Add participants to middle of diagram for visibility - uml

I want to know if it's possible to add the participants to the middle of a large diagram, so it's easy to see what line each participant is without having to scroll to the top or bottom.
For example a diagram like so; When rendered it's easy to lose track of what vertical line is what participant.
In this example, it would be nice to add the participants again at point 10 / 11 to continue the flow
#startuml
autonumber
participant "Mobile App" as token
actor User as user
participant "Reseller UI" as reseller_ui
participant "Database" as db
alt For new user
user -> reseller_ui : Visit the link provided to reset \npassword
user <- reseller_ui : Let user reset password
user -> reseller_ui : Complete the reset password
reseller_ui -> db : Check if TOTP secret \n key exists
reseller_ui <- db : TOTP secret key does \n not exist
user <- reseller_ui : Force user to setup Mobile App
else For existing user
user -> reseller_ui : Request to enable \ntwo-factor authentication (TFA)
user <- reseller_ui : Request user to input \npassword for authentication
user -> reseller_ui : Provide the correct password
end
reseller_ui -> reseller_ui : Generate secret \nkey for TOTP
reseller_ui -> db : Store the secret key \nfor that user
loop Until user input correct TOTP or cancel enable TFA
user <- reseller_ui : Display the secret key, \nas QR Code
user <- reseller_ui : Wait for user to input \nthe TOTP from Mobile App
alt For Mobile App supports QR Code
token -> reseller_ui : Decode the QR Code displayed
else For Mobile App does not support QR Code
user -> reseller_ui : Request to display the secret \nkey directly
user <- reseller_ui : Display the secret key
user -> token : Input the secret \nkey directly
end
token -> token : Store the secret key
user -> token : Read the TOTP \ndisplayed in the app
user -> reseller_ui : Input the TOTP in app
reseller_ui -> db : Get the secret key \nof that user
reseller_ui -> reseller_ui : Validate the TOTP
alt If validation success
reseller_ui -> db : Mark the TFA \nsetup complete
user <- reseller_ui : Display successful message
else If validation not success
user <- reseller_ui : Display failure message
end
end
#enduml

Found out this isn't a possible feature in PlantUML. The closest thing that can be done is this;
!procedure $insert_participants()
rnote over token : Mobile App
/rnote over user : User
/rnote over reseller_ui : Reseller UI
/rnote over db : Database
!endprocedure
then in the diagram where you wan to show the participants again you call the function.
$insert_participants()

Related

Login social with laravel socialite create password

How to inclues password after login with social network with laravel socialite? (sorry for bad english)
Com criar/incluir senha fazendo login a partir de uma rede social com o laravel socialite?
code on my LoginController
public function handleProviderCallback($provider)
{
$user = Socialite::driver($provider)->stateless()->user();
$authUser = $this->findOrCreateUser($user, $provider);
Auth::login($authUser, true);
return redirect($this->redirectTo);
//return $user->token;
//dd($userSocial);
}
public function findOrCreateUser($user, $provider)
{
$authUser = User::where('provider_id', $user->id)->first();
if ($authUser){
return $authUser;
}
return User::create([
'name' => $user->name,
'email' => $user->email,
'provider' => strToUpper($provider),
'provider_id' => $user->id
]);
}
In the socialite flow, a user will never need a password
You can set password to nullable() in the users migration file.
In 'Account Settings' a user can set a password, leaving the current password empty
Once the password is set, a socialite user can login via both social media or direct
I did two different implementations :
Generate a random password, save it with user object and send you
user an email with the auto generated password.
Create a middleware to check if password is NULL or not set and
redirect user to a form to enter password.
The objective of using the socialite authentification is that the user won't need a password.
BUT if somehow the user want to have a password, like i had earlier in one of my projects, he can easily click on forget password and he will receive a link via email to reset new password

DDD modelisation issue (entity accessing repository)

