Right now, in gmail appscript we don't have any option to add a password type field.
Gmail Card Service for add-on has a very good ability to show any thing in it. We can integrate with any app which has basic REST api. We need authentication for that which commonly need password type field.
Any work around to show password type field?
As of now, there is no support for password field in Gmail add-on.
But we can build a hack for it. I hope password is needed only in registration forms. So, we can build a registration form using HTML and that can be served through authorization action.
CardService.newAuthorizationAction().setAuthorizationUrl(loginUrl)
Here, host registration HTML in a web server and pass this URL as "loginUrl" in the above snippet. We have to supply AuthorizationAction for the signup/register button. So, when the user clicks on this button, a new popup page is launched, the user will give the username, password, etc... onsubmit, we can encode all the form data and pass it to the parent Gmail add-on by redirecting it to a script redirection URL which you can generate an add-on. Once the redirection to the script URL comes, there will be a callback in our add-on code from there you can get the form fields which were encoded from registration HTML page.
function generateNewStateToken(callbackName, payload) {
return ScriptApp.newStateToken()
.withMethod(callbackName)
.withArgument("payload", JSON.stringify(payload))
.withTimeout(3600)
.createToken();
}
function getRedirectURI() {
return "https://script.google.com/macros/d/" + ScriptApp.getScriptId() + "/usercallback";
}
var state = generateNewStateToken("registerCallback", {"signup": true});
var reg_url = <reg_url> + "?redirect_uri=" + getRedirectURI() + "&state=" + state;
function registerCallback(cbResp) {
// to access payload which passed in state token: cbResp.parameter.payload;
// in the html serialize all the form fields or data which you want to pass to plugin as query params like: <redirect_uri>?form_data=<encoded_data>&state=<state>
//Note: here the registration HTML page should parse the URL to get the state & redirect_uri from URL.
// to access form_data: cbResp.parameter.form_data
}
I hope this will help you. This is how we are doing the signup/signin flow now.
Looks like you are authorizing a non google service . Please refer to Authorizing custom google services .
Related
I've been having this issue for a while now. I'm trying to add a Sign in through Steam button, which upon login, not only retrieves the user's ID, but also validates the signature. Steam uses OpenID 2.0.
I have followed the documentation here. I have followed these steps carefully, spending the better part of my day on trying to figure this out. My code is this:
let s = data['openid.signed'].split(',');
let x = Buffer.from(s.map(x => `${x}:${data['openid.' + x]}`).join('\n') + '\n', 'utf8');
let c = crypto.createHash('sha1').update(x).digest('base64');
console.log(x.toString('utf8')); // This is the key:value string
console.log(c); // This is the final result; the generated signature
Where data is the response given from the OpenID provider.
Logging x (key:value pair string) gives the expected output of:
signed:signed,op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
op_endpoint:https://steamcommunity.com/openid/login
claimed_id:https://steamcommunity.com/openid/id/765611981[1234567]
identity:https://steamcommunity.com/openid/id/765611981[1234567]
return_to:http://127.0.0.1:8000/resolve
response_nonce:2018-12-01T17:53: [some_hash]=
assoc_handle:1234567890
However, my generated hash c does not match the given signature, openid.sig. Note that I use a \n at the end of the above key:value pair string, as that is how I interpreted the documentation.
Note. The reason why I need authentication is that I want to connect the Steam account to an account on my website, and being logged in via Steam gives you full access to your account on my website, meaning that it's of utter importance that a user cannot simply enter another users id and get access to their account (replay attack). Because of this, I need to somehow validate the signature.
I have never worked with OpenID before, so please excuse any foolish mistakes of mine. I highly recommend reading the documentation that is linked above, so that you can verify what I am doing is right.
Kinds regards,
Initial Request
Make your Steam login button link to
https://steamcommunity.com/openid/login?openid.ns=http://specs.openid.net/auth/2.0&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&openid.return_to=https://mywebsite.com&openid.realm=https://mywebsite.com&openid.mode=checkid_setup
and replace the openid.return_to and openid.realm query string parameters.
openid.return_to: This is the URL that Steam will redirect to upon successful login with appended query string parameters.
openid.realm The URL Steam will ask the user to trust. It will appear as a message like this when the user is on the Steam login page: Sign into {openid.realm} using your Steam account. Note that {openid.realm} is not affiliated with Steam or Valve.
