I am using the mean.js stack. I want to manage my list of users, but there is no apparent solution for this. Is there an admin module for meanjs available that allows crud functions on the user database? If not please point me to a jsfiddle that shows how this can be done.
MEAN.js 0.4.1 has an admin module built in which allows a user with admin privileges to perform user management.
If you are currently using an older version maybe try to look at the code there and make the necessary changes to implement a similar module.
the other answer is correct, meanjs.org 0.4x already has this feature built in.
While for 0.3x and below you need to manually create one. It shouldn't be hard, just a regular CRUD but for users model.
Related
I would like to develop a new web-app in node.js (using express). I am relatively new to node.js world, so I assume there are frameworks that I am not familiar with.
Is there any framework (like Spring for Java) that manages authentication (and save the trouble from the developer)? Or each developer has to write this code over and over again?
Login/Logout is not all. There are other flows:
registration (create account),
forgot-password (and then set new password),
locking/unlocking an account,
change password
and I think I have covered all flows.
I know that each application has its own UI, forms, maybe with its logo, but the flow itself is similar for most applications.
In addition, I know that it is not that hard to implement, but it could be great to have some kind of tool / framework / infrastructure which implements the flows.
Is there such a tool/framework which helps applications' developers and implements these flows?
I've searched this issue but could not find anything.
Thanks!
Long ago I have developed authentication-flows for Java over Spring, and recently I wrote authentication-flows-js.
It is a module that answers most flows - authentication, registration, forgot-password, change password etc., and it is secured enough so applications can use it without the fear that it will be easily hacked.
It is for node.js applications (written in TypeScript) that use express. It is an open source (in GitHub). A release version is on npm, so you can use it as a dependency in your package.json.
In its README (and of course in the npm page) there are detailed explanations for everything and if something is missing - please let me know. An article will be published soon (I will add a link as a comment).
You can find here an example for a hosting application.
NOTE: I have heard comments like "It's not so difficult to implement". True.
But you have to make sure you take care of all cases. For example,
what happens if a user tries to create account that is already exists?
what happens if a user tries to create account that is already exists
but inactive? what about the policy of the password? (too long/too
short/how many capital etc.) what about sending the email with the
activation link to the user? how you create this link? should you
encrypt it? what about the controller that will receive the click on
the link and activate the account? and more...
I want to build a website using the MEAN stack and my database schema will be defined using Mongoose. This website will have an admin site, in which I will have all the CRUD operations for the data displayed by the frontend website. As the object model will be the same, if I'm using Java or C# I would compile this classes in a Jar or Dll and use it in my frontend site, along with the DB definitions and repositories (say hibernate)
What will be a recommended approach for reuse this object model in this MEAN scenario? Is it common to have another "folder" in my express setup? What if I want to run the admin site on another port?
I see you have no response yet, one example; Here is a nice scaffold that im working with which uses also JS, not C or Java and is a fairly good example of what your looking for i think. This will help you expedite, expand and go in which direction you want from there, by being a very adjustable MEAN stack scaffold using MOngoose, having CRUD examples, and even Bootstrap Jade SASS front end to help facilitate if you want to use it.
You would separate out your admin site as one of the MVC sections, and so forth, just like you would on any other MVC site pretty much, you can just follow the code standards in the documentation there.
The requirements of most web applications regarding the management of users are fairly common:
A user registers himself
Receives an email for confirmation
Requests a forgotten password
An admin person assigns a role to the user, etc.
Is there a node.js/express.js project that has already implemented the flow and is customizable?
Passport.js allows the application to only authenticate but not perform the functions listed above. I have seen Drywall. It uses MongoDB.
I am looking for a module that lets me customize the user storage mechanism as well, so that I can use my own MySQL DB to store users.
ASP .NET provides such features in the membership module and also lets developers customize it completely. Do we have something for Node.js?
I use sails framework and there are some packages that integrates with sails. For authentication i found this package: https://github.com/kasperisager/sails-generate-auth, maybe it help you.
To build on Victor's answer, there is a comprehensive user/role management system for express called sails-permissions that is based on sails.js.
I think you will have to use Drywall and customize it to use mySQL. It's uncommon to use mySQL for node.js as you know already.
Maybe this article will help you with the mySQL integration:
http://teknosains.com/i/simple-crud-nodejs-mysql
I am trying to follow http://liferaysatish.blogspot.de/2011/11/permissionchecker.html (which is basically a repost of another blog post).
I need to implement my own PermissionChecker to be able to support an SSO server (check if the user has been authenticated). However, there article mentions com.liferay.portal.security.permission.PermissionCheckerImpl, but there is no such class in whatever jars I was looking for it.
What I am trying to achive is to tie liferay's internal security to an external SSO Server (wso2). If there is another way to achieve this, I would love to try it.
I was trying with AdvancedPermissionChecker and SimplePermissionChecker, but I become endless redirects using them.
regards and thanks
Leon
I need to implement my own PermissionChecker
I don't believe so. At least you can make your life easier if you integrate your SSO just like any of the already integrated 6 (or so) SSO systems, authenticating the current user to Liferay and then leaving the actual permission check to Liferay.
SSO is typically used for making sure the user is who they are, then redirecting to the application they're providing their services to. If you want to maintain permissions externally to Liferay, you're best of to use an LDAP and group your users there. On the Liferay side, map those LDAP users/groups to Lifeary-usergroup-memberships. Provide the required permissions/memberships for those usergroups and you're set. Implementing your own permission checking (which will also be used internal to Liferay) is one of the least maintainable ideas that I've ever heard of.
I believe the latest Liferay does not have this file anymore. You should search for it in the 5.0 version. And the JAR itself is in \ROOT\WEB-INF\lib\portal-impl.jar
http://docs.liferay.com/portal/5.0/javadocs/portal-impl/com/liferay/portal/security/permission/PermissionCheckerImpl.java.html
Since this article http://symfony.com/doc/2.0/cookbook/security/custom_provider.html has not been written yet, has anyone an idea of how to do that ? (In my case it would be using LDAP authentication).
Thanks for your answers
To help you get started you can check out my blog post which outlines how to create a very basic user provider system:
http://clintberry.com/2011/custom-user-providers-symfony2/
EDIT: This post only covers the custom User Provider. To use LDAP authentication you will need to create your own Authentication Provider as well or use a third party library. http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html
This first thing I would suggest you is to do a search for a LDAP bundle on the great website KnpBundles (results here). I saw two results. If you are willing to use an external bundle, you could just use of the two given in the results.
If you prefer to create your own bundle for this task, what I would suggest is to inspire you from these two bundles. Another useful suggestion is to check the FOSFacebookBundle. It is in no mean related to LDAP but, they implements their own provider, so all the glue is there to implement your own.
Just a small notice, if you are developing against Symfony2 master branch, it is good to know that security factory registration has changed a bit. So, be carefull when looking at other bundles to be sure what version they are targeting.
Hope this helps.
Regards,
Matt