I am designing the model of the following business needs :
The application must be able to register Users
The steps of the User registration are :
The user enters an email address and confirm
A verification code is sent to the provided email address.
The user must enter the correct verification code to continue
Repeat steps 1-3 for a phone number with verification code by SMS (optional)
The user then enters some personal information and confirm => the account is created
After registration, the user can update his email address or mobile phone number, but must go through the same verification process (code sent which must be entered to confirm the modification)
I ended up with the following model :
Verifiable (interface)
User (entity)
EmailAddress (value type, is a Verifiable)
MobilePhoneNumber (value type, is a Verifiable)
RandomCode (value type)
VerificationCode (entity containing a Verifiable, a RandomCode and a generationDateTime)
VerificationEmail (aggregate containing a VerificationCode, an EmailAddress and a Locale)
VerificationSms (aggregate containing a VerificationCode, a MobilePhoneNumber and a Locale)
Then here come the questions !!
Is it correct to have the Verifiable interface in order to have a VerificationCode instead of having EmailVerificationCode and SmsVerificationCode ? (Although it's not really a part of the ubiquitous language)
As I must persist somewhere the tuple emailAddress/mobilePhoneNumber + randomCode + generationDateTime to be able to retrieve it for verification, is it ok to have a specific entity for this ?
When the user wants to update his email address I was expecting to do something like :
// In the application service
User u = userRepository.findByUid(uid);
u.updateEmailAddress(newEmailAddress, enteredCode);
userRepository.save(u);
// In the User class
public void updateEmailAddress(EmailAddress newEmailAddress, String code) {
// Here comes the direct repository access
VerificationCode v = verificationCodeRepository.findByVerifiable(newEmailAddress);
if (v != null && v.hasNotExpired() && v.equalsToCode(code)) {
this.emailAddress = newEmailAddress;
verificationCodeRepository.delete(v);
}
else {
throw new IncorrectVerificationCodeException();
}
}
but to prevent my entity accessing a repository I ended up with the following code :
// In the application service
User u = userRepository.findByUid(uid);
VerificationCode v = verificationCodeRepository.findByVerifiable(newEmailAddress);
if (v != null && v.hasNotExpired() && v.equalsToCode(code)) {
verificationCodeRepository.delete(v);
u.updateEmailAddress(newEmailAddress);
userRepository.save(u);
}
else {
throw new IncorrectVerificationCodeException();
}
// In the User class
public void updateEmailAddress(EmailAddress newEmailAddress) {
this.emailAddress = newEmailAddress;
}
But it looks like an anemic model and the business logic is now in the application layer...
I am really struggling to correctly design the model as this is my first DDD project, any advice, modelisation suggestion is welcomed...
There is nothing wrong passing a repository as an argument in your updateEmailAddress() method.
But there is a better alternative, a domain service:
Your domain service depends on the repository and encapsulates the logic bound to your verification. You then pass this service to the user entity which is in charge of calling the correct method.
Here is how it could looks like:
class EmailVerificationService {
VerificationCodeRepository repository;
boolean isCodeVerified(EmailAddress emailAddress, String code) {
// do your things with the repository
// return true or false
}
}
Then in the user class:
class User {
// ...
public void updateEmailAddress(EmailVerificationService service, EmailAddress emailAddress, String code) {
if (service.isCodeVerified(emailAddress, code)) {
this.emailAddress = emailAddress;
} else {
// throw business Exception ?
}
}
}
In your application service, you inject the domain service and wire everything, catching the eventual exception and returning an error message to the user.
