In SimpleSAMLPHP, using example-sql example-sql, how to define groups - simplesamlphp

During local development of a project which will eventually integrate with an outside SSO provider via SimpleSAMLPHP, I have used the "example-sql" authsource with some dummy users.
The example code:
'example-sql' => array(
'sqlauth:SQL',
'dsn' => 'pgsql:host=sql.example.org;port=5432;dbname=simplesaml',
'username' => 'simplesaml',
'password' => 'secretpassword',
'query' => 'SELECT uid, givenName, email, eduPersonPrincipalName FROM users WHERE uid = :username AND password = SHA2(CONCAT((SELECT salt FROM users WHERE uid = :username), :password),256);',
),
Does not show how to specify which groups a user belongs to. If I add a column to my MySQL database called attributes, and add to it, for a user, something like "eduPersonAffiliation:group_1,group_2", should that tell SimpleSAMLPHP that my user is in those groups?

All selected columns in query will be available as attributes for your user.
So imagine you have a column groups it could represent you all groups the user is assigned (e.g. group_1,group_2)
As it's mentioned in simplesamlphp documentation you could also store the user/group assignment in an additional table
SELECT uid, ... , groupname AS groups
FROM users LEFT JOIN usergroups ON users.uid = usergroups.username
WHERE ...
see https://simplesamlphp.org/docs/stable/sqlauth:sql

Related

Need to compare data from the database with what a user filled in on a form (login)

So for my school project I need to create a future of log-in and register you can see my code on github (in the map server): https://github.com/ybouz2/project-tech
but now instead of:
const users = []
initializePassport(
passport,
email => users.find(email => user.email === email),
id => users.find( id => user.id === id)
)
i need to compare if the e-mail that is put in the log-in form is equal to one that is stored in the database and right now I used a local variable (users) to store that data in but i need to get it from the databas MongoDB instead of the users one i tried
initializePassport(
passport,
email => db('Accounts').collection('AllAccounts').find(email => user.email === email),
id => db('Accounts').collection('AllAccounts').find( id => user.id === id)
)
but that would give me the error 'Cannot read properties of undefined (reading 'db')'
anyone maybe knows and could help?

How to INSERT with SELECT values in TypeORM

Lets say I have main table Users and a reference table UserRoles such that each User has one Role saved in the column roleId, and every role has an id and a description.
If I want to insert a new User with the role Administrator, the following SQL query would work:
INSERT INTO `users` (`name`, `roleId`)
VALUES ('John Doe', (SELECT `id` FROM `roles` WHERE `roles`.`description` = 'admin'));
How would I replicate the same in TypeORM having two entities User and Role?
I know I can do the following:
const adminRole = await Role.findOne({description: 'admin'});
const newUser = User.create({name: 'John Doe'});
newUser.role = adminRole;
await newUser.save();
But this would rather be equivalent to SELECT the role into a variable and then using that variable during the INSERT. is there a way to condense this into one query so that the database is hit only once?
I know that I can create an user with the relation like this
User.create({name: 'John Doe', role: {id: 1}});
But I need to know the id for this. If I put the name like the following
User.create({name: 'John Doe', role: {name: 'admin'}});
I get the following error Error: Cannot find alias for relation at type because I have not loaded the relation.
I've found information on how to make an INSERT INTO SELECT statement here, but this is where the whole insert comes from a select, not just a particular column.
Is there a way to emulate this query for insertions? or I'm forced to either do it in two steps (or as many as reference columns as I have) or use the query builder?
Thanks you in advance

Read random user firestore

Whenever a user uses the Firebase Auth to register on my app, I create a document in a users collection of Firestore that stores metadata such as pseudo, userType, gender ...
To do that, the document id is exactly the same as the uid provided automatically by Firebase Auth (from the user UserRecord object)
Now, my app needs to fetch a user randomly from the users collection in Firestore.
I read Firestore: How to get random documents in a collection but this post suggest that I create the ID myself. The app is already built using the FirebaseAuth generated ID so what is the solution ?
A common practice in firestore is to create a "--Stats--" document within a collection (--Stats-- being the document id). This document can house information about the collection (number of documents, last updated, collection privileges etc.).
In your case, you could use cloud functions/triggers to keep tract of the total number of users in the users collection and add the id of a new user to a "userIds" array. You could keep both of these fields in the users collection's --Stats-- document. This way, when you wanted to get a random user, you could randomly generate a number betweeen 0 and the document count, then use it as an index of the userIds array. I might look something like this:
var usersCollectionRef= db.collection("users");
usersCollectionRef.doc("--Stats--").get().then((doc) => {
let numberOfUsers = doc.data().numberOfUsers;
let userIdArray = doc.data().userIds;
let randomNumber = Math.floor(Math.random() * (numberOfUsers + 1));
return usersCollectionRef.doc(userIdArray[randomNumber]).get();
}).then((doc) => {
...do something with the user's document
})

Custom fields with Membership provider

I am trying to use the custom membership provider with my custom user class from my dbcontext but I am experiencing problems when trying to create a new user using the "Register" form. I have fields such as Points etc in my user class that need to be initialised upon creation of the user.
When I call:
WebSecurity.CreateUserAndAccount(model.UserName, model.Password);
There is no way for me to add these details in. How can I use this so that I can autopopulate these values with zero for instance.
Have you checked out this overload which allows you to specify custom properties:
WebSecurity.CreateUserAndAccount(
userName: model.UserName,
password: model.Password,
propertyValues: new
{
foo = "bar",
baz = "bazinga",
}
)

How can I automatically assign a role to a CouchDB user?

I have the following method for registering users:
// Registration method
exports.register = function(req, res) {
var username = req.body.username,
password = req.body.password,
first = req.body.first;
last = req.body.last;
role = req.body.institution;
nano = require('nano')('http://127.0.0.1:5984');
var users = nano.use('_users');
var user = {
"_id": "org.couchdb.user:" + username,
"name": username,
"type": "user",
"roles": [],
"password": password,
"realname": first + " " + last
};
users.insert(user, function(err, body) {
if(err) {
res.send(err.reason, err.status_code);
} else {
res.send(body, 200);
}
});
};
As you can see, I have a variable called role which I would like to set in the "roles" array. Unfortunately, as you probably know, CouchDB only allows the admin to set roles. I'm okay with this, but I'm using the roles as institutions, so I'd like a registering user to be able to pick what institution they're registering under and therefore it should automatically be assigning them this role. Without hard-coding my admin credentials into this method, i.e.
nano.config.url = "http://admin:password#127.0.0.1:5984/"
How can I automatically assign a new user to their specified role as I've mentioned?
The roles array is used by CouchDB to decide database authorization. This allows you to configure access to a given database by a user's role. If the user can set their own role then somebody can give themselves access to any institution. They can even make themselves an admin, which defeats the purpose of protecting your admin password.
I'm not sure what your use-case is, but I don't think you are trying to prevent access to other institutions. Rather, I suspect you are trying to use the roles to perform some other application function (e.g. filtering out information for them to simplify what they see). Since you are wanting to perform a non-security function, I strongly suggest that you just add your own field to the users documents. You could add an institutions property to each user.
If you really want to do this, there is a way. The error you are receiving is coming from an update validation function in _design/_auth in the _users database. As an admin you can change this function.
Download the document. Open the file and search for Only _admin may edit roles to see where the test is being performed. Remove that conditional and save the document back to CouchDB.

Resources