credentials
Given User is on Home Page
....
....
#Valid
Examples:
|username|password|Case|
|abc#gmail.com|12345|Valid|
#InValid
Examples:
|username|password|Case|
|abc#gmail.com|12345|Valid|
To run the Valid Login cases use the tags option in runner as {"#Login","#Valid"} or if on cucumber 2 #Login and #Valid. For Invalid one replace with #InValid.
As pointed out here in an excellent answer - each scenario is essentially one test case and must therefore be clearly separated.
Nevertheless, it's critical to understand that Given/When/Then (in their most basic essence) are equivalent to the traditional three stages of a system test: Arrange/Act/Assert, therefore:
Given: Arrange the system in a known state
When: Command the system (what you want to test)
Then: Assert that the outcome was what you expected.
That's it! (of course there's a lot more to BDD than that - but these are the basics of an executable specification)
Given User is on Home Page is not arranging the system in a known state, but Given I am registered is. Though it might not be enough to state just this, because as soon as you go through the whys and whats of the scenario you'll quickly realize that you're missing something more concrete as an example.
To paraphrase the previous answer:
Given I am registered -> set up the user (but does it matter who?) as being registered in the system (database entry?), registered for what? does it matter to the outcome?
When I sign in -> Give the system the command to sign-in (who?) - this might be done via a web form or via an API (or over the phone?). Does it matter what time you sign in, can you sign in immediately?
Then I should be signed in -> Check response from web app, database, session? cookie?
Saying that, logging in scenarios are probably not worth using BDD to tackle since they are as well defined as CRUD - there's almost no need for analysis.
Scenario: Good sign in
Given I am registered
When I sign in
Then I should be signed in
Scenario: Not registered sign in
Given I am not registered
When I sign
Then I should not be signed in
And ...
Scenario: Registered with wrong password
Given I am registered
When I sign in with a bad password
Then I should not be signed in
And ...
Tips:
Keep things simple
Don't use outlines
Keep details of HOW you do things out of scenarios
Have one scenario for each path
10 simple scenarios are better than one complex one.
You can see details of how to write scenarios like this (in Ruby) at https://github.com/diabolo/cuke_up/tree/master/features.
Caveats:
this is just one persons opinion
you need to be able to write code to work this way (as you push all the details of how things are done out of cucumber and into helper code).
registration is a pre-requisite to sign in
I have created a web page with RoR and i am using auth system that i wrote. Now i would like to create an admin panel, where i can see the user info etc..
I am not sure but what i though is to add a column name to auth system like admin? giving a default name false. Then if the admin? is true admin panel opens instead of the web page login.
I wonder if i can use the same auth system so in order to login to page it logs in to admin panel.
But in the controller it will check if admin? is true for every user, i am not sure about the burden in terms of the system requirments as it will check every user.
And i know there are other gems for admin panel but its fine i can design it. I am just not sure which way is the efficient way.
The burden on the system will be negligible. It depends a little bit upon how your auth system is configured, but I am assuming that you give the user a token when he/she is properly logged in.
When the user first tries to sign in, you should check if they are an admin. At this point, if they are, then you can sign them in as an admin, also storing that information in the session. You should perform this check on the controller actions where they need to be an admin. It will not affect performance to any noticeable degree and is important for the security of your site.
Also, you may want to check out the CanCanCan gem, which is a fork of CanCan built by Ryan Bates, for an example of how this works. Unless you're building the application for educational purposes, I highly recommend the CanCanCan gem.
Hope this helps!
In addition to that, you may try Rails_Admin, which provides an easy-to-use interface for managing your data.
And I've considered to use this gem for my project, which is a huge database, so it seems to very helpful.