This is a suggestion of modeling, if you want to take it into account. Hope it could help you. I would model it this way:
User (aggregate root entity)
id
emailAddress (not null and unique)
mobilePhoneNumber (optional)
personalInfo
enabled (a user is created disabled when the registration process starts, and it is enabled when the process ends successfully)
VerificationCode (aggregate root entity) ===> it is associated to a user
id
randomCode
expirationDate
userId
smsOption (boolean) ===> if sms option is true, this verification code will be sent in a SMS to the user (otherwise it will be sent by email to the user)
Static Factory meethods:
forSendingByEmail ==> creates an instance with smsOption false
forSendingBySMS ===> creates and instance with smsOption true
Domain Service: sendVerificationCodeToUser ( verificationCodeId ) ===> checks smsOption to send either an SMS or an email (to the mobilePhoneNumber/emailAddress of the associated userId)
DomainEvent: VerificationCodeWasCreated ===> it has the id of the verification code that has been created
Raised by the VerificationCode constructor
The listener will call the domain service: sendVerificationCodeToUser(verificationCodeWasCreated.verificationCodeId())
THE REGISTRATION PROCESS (application service methods):
(1) The user enters an email address and confirm
public void registerUser ( String email ):
checks that doesn't exists any enabled user with the given email
if exist a disable user with the email, delete it
creates and persist a new disabled user with the email
creates and persist a new verification code associated to the created user for sending by email
(2) A verification code is sent to the provided email address ===> it is done by the domain event listener
(3) The user must enter the correct verification code to continue ===> the user who was sent the email in step (1) has to enter the email again, and the code he received)
public boolean isARandomCodeCorrectForUserEmail ( String randomCode, String email ) {
User user = userRepository.findByEmail(email);
if (user==null) {
return false;
}
VerificationCode vcode = verificationCodeRepository.findByRandomCodeAndUserId(randomCode,user.id());
if ( vcode==null) {
return false;
}
return vcode.hasNotExpired();
}
(4) Repeat steps 1-3 for a phone number with verification code by SMS (optional)
(4.1) The user of step (3) enters mobile phone number (we know the user id):
public void generateCodeForSendingBySmsToUser ( String mobilePhoneNumber, String userId ):
update user of userId with the given mobilePhoneNumber
creates and persist a new verification code associated to the user for sending by SMS
(4.2) The event listener sends the SMS
(4.3) The user who was sent the SMS in step (4.2) has to enter the email of step (1) again, and the code he received by SMS ===> isARandomCodeCorrectForUserEmail(randomCode,email)
(5) The user then enters some personal information and confirm ===> the account is created ===> what I do is enabling the user, since the user is already created, and we know the userId from step (3) or (4.3)
public void confirmRegistration ( PersonalInfo personalInfo, String userId ):
update user of userId with the given personalInfo
enables de the user
THE EMAIL/MOBILEPHONENUMBER MODIFICATION PROCESS:
It is similar to the registration, but the email/mobilePhoneNumber entered at the beginning must belongs to an existing enabled user, and at the end an update of the user is performed, instead of enabling.
ENABLED/DISABLED USERS:
Having enabled and disabled users, makes you taking it into account in authentication and authorization methods. If you don't want to or you're not allowed to have enabled/disabled users, you would have to model another aggregate that it would be UserCandidate or something like that, just with id, email and mobilePhoneNumber. And at the end of the process, create the real user with those values.