Handling the response
Upon successful login, Steam will redirect to a URL like
https://mywebsite.com/?openid.ns=http://specs.openid.net/auth/2.0&openid.mode=id_res&openid.op_endpoint=https://steamcommunity.com/openid/login&openid.claimed_id=https://steamcommunity.com/openid/id/76561198002516729&openid.identity=https://steamcommunity.com/openid/id/76561198002516729&openid.return_to=https:/%mywebsite.com&openid.response_nonce=2020-08-27T04:44:16Zs4DPZce8qc+iPCe8JgQKB0BiIDI=&openid.assoc_handle=1234567890&openid.signed=signed,op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle&openid.sig=W0u5DRbtHE1GG0ZKXjerUZDUGmc=
To verify the user, make a call from your backend to https://steamcommunity.com/openid/login copying every query string parameter from that response with one exception: replace &openid.mode=id_res with &openid.mode=check_authentication. So the final call will be to this URL:
https://steamcommunity.com/openid/login?openid.ns=http://specs.openid.net/auth/2.0&openid.mode=check_authentication&openid.op_endpoint=https://steamcommunity.com/openid/login&openid.claimed_id=https://steamcommunity.com/openid/id/76561198002516729&openid.identity=https://steamcommunity.com/openid/id/76561198002516729&openid.return_to=https://mywebsite.com&openid.response_nonce=2020-08-28T04:44:16Zs4DPZce8qc+iPCe8JgQKB0BiIDI=&openid.assoc_handle=1234567890&openid.signed=signed,op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle&openid.sig=W0u5DRbtHE1GG0ZKXjerUZDUGmc=
Steam will return a text/plain response like this:
ns:http://specs.openid.net/auth/2.0
is_valid:true
If true the user is valid, false invalid. Note this call will only return true once and subsequent calls with the same parameters will always return false. From here, you can decide how to maintain the user being logged in (such as creating a unique cookie) and return a redirect response to something like your site's homepage, last page before they clicked the Steam login button, or user detail page, etc...
I'm using SalesForce object to store user information, it includes profile image too. I'm able to insert images in Rich Text Field by sending Base64 String along with <img> tag. Image gets stored and displayed in the SalesForce page. No problem with that.
Also I'm able to get the image url to the client side (Mobile App) with the help of Rest API (NodeJS).The problem here is, Image URL is accessible(browser) only if the SalesForce account is logged in. If else it goes to the SalesForce login page (When I try with other brower).
What I want is to display the images in my Mobile app which doesn't have SalesForce login access. But I can provide enough information to client side if needed.
My image url looks like this,
https://c.ap5.content.force.com/servlet/rtaImage?eid=a037F00000YSybT&feoid=00N7F00000Pupl6&refid=0EM7F000000lIN0
Also, I have some of the security information in my server side (Node) which I got when I successfully login to SalesForce. BTW I'm using node-salesforce package to establish SalesForce connection.
1) organizationId
2) instanceUrl
3) userID
4) accessToken
I have been stuck with this problem since a week before and I'm running out of deadline. Please HELP!!!
Thanks!
I ended up rewriting the urls in the rich text on the fly when returning them from my api. In a manner so that they refer to my api which I use as image proxy through this SF API endpoint with an integration user: https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/resources_sobject_rich_text_image_retrieve.htm
private void rewriteImageUrls(RichTextRecord richTextRecord) {
Document doc = Jsoup.parse(richTextRecord.getBody());
doc.select("img").forEach(imgElement -> {
try {
URL originalUrl = new URL(imgElement.absUrl("src"));
String newUrl = appEnv.getBackendUrl() + "/api/v1/rich_text_records/" + richTextRecord.getSfid() + "/image?refid="+ UrlUtils.getQueryMap(originalUrl.getQuery()).get("refid");
imgElement.attr("src", newUrl);
} catch (MalformedURLException e) {
e.printStackTrace();
}
});
richTextRecord.setBody(doc.outerHtml());
}
Far from ideal but it works!
I am new to Netsuite and I have a requirement to show one alert message displaying "welcomeuser" after the user loggedin into Netsuite account.
I have tried this client script but its not showing any message.
function employee_PageInit(type){
debugger;
alert('Dear UserName, The data in NetSuite is confidential and the property of the company.');
nlapiLogExecution('DEBUG', 'user role', nlapiGetContext().getName());
alert('ok'+ nlapiGetContext().getName());
}
I have logged in with the role ADMINISTRATOR,
any help is appreciated thank you.
Here is a sample with 2.0. It's not pretty and would need some work. But this is one way to inject javascript logic onto the homepage with a portlet.
/**
*#NApiVersion 2.x
*#NScriptType Portlet
*/
define(['N/runtime'],
function(runtime) {
function render(params) {
var user = runtime.getCurrentUser();
params.portlet.title = 'Welcome Message';
var content = '<script>alert(\'Hello ' + user.name + '\');</script>';
params.portlet.html = content;
}
return {
render: render
};
});
U can try using custom portlet it stands out in the dashboard for showing the content.Then also alert is not possible.
