Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
So i'm learning Swift and i'm trying to validate user inputs on IOS app for a class project but i'm not sure if i'm following the right steps. Can you give me some feedbacks ?
Here's how it goes:
User enters phone number, check if it's valid.
Send twilio code notification if user phone number doesn't exist in db to set phoneVerified = true
User proceed to next screen to enter email & password
then send link to set user.status = true
Datas are sent in JSON format to Couchbase via NodeJs route.
I'm not sure if datas should be validated on client-side or server-side or both. I've been told never trust user input but i was working on websites at the time. I'm really confused, Does it apply for phone apps also ?
I'll say you have two choices so far:
1 - create the random verification code (usually 6 digits) from the client (meaning the user's phone), then send it to your api along the user's phone number so that twillio can send the code within the twillio's message body.
2 - create the random verification code from your api and repeat the end steps of option 1
Client Side (let's use option 1, and think of the following as psuedo-code)
verify the input phone number, and if not valid, tell the user to do fix it.
create the random code and save it to UserDefault. (we save it because if something happen while your app is being used, of course you'll also add a logic for request another code)
create the request body dictionary that contains the code and phone number i.e [phone: 182822939, code: 83920]
using either URLSession or Alamofire you do a POST request to your nodejs api along the body that you've created from the previous step.
NodeJS API
here, you get the phone number from your request object like const phoneNumber = req.body.phonenumber, and the code like const code = req.body.code.
you create the twillio sending object using the phone, and you add the code within the message body and you send it.
if the message was successfully sent, return 200 Ok from the response, else you return the error with a 404 code
Client Side Again
As of now, the user gets the code, now with need to check if the input code and the code from UserDefault are identical. if valid you continue with your login process, otherwise you notify the user with an alert (so that's why is important to also add the request another code in case the user never receive the code.)
Voila, also this is not the only way to approach your problem.
Server side should always have the validation. You can't trust user input. Your phone app also will use some APIs to communicate with the server right? What if I don't use your app and just send request to those APIs?
Also, your design looks like it has some flaws.
What if a user verifies a phone but exits the app (user phone is verified in the database right?). But another user requests your API for email and password?
Do you have anything in place that, the person who verified the phone is registering with the email and password?
Please specify more details.
Related
I have a react app that during signup, user will enter their email and while typing API calls will be made on each keypress (if email is valid) to check if the email has previously been registered and send back a success response if it is not.
ISSUE: The problem I have is the speed of the API connection is not always reliable as in a slow network, for instance, if user types "user#gmail.com", "user#gmail.co" will be checked for and the success response will be for that email "user#gmail.com", hence they won't be able to verify it later on.
SOLUTION I TRIED: use a controlled input field and on every server response, replace the text inputed by the user with the email that the last verification was made for so users can see what email was just verified but it sucks as if users go back to change a letter or something it starts misbehaving and moving the cursor.
I'd appreciate any suggestions.
How are you performing the API call? If you use something like tanstack/react query (https://tanstack.com/query/latest) and have the query key be derived from the current input email address, you should be able to rely on using the query result to determine when the API call has finished for the current input.
for example,
const validEmailQuery = useQuery([currEmailInput], /* fetch logic etc here */)
I'm trying to build a Slack bot, in which I want bot to ask details from the user, like for example:
Question 1: Please enter your name
Question 2: Please enter your email id
Question 3: Please enter your address
Slackbot is calling an API, for which I added the API URL in Events and Subscriptions so that if a message comes, the API gets called
In the API response along with message, am also returning a field, which am expecting from Slackbot to return back again in next API request(whenever the API is called again for the same user).
Note: The field is required because on the basis of that am maintaining the user state in the backend
Is there any way to achieve this?
You will have to store the user state in either cache or database.
Using 'Redis' cache is an easy to implement solution.
You can use hash (key-value pair)to store data. Store slackID as key and state(can be a JSON object) as value.
I need to find a method to use excel to send a direct message to slack user like we use MAilto in with subject and body function to send the user email,
for example (WhatsaApp)
api.whatsapp.com/send?phone=XXYYYYYYYYYY&text=This is my message
Well if i understand correctly, you want to get info from excel and send this info to a user, well that's possible in one way, you have to be able to read excel, which i don't recommend.
i recommend Google spreadsheet for that. anyway lets not get off-topic.
then you need to know how to send message to slack, Do you know ?
i will assume not, so to send messages there is two ways,
Webhooks
Web API
method URL = https://slack.com/api/chat.postMessage
to Send Through Web API, you have to pass the following arguments:
token The Oauth2 Token you will get from slack when configuring your bot or app, Or you can use Legacy tokens instead
channel The place you want to send the message, Channel ID if it is a channel, or User ID if it is a User.
text As the name say, the message you want to send
as_user Whether you want to send the message as your name or as a Custom name, This a boolean method, Means its Only True or False
Note: To configure a custom name its in another argument we will reach.
attachments A JSON-based array of structured attachments, presented as a URL-encoded string.
username The name you want to appear as the sender of the message, only works if as_user is false, if as_user is true, it will ignore this argument.
Hope this help.
and please next time share a code so we can help, here there is not just 'I need...'
its a place where you share code and then ask 'I need...' so we can help
I have solved the issue already
Creating an APP and using the chat.postmessage
just getting started with Assistant features in RPi and I am able to successfully implement upto this point and wondering few thing.
Scenario:
user: hey google "please turn on my living room Lights"
List item my code in horword.py : has a function to perform same action based on ON_RECOGNIZING_SPEACH_FINISHED
RPi/google home: I am not sure how respond to that
I was able to capture the request query asked by user using ON_RECOGNIZING_SPEACH_FINISHED = Args.text(str) and use it in my logic to perform the task. However, at the same time, "ok google" is responding with this answer.
to mitigate this problem, I created an google-actions, now it understands my query and respond with intention from api.ai. However, didn't acts on turn lights ON. So, wondering how can I read response from google home/api.ai in text and change code to act on it locally.
appreciate it.
You will not get response as text.
For getting response to client app use webhook in API.AI and send message using fcm to client app.
Read the fcm message in client app and do the corresponding actions.
finally was able to figure out multiple ways. answered this in other stack question. find more details in this post.
Multiple ways to handle this since google doesn't gives voices transcript and we let google say our transcript which is kind off solution for now.
I basically am trying to allow users to post to their blog using a text message. I have a phone number stored for each user, and since twilio sends that information in the post request they hand to my page, I can do a reverse lookup to see which blog to post it to. The question now arises, how can I be sure that the user sent the text? Can't anyone just send post information with someone else's phone number?
I have a couple thoughts about this:
1. Twilio sends your account number in the post, which I suppose isnt known to malicious users.
2. I could respond with an SMS containing a randomly generated code, and have the user send that back. This would effectively triple the SMSs needes do I would prefer the first.
Is number one "safe enough"? Or should I bite the bullet and make a response system as in number two?
You can verify that requests are coming from Twilio. We attach an X-Twilio-Signature header to each request which is signed with your Auth Token (which should be known only by you). Each of the Twilio helper libraries has a function to help determine if the request was made by Twilio or not.
Please see our documentation on validating requests: http://www.twilio.com/docs/security#validating-requests
or our helper library functions for validating Twilio requests: http://readthedocs.org/docs/twilio-php/en/latest/usage/validation.html#validate-incoming-requests, for example.