i have installed the token module, but don't know how to use it. i have searched lots of time.and don't find some tutorials of it. expect someone can make me an example to use it. especially in views module. thank you.
The token module provides a centralized API for using placeholders that are replaced by text.
To start off, I suggest reading the module documentation and see the list of modules that use Token. In essence it takes a token like [user-name] and replaces it to enjoylife or whatever your username is.
You cannot use Token in Views as such. But you can use it in CCK, node body, node title etc. which, in turn, can be used in Views.
One simple example of tokens is the Pathauto module — go to /admin/build/path/pathauto and check any of the 'Node paths' suggestions.
It would help to understand better what you're trying to accomplish with token -- it is mostly used as an API and is therefore a requirement for some really useful Drupal modules like Pathauto as Zerolab suggests.
Related
We would very much like to avoid the update of the url to the file in our application when the SAS token is updated.
Is there a way to pass the token not in the url?
I did not find any info on that and I think it is impossible but thought I'd ask anyway.
Unfortunately not, it has to be part of the url.
What you can do is write a little proxy app service that operated in the way you want by passing it as a header and translating it for you. Alternatively (I am not 100% sure) but you may be able to map it in API Gateway. Have a rummage around here.
Im currently working on a nodejs project and require some authentication. As it stands I just use expresses basicAuth function, however I can't seem to figure out how to do more advanced operations. For example I have two url parameters say bob and steve. If the user navigates to website.com/bob I want it to ask for username:"user" and password:"password". However if the user navigates to website.com/steve I want it to ask for username:"user2" and password:"password123"
Would this be possible using basicAuth and if so how? Or would something like passportjs be able to accomplish this task? I dont need an amazing solution just something to stop people accessing certain areas.
What you are trying to achieve is probably access control and I suggest you use a access control list module which will allow you to implement policies as to which users/groups have access to which resources within your application.
This way, even if a user provides their username/password pair, they will not be allowed to access that resource based on the policy which is a better option application design wise.
For a start:
https://www.npmjs.org/package/acl
I'm a bit overwhelmed with the number of frameworks or express/connect middleware pieces that claim they offer REST support, but are really more about "auto CRUD"
Are there any examples that demonstrate returning framework formed hyperlinks to other resources in responses? For example, consider
/comments
where I can POST a message. After I persist the comment, the client may be able to retrieve it from
/comment/:id
... but ideally I want to return the actual URI of the created comment from the comments collection resource (as well as many other URIs to satisfy HATEOAS), a la POST-Then-GET ... sure, it's not impossible if you're willing to throw string concatenations all over the place.
Having played with Ember, I'd love to have something similar to the way they handle routes, but on the server side, so that I can simply refer to routes/resources by internal name, and leave the URI templating to the router.
Does that make sense? Is this possible and I've horribly overlooked it?
To create adhoc hypermedia-compliant resources in the HAL format I'd reccomend the HAL npm package
I believe you'll be happier with http://mcavage.me/node-restify/ then building something yourself on top of Express.
Late to the party, but express-hateoas-links looks a little easier to use than HAL, although you may not get a HAL representation.
wkhtmltopdf allows to make a screenshot of a browser view with a webkit browser.
I have a Symfony 1.4 application that requires login, which I would like to use wkhtmltopdf to create a "print this page" function.
How can I securely facilitate this. I'm thinking of creating a one-off token on each screen for the print button that allows wkhtmltopdf to login without using the password of the user.
Any suggestions for how to structure this?
We'vbe come to the conclusion to use the built in "keep me logged in" functionality for this problem.
Would you consider a different printing framework ?
What about jquery plugin (e.g. https://github.com/ianoxley/jqueryprintpage#readme) ?
That way you won't have to allow access to the restricted area from outside the session.
If you still want to use wkhtmltopdf, you can easily create an action that receives a url and a user_id and creates a unique token, I might save this token in your DB or in a Key-Value cache (depends what is your system architecture). I wouldn't create the unique token in advance, I think its better creating it on demand (When your user is asking a print).
You have couple of options in order to enable printing in secured actions,
1) Create a custom security filter. In the filter, in addition to authenticated request, you have to allow requests that contain "token" parameter with right combination of url and user
2) Change the action to unsecured. If you don't want the change the security filter, you would have to change each action to "unsecured" and create a function that verifies if either the request is authenticated or it has a proper token parameter.
It would be smart to remove each token after you used it once to make it even harder to guess a token.
In addition you might want to create a periodic worker that clears old tokens that were never in use.
Even though you already decided on an approach, I would still like to add one more alternate option that might help others viewing this issue.
Another alternate route might be to grab the current source of the page being viewed and post that into your printer backend using something like
$.post("/printer", document.documentElement.outerHTML);
This way you can also preprocess the HTML in an easy way. Your backed could first store the HTML and then parse it to for example convert images or perhaps remove some parts of the page that will not be used when printing.
Is a user able to edit localstorage (and sessionstorage) items? Specifically, would a malicious user be able to edit it like cookies can be edited?
I am researching session info for a web application I am writing, and I had the idea of using localstorage for some items. Yes, I have looked into session variables, and I am probably going to use them, but I was just wondering this and could not find it anywhere. My project is built with jQuery and PHP. The interface is completely driven by jQuery, and I am using localstorage for some other info--that is why I thought of it.
Thanks!
Yes he can, actually you should always assume that anything that is done on client side
can be altered, of course JavaScript as well.
If you want to make sure that something is not altered you can use some kind of cryptographic
signature on data and validate it on server side.