Azure B2C check user exist or not?

I am using Azure B2C, followed by the article
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet
User is added successfully. But the issue is how to check the user exist or not with a user name, when I creating a new user?
You can find users by their email address or their user name using the signInNames filter.
For an email address:
`GET https://graph.windows.net/myorganization/users?$filter=signInNames/any(x:x/value eq 'someone#somewhere.com')&api-version=1.6`
For a user name:
`https://graph.windows.net/myorganization/users?$filter=signInNames/any(x:x/value eq 'someone')&api-version=1.6`
Programmatically, to check the user with the email address already exist.
here is a solution using C# and Graph client library.
private async Task<User> CheckUserAlreadyExistAsync(string email, CancellationToken ct)
{
var filter = $"identities/any(c:c/issuerAssignedId eq '{email}' and c/issuer eq '{email}')";
var request = _graphServiceClient.Users.Request()
.Filter(filter)
.Select(userSelectQuery)
.Expand(e => e.AppRoleAssignments);
var userCollectionPage = await request.GetAsync(ct).ConfigureAwait(false);
return userCollectionPage.FirstOrDefault();
}

Find a Instagram Users ID for API Access (As of 2018)

The Problem
I have built an Instagram Feed on a friend's WordPress website to display the eight latest images from a specified feed.
I hit this endpoint to achieve this:
https://api.instagram.com/v1/users/{$ig_user_id}/media/recent/?access_token={$ig_access_token}
Up until now, I have used my own test instagram client to populate the feed.
We're gearing up to go live now, and I've attempted to replace the Instagram User ID and Access Token with that of my friend's instagram account. Whilst I can still generate an access token (using this tool # PixelUnion), I can no longer find a way to access the User ID.
There is an existing SO thread & solution here, which no longer seems to be valid:
Instagram how to get my user id from username?
The Question
How does one go about finding an Instagram accounts User ID since apparent restrictions to the Instagram API? (~ mid 2018)
My Instagram Feed Code (PHP)
<?php
function prettify_instagram_image($image_data) {
// Plucks just what we need from the data returned from the Instagram API
$pretty_data= (object)[
"id" => $image_data->id ? $image_data->id : false,
"src_url" => $image_data->images->standard_resolution->url ? $image_data->images->standard_resolution->url : false,
"ig_link" => $image_data->link ? $image_data->link : false,
"likes" => $image_data->likes->count ? $image_data->likes->count : false,
"comments" => $image_data->comments->count ? $image_data->comments->count : false
];
return $pretty_data;
}
$ig_user_id = get_field('instagram_user_id', 'option'); // Pulling IG account info from WP Admin Options
$ig_access_token = get_field('instagram_access_token', 'option');
$ig_api_root = 'https://api.instagram.com/v1/users/';
$ig_api_method = '/media/recent/';
$images_to_display = 8;
// https://api.instagram.com/v1/users/{user-id}/media/recent/?access_token=ACCESS-TOKEN
// Instagram API connection
$response = wp_remote_get( $ig_api_root . $ig_user_id . $ig_api_method . "?access_token=" . $ig_access_token );
// Instagram response is JSON encoded, let's convert it to an object
$instagram_response = !is_wp_error($response) ? json_decode( $response['body'] ) : false;
$instagram_images = ($instagram_response && $instagram_response->data) ? array_map("prettify_instagram_image", $instagram_response->data) : false;
?>
I've found that, providing you have an access token, you can perform the following request in your browser:
https://api.instagram.com/v1/users/self?access_token=[VALUE]
In fact, access token contain the User ID (the first segment of the token):
<user-id>.1677aaa.aaa042540a2345d29d11110545e2499

OIM - PasswordMgmtService.validatePasswordAgainstPolicy : Issue with password history condition in policy being bypassed

I am working on a custom OIG password management requirement for a client.
I am facing issue while validating the password history in policy definition (eg: shouldn't match last 5 passwords used).
For some reason, PasswordMgmtService API's validatePasswordAgainstPolicy method is bypassing the history validation and returning true if user enters any old password.
Below is the code snippet for reference.
public ValidationResult validatePasswordRACFPolicy(String loggedinUserKey, char[] userPassword)
{
PasswordMgmtService pwdMgmtSvc = oimClient.getService(PasswordMgmtService.class);
User usr = new User(loggedinUserKey); //loggedinUserKey is user key of logged in user
ValidationResult valResult = pwdMgmtSvc.validatePasswordAgainstPolicy(userPassword, usr, <App Instance Name>, Locale.getDefault());
IDMLOGGER.log(ODLLevel.FINEST, "Is Password Valid = " + valResult.isPasswordValid()); //this value is true even if user tries to reset password using any older passwords.
return valResult;
}
Eventually, ending up with exception when I try to update the account password on target.
provSvc.changeAccountPassword(Long.valueOf(accountId), userPassword);
//provSvc is ProvisioningService API object, accountId is oiu_key, userPassword is the password entered by user.
Here are the exception details:
GenericProvisioningException An error occurred in oracle.iam.provisioning.handlers.ChangeAccountPasswordActionHandler/execute while changing the password for account with id 1234 and the casue of error is {2}.[[ at oracle.iam.provisioning.util.ProvisioningUtil.createEventFailedException(ProvisioningUtil.java:175) at oracle.iam.provisioning.handlers.ChangeAccountPasswordActionHandler.execute(ChangeAccountPasswordActionHandler.java:84 ... ... Class/Method: tcOrderItemInfo/validatePassword Error : Password Does Not Satisfy Policy

Resources