Ocpsoft Rewrite JSF subdomain - jsf

I want to create the following scenario:
1. Step:
Login page: The user will login into the web portal.
Each user has an username. For example tester12345.
This username is stored in the database.
2. Step:
After the redirect from the login page, all pages should be in this format:
http://tester12345.domain.com/..
This means: {username}.domain.com/..
How can I do this?

You would need to do something like this:
.addRule(Join.path("/").to("/internal_resource_blah.jsp"))
.when(Direction.isInbound()
.and(Domain.matches("username")
.and(***username is in database***)))
.otherwise(SendError.code(404, "Page not found or some error."))
.addRule()
.when(Direction.isOutbound()
.andNot(URL.matches("http://{username}.domain.com{suffix}"))
.and(***user is logged in***))
.perform(Substitution.with("http://{loggedInUser}.domain.com{suffix}"))

Related

redirect to previous page after successful admin login

I have authorized.html page which needs a admin login to view so when I go to http://127.0.0.1:8000/authorized/ it takes me to http://127.0.0.1:8000/admin/login/?next=/admin/%3Fnext%3D/authorized/, which is expected. I used the below code in view.py file to built this functionality:
class authorizedView(LoginRequiredMixin,TemplateView):
template_name = 'home/authorized.html'
login_url = '/admin/'
But after the successful admin login it didn't take me back to authorized.html instead it directs to http://127.0.0.1:8000/admin/?next=/authorized/ which is just admin page and not the page that I want authorized.html. authorized.html is in home/templates/home/ where home is the django app that i created. How to do this? Please provide the detailed steps, i'am new to django!
In your settings.py, make sure you specify where to navigate to after successful login, for example:
LOGIN_REDIRECT_URL = '/authorized/'
See https://docs.djangoproject.com/en/3.2/ref/settings/#login-redirect-url for more details.
Also, you could decorate your view with #login_required and let Django handle the login portion of things and redirect you back there too. See https://docs.djangoproject.com/en/3.2/topics/auth/default/#the-login-required-decorator for details of this.

Redirect when htaccess login fails

i wonder how to set a redirect rule when user is typing wrong username or password.
currently the .htaccess is placed in /path/to/my/dir/website/dlfiles
The user is on the website on path /path/to/my/dir/website/ with url mywebsite.com/downloads
When user tries to download file from /path/to/my/dir/website/dlfiles/myfile_123.zip the user gets the htaccess login alert. When typing wrong username or password it results in "Unauthorized" Error page but i want the user to directly go back to the page he was when clicking on download-link, how to do that?
If you are using PHP you could use the header() function.
<?php
header('Location: /path/to/my/dir/website/mywebsite.com/downloads'); //redirect on register
?>
You can add this to your "Unauthorized" Error page" which is probably found on your server.

sailsjs waterlock get jwt on login successful and signup with more fields

I am using waterlock for authentication in sailsjs application. Everything is working fine. I need two customization.
Here to get token we need to follow two steps. http://example.com/auth/login and then http://example.com/user/jwt . What we need is token should return after successful login , i.e. http://example.com/auth/login should return token after successfull login.
When user try to login with credential by this URL : http://example.com/auth/login
If email id is not present waterlock create a new user with this email. We need to stop this because we have another mandatory fields to sign up a user like name, phone number etc.
Please tell me what needs to be done here.
I had exactly these issues yesterday as well and I was able to solve them:
I needed the user as well as the token on loggin. Go into your config/waterlock.js and look for the postAction on login and change the section to the following. Change success: 'default' to success: 'jwt'.
If you dont want to create a user if it doenst exist yet edit the following line in config/waterlock.js in the authMethod: createOnNotFound: false
I hope this helps.

How to pass credential from Site A to Site B without displaying credential at address bar

I have 3 site.
Site A : Just a login form.
Site B : an Icewarp webmail
Site C : Lotus domino mail
For now, i dont want include Site C in my question. It just for Site A and Site B
I want when a user login to Site A and then, automatically redirected to Site B. How do i pass the credential safely without the username and password being displayed?
My current script is below : This is the script when user login to Site A, and then passing the credential.
if ($mailhost == "icewarp")
{
Header("refresh:0;url=Site B icewarp URL/webmail/index.html?!#$pid:$credential");
exit;
}
elseif ($mailhost == "domino")
{
Header("refresh:0;url=Site C Domino URL/mail/domadmin.nsf?Login&Username=$pid&Password=$credential");
exit;
}
The system is working fine, but the problem is user credential is being displayed on address bar. How do i send user credential in alternate way?
You might want to encrypt the credentials. Probably is the only truly secure way.
You can encrypt it with: mcrypt-encrypt.
Then, decrypt with: mcrypt-decrypt
You could try and POST the values to the Domino login form as opposed to placing them in the address bar which forms a GET request.
For PHP - Three different was to make a POST request.
http://www.lornajane.net/posts/2010/three-ways-to-make-a-post-request-from-php

how to create ACL with mongoose-acl node.js

I found this library for creating an ACL (access control list) for mongoose:
https://github.com/scttnlsn/mongoose-acl
It looks like a good module, but I'm a little confused on how to use it for my purpose.
I have a site where anybody (logged in or not) can visit a profile page, like example.com/users/chovy
However if the user 'chovy' is logged into this page, I want to give them admin privileges for editing the details of the account.
If the user is not 'chovy' or is not logged in, they would just see the read-only profile page for 'chovy'.
Can someone give me a concrete example of how I would do this?
That sounds so common, that I don't think you need an ACL. You will need to have sessions, and then you can change how the view looks based upon the current logged in user. An incomplete example would like like this:
// Assumes:
// - You set req.session.user when user logs in
// - The url route has a :name so you can do req.param() to get the name of the page being viewed
db.users.getCurrentUser(req.session.user, gotLoggedInUser)
db.users.getUserByName({name: req.param('name')}, gotUser)
And then pass this to the view, when you do a res.render():
var is_viewing_own_page = currentUser._id.toString() === loggedInUser._id.toString()
And then the view can do something like this (assuming jade):
- if (is_viewing_own_page)
div You are looking at your own page
- else
div You are viewing someone else's page

Resources