I am building a website using mern stack where every user who signs up gets their own subdomain according to the username they entered.
What I have done so far:
Users can create an account and get their subdomain according to the username they entered while signing up.
Owner of the organization can send invites to the team members using email by filling out a simple form where they need to enter the email of the team member.
Now, I would like to know how I can add the team member to the organisation's workspace so they have full access to the workspace. Basically, I don't know what to do after sending an invite.
Please give me some insights on how this can be achieved.
Thanks.
Make an array element in the your model so that contains group_ids of groups joined.
Create a middle-ware function that checks if the user can perform operations in there. If not, throw error.
When the invite is sent, the array element that I talked about should be updated to [...array, group_id selected].
I am a junior developer so might go wrong but I hope this helps.
Related
This is the my web-app "User Settings" page.
I have simplified it to a minimum to better highlight the problem.
To authenticate users I use Auth0, I wanted to use the sub claim user_id to identify the users inside my MySQL database for update and retrieve user's info. Unfortunately the user_id is different for each provider, for example, if the same user with the same e-mail logs-in via Auth0 he gets a user_id if he does it via google he gets another one.
I thought about using email to link logged user to his info.
The problem is in my API. Before the change it was "localhost: 8080 / api / users /: id"
each time it created a new id and in any case it was impossible to recover the data of the single user. Now that I have replaced "id" with "email" my API has also changed in "localhost: 8080 / api / users /: johnsmith#xxx.com".
Before:
After:
In a few words, the request url on the client side has also changed.
I would like to make sure that the GET and PUT requests are made based on the e-mail of the logged user without going to modify the whole back-end.
Sounds like something is wrong with how you authenticate users. If you have multiple ways to authenticate a user, those methods need to be in a one to many relation with the user. For example each user has a list of auth-methods, and whenever an authentication is made you check your table of authentication methods and find the one user it maps to.
Im not sure if you are doing this yourself or if the framework you are using is handling that, but it sounds like you need to change the model to allow many Auth methods for a single account.
Also you could use email, but that is also an "old" way of uniquely identifying users almost every single person has multiple active email accounts nowadays, so you should also have a one-to-many relation for users to emails. What if the user has different email accounts for their Facebook and Google accounts?
See account linking here: https://auth0.com/docs/users/user-account-linking
It is dangerous to trust that the external providers are truthful about what email belongs to who. What if I open a new account using someone else's email on one of the providers? Then I can log into that users account in your application, which is a pretty big security risk.
Running into a bit of an odd issue. I assume it may be a setting somewhere?
Using the API integration for embedded forms. We have two brands, so I've made two users with the same roles. Their job is to be the sender for any embedded form for their respective brand. Their roles are both set as sender from the user settings tab.
support#brand.com
support#other-brand.com
Each user is in 2 groups, developers and their respective brand. Simply being part of developers will allow them to be assigned as the sender of any API templates. It's worth noting, these two users are identical to one another in setup, only difference being support email.
Using user 1, there are no issues, and everything works as intended. Using user 2 however, I get the error "consent required" when trying to get a JWT token?
I've gone through all and any settings I could find, but nothing seems to do what I need. Both users belong to the organization, so I'm simple confused.
Any help and direction is much appreciated.
The answer was I needed to claim the #brand URL the 2nd user was under, which had not been claimed via the application admin interface.
Consent is per user, you would need the second user to log in and navigate to the URL For consent.
If you are using the developer/sandbox/demo environment (not production) the URL you would want to set looks like this:
https://account-d.docusign.com/oauth/auth?response_type=code&scope=signature%20impersonation&client_id=<your IK>&redirect_uri=<some URL you defined for the IK>
Remember to define the redirect_uri in the Apps and Keys page in the settings page where you created the Integraiton Key and you should be good.
We have a Kentico 10 website using custom WIF authentication. That is all working fine. I can see that the authenticated user details match what is expected.
I tried enabling the online marketing - contact tracking and then discovered that even though I had logged out with one account and then logged in with another account the new user's activity was being logged as if the first user had performed it.
The only that works reliably is using a delete cookie plugin in chrome which isn't a good solution for production.
I tried expiring the existing cookies for the domain and then found after logging out and back in again with a new user that all the new activity was being logged as public anonymous user.
Is there anything I can add to signout or login to ensure that the correct Contact is being tracked against. Different users should be able to use the same browser logging out and back in again without this contact activity going against the wrong person.
The contact cookie is stored per user account on a computer. So if you're simply logging in and out of Kentico this activity will not change your contact cookie. Kentico sees you as the same contact even though you are authenticating with a different user account.
Kentico Contacts and Users are not synonymous although they can have a link to one another. So I'd expect if the user account with linked with a contact you may see different activity for that particular contact. The only way a contact is linked to a user account is if one of the 3 activities happen:
Registers on a website
Signs in with a user account
Fill in customer data while making a purchase
So even though you're doing #2, I'm guessing something unique is happening since you're doing some testing on the local machine. Check out the documentation about contacts and linking to user accounts. To test or see if a user is linked to a contact, go to Contact Management, manage a contact and click on the Membership>Users tab. If see a user account linked to the contact then that contact is linked. If you don't see one then that particular contact is not linked and you'll experience the issues you're explaining.
Usually when you create an account to some webpage they send you an email with a link in order for you to validate your account.
If you click that link then you account is validated and thats the end of it.
How does this work?
Is that url unique for every new user so they know who visited what?
This is not a web service related question, however I can conceptually guide your through what you need to do.
When a user registers their information will probably be captured into some user table in a database somewhere. This user is marked as pending. The system can then generate a unique id i.e. a GUID which is stored next to the user entry in the database. This GUID if properly constructed will be impossible to guess. This GUID is then added as a GET parameter to the URL that you in an email to the user.
For example you might have the URL:
http://example.com/activateuser?confirmuid=5e706449-2cbf-4938-8109-fb564c196d8f
Thus every user will use the same URL with different confirmuid parameter. This URL will then post the confirmuid to the page where you can then use this value to look up the user in the database and then active the user or move it from a pending state to an active state.
Simple right.
I want to set up 3 things for my user authentication system running on Passport / Neo4J:
1) Manual user account activation (so that admin does it);
2) Invite-only account creation;
3) E-mail confirmation of account before activation;
I was wondering if you knew of any easy-to-use Passport plugins for it (I haven't found any myself, but also want your recommendations) and also – what would be the best way to implement it (maybe you've already done / seen it, so you could share the code?)
Thank you!
Disclosure: I have never worked with Neo4j, so I am unaware of the specifics but I would accomplish this in the following way:
You can write up some simple queries that insert a users information(ex. username, password, email etc.) to your database upon registration. Then, send the user an email using something like nodemailer in which it states that he has been registered and is awaiting confirmation.
Among the user information that you have stored you should have a column where you store the account status(verified or not verified). You can then write up a small webpage for retrieving all the accounts from your database where verified=false, and confirm the ones that you want by setting verified to true, after which the user would receive an email the user telling him that he can now use your service.
As for invite-only registration, I would have a special table with "registration codes" that would be generated and inserted into that table when a user invites someone. The one who was invited would then receive a link with the code, and upon clicking it the server would check if the code exists in the database, and if it does would allow the user to create an account.
I realize that this is a broad answer, but there are many ways to accomplish what you're looking for!
Someone was having a go at it with Drawbridge, but the build is failing...https://www.npmjs.org/package/drawbridge
I'm Looking for the same thing.