I've struggled with this idea in the past and what you want is not technically possible, since there are no scripts that run when you are viewing the homepage. Here are some weird workarounds:
Schedule a calendar reminder, which can trigger a pop-up with your message.
Before assigning their full NetSuite rights, tell users to go to a specific page or form: Maybe a custom record... (the record could serve as a log of who consented to and read your policy) On this form you could have your message. Then when the user fills it out, have a back-end script enable their permissions.
Make your text into a tiny image, and make it your company logo for all of NetSuite. ;)
You can add the custom Javasript to display the alert on a Suitelet which would be set as the Landing Page under General Preferences, then once the user accepts redirect to their home page, and if they don't accept send an alert to the admin...
E.g.
<script>
var accepted = confirm('Dear UserName, The data in NetSuite is confidential and the property of the company.');
if (accepted)
window.open('https://99999.app.netsuite.com/app/center/card.nl?sc=-29&whence=');
else
//Send email to admin
</script>
Hi please follow the following steps :
Create a suitelet script - Login Script with pageInit() in clientscript action to alert your welcome message.
Goto Setup > Company > General Preference and under Centers tab add appropriate URL of the Login Script Suitelet's deployment and save the preferences.
Note : You can add different messages to different center's based on the roles in your account.
General Preference > Centers Tab
Hope this solves your issue please revert back if anything is missed.
Basically, the homepage of NetSuite is not scriptable.
There are some ways to check if the record/page is scriptable:
Look up the specific record type in the NetSuite Help Center; specifically on the Records Browser
On the Browser's developer console, you may run nlapiGetRecordType() and if it returns the record name, it should be scriptable -- please note that the record should be on edit mode for the console tool to run correctly with NetSuite pages
Hope this helps with your development!
you can write a function
function pageInit(type){
var context= nlapiGetContext();
var username = context.getName();
alert(hello+username);
}
I have a little question. I am working with NetSuite eCommerce and I need to check something, my site runs a script when user is logged, but sometimes it asks for a login even when still getting NetSuite Attributes. Something like this:
var loginEmail = "<%=getCurrentAttribute('customer','email')%>";
if(loginEmail==null || loginEmail=="") {
$("#cart").hide();
}
else {
$("#cart").show();
}
Do you know a specific NetSuite attribute or tag that I should be calling/using?
User sessions do time out after a period of inactivity, and user sessions are tracked with a cookie.
Try testing with a different browser - ie run NetSuite in FireFox and test the eCommerce functionality in Chrome or Safari, for instance.
Try nlapiGetLogin(). From NetSuite Help:
nlapiGetLogin
Returns the NetSuite login credentials of currently logged-in user.
This API is supported in user event, portlet, Suitelet, RESTlet, and SSP scripts. For information about the unit cost associated with this API, see API Governance.
Returns nlobjLogin
Since Version 2012.2
Example
This example shows how to get the credentials of the currently logged-in user.
//Get credentials of currently logged-in user
var login = nlapiGetLogin();
It doesn't say, but my thought is that this would return null if no user is logged in.
Use this code:
<%
var shoppingSession = nlapiGetWebContainer().getShoppingSession();
if (!shoppingSession.isLoggedIn())
$("#cart").hide();
else
$("#cart").show();
%>
In place of
<%=getCurrentAttribute('customer','email')%>
try using
<%=getCurrentAttribute('customer','entityid')%>
I am trying to create an html object dynamically with the necessary header information depending on the query string in the link I provide to Facebook. I am hoping that Facebook open graph will call this html link as I provided. However it seems that query string info are not getting passed to my server. Do anyone know how to make this work or what is the more appropriate way to do this. BTW, I am writing my code in Node.js.
To get more info about Facebook open graph api, look here, https://developers.facebook.com/docs/beta/opengraph/actions/.
For example, the link I am trying to pass to Facebook is, "http://xxx-url.com/getFacebookObject?objectId=&description=first dynamic post", so I sent a request with the link as, "https://graph.facebook.com/me/app-name:action-name?object=http://xxx-url.com/getFacebookObject?objectId=&description=first dynamic post". However, when I check the log on the server, I don't see anything in the query string.
Instead of using the query string, you can embed the data in the URL:
http://some-domain.com/getFacebookObject/id/description
Then, depending on what node.js packages you're using, extract the data from the request:
// expess.js style
app.get("/getFacebookObject/:id/:description", function(req, res) {
var id = req.params.id,
desc = req.params.description;
// your code...
});
(See http://expressjs.com/guide.html.)
Sorry, Facebook will strip off all query string information from the URL when they launch your site in the iframe. If it was a page tab app, then you could add it to the app_data query string parameters which in turn gets passed to your iframe's page tab app via the app_data part of the signed_request parameter.