Search Results

Search found 89593 results on 3584 pages for 'just user'.

Page 434/3584 | < Previous Page | 430 431 432 433 434 435 436 437 438 439 440 441  | Next Page >

  • Entity framework (3.5): How to translate a certain LINQ query to eSQL?

    - by Sebastian P.R. Gingter
    Hi there, I have the following LINQ query that I need to translate to Entity SQL /eSQL): return (ObjectQuery<User>) from user in Users where !user.Roles.Any(r => r.AnIntegerProperty < 0) select user; User.Roles is an navigation property to the n:m relation to Roles and there also is a Role.Users navigation property the other way round. There aren't User_Roles or Roles_User Entities available in the model, and I can't add these. I also can't use the LINQ statement here, because I need to add .OrderBy("it." + propertyname) (comes from another source, can't change that too) later on which is not possible if the ObjectQuery is build with linq. So how do I translate this to eSQL? And where can I find good eSQL samples? I searched for a whole day until now and must admit that eSQL reference is lousy and there aren't any usable examples around the web.

    Read the article

  • Extending existing Class in Symfony

    - by Dar Hamid
    I am new to symfony. I have created a registration form using the code: $user = new Register(); $form = $this->createForm(new RegisterType(), $user); In the RegisterType class i have 5 fields (for example).I store the values in database when the user registers with the system. Now I display the EDIT page using following code: $user = $em->getRepository('MysiteUserBundle:Register')->find($id); $form = $this->createForm(new RegisterType(), $user); The problem with the EDIT code however is that it displays me all of the fields mentioned in RegisterType class.Is it possible to display only some fields. If yes how can this be achieved. Any help will be appreciated

    Read the article

  • How to Implement Single Sign-On between Websites

    - by hmloo
    Introduction Single sign-on (SSO) is a way to control access to multiple related but independent systems, a user only needs to log in once and gains access to all other systems. a lot of commercial systems that provide Single sign-on solution and you can also choose some open source solutions like Opensso, CAS etc. both of them use centralized authentication and provide more robust authentication mechanism, but if each system has its own authentication mechanism, how do we provide a seamless transition between them. Here I will show you the case. How it Works The method we’ll use is based on a secret key shared between the sites. Origin site has a method to build up a hashed authentication token with some other parameters and redirect the user to the target site. variables Status Description ssoEncode required hash(ssoSharedSecret + , + ssoTime + , + ssoUserName) ssoTime required timestamp with format YYYYMMDDHHMMSS used to prevent playback attacks ssoUserName required unique username; required when a user is logged in Note : The variables will be sent via POST for security reasons Building a Single Sign-On Solution Origin Site has function to 1. Create the URL for your Request. 2. Generate required authentication parameters 3. Redirect to target site. using System; using System.Web.Security; using System.Text; public partial class _Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { string postbackUrl = "http://www.targetsite.com/sso.aspx"; string ssoTime = DateTime.Now.ToString("yyyyMMddHHmmss"); string ssoUserName = User.Identity.Name; string ssoSharedSecret = "58ag;ai76"; // get this from config or similar string ssoHash = FormsAuthentication.HashPasswordForStoringInConfigFile(string.Format("{0},{1},{2}", ssoSharedSecret, ssoTime, ssoUserName), "md5"); string value = string.Format("{0}:{1},{2}", ssoHash,ssoTime, ssoUserName); Response.Clear(); StringBuilder sb = new StringBuilder(); sb.Append("<html>"); sb.AppendFormat(@"<body onload='document.forms[""form""].submit()'>"); sb.AppendFormat("<form name='form' action='{0}' method='post'>", postbackUrl); sb.AppendFormat("<input type='hidden' name='t' value='{0}'>", value); sb.Append("</form>"); sb.Append("</body>"); sb.Append("</html>"); Response.Write(sb.ToString()); Response.End(); } } Target Site has function to 1. Get authentication parameters. 2. Validate the parameters with shared secret. 3. If the user is valid, then do authenticate and redirect to target page. 4. If the user is invalid, then show errors and return. using System; using System.Web.Security; using System.Text; public partial class _Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { if (User.Identity.IsAuthenticated) { Response.Redirect("~/Default.aspx"); } } if (Request.Params.Get("t") != null) { string ticket = Request.Params.Get("t"); char[] delimiters = new char[] { ':', ',' }; string[] ssoVariable = ticket.Split(delimiters, StringSplitOptions.None); string ssoHash = ssoVariable[0]; string ssoTime = ssoVariable[1]; string ssoUserName = ssoVariable[2]; DateTime appTime = DateTime.MinValue; int offsetTime = 60; // get this from config or similar try { appTime = DateTime.ParseExact(ssoTime, "yyyyMMddHHmmss", null); } catch { //show error return; } if (Math.Abs(appTime.Subtract(DateTime.Now).TotalSeconds) > offsetTime) { //show error return; } bool isValid = false; string ssoSharedSecret = "58ag;ai76"; // get this from config or similar string hash = FormsAuthentication.HashPasswordForStoringInConfigFile(string.Format("{0},{1},{2}", ssoSharedSecret, ssoTime, ssoUserName), "md5"); if (string.Compare(ssoHash, hash, true) == 0) { if (Math.Abs(appTime.Subtract(DateTime.Now).TotalSeconds) > offsetTime) { //show error return; } else { isValid = true; } } if (isValid) { //Do authenticate; } else { //show error return; } } else { //show error } } } Summary This is a very simple and basic SSO solution, and its main advantage is its simplicity, only needs to add a single page to do SSO authentication, do not need to modify the existing system infrastructure.

    Read the article

  • Custom login in Django

    - by alpgs
    Django newbie here. I wrote simplified login form which takes email and password. It works great if both email and password are supplied, but if either is missing i get KeyError exception. According to django documentation this should never happen: By default, each Field class assumes the value is required, so if you pass an empty value -- either None or the empty string ("") -- then clean() will raise a ValidationError exception I tried to write my own validators for fields (clean_email and clean_password), but it doesn't work (ie I get KeyError exception). What am I doing wrong? class LoginForm(forms.Form): email = forms.EmailField(label=_(u'Your email')) password = forms.CharField(widget=forms.PasswordInput, label=_(u'Password')) def clean_email(self): data = self.cleaned_data['email'] if not data: raise forms.ValidationError(_("Please enter email")) return data def clean_password(self): data = self.cleaned_data['password'] if not data: raise forms.ValidationError(_("Please enter your password")) return data def clean(self): try: username = User.objects.get(email__iexact=self.cleaned_data['email']).username except User.DoesNotExist: raise forms.ValidationError(_("No such email registered")) password = self.cleaned_data['password'] self.user = auth.authenticate(username=username, password=password) if self.user is None or not self.user.is_active: raise forms.ValidationError(_("Email or password is incorrect")) return self.cleaned_data

    Read the article

  • Per query relevance elevation for solr?

    - by plusplus
    I want to tune the relevance of solr search results on a per user basis - based on the number of times the user has clicked through a result before. Frequently hit items FOR THAT USER should rise to the top of their search results. Is there a way to provide custom boost/elevation for particular document ids on the query? I'm thinking in the order of ~100s of particular documents to elevate. The elevation should have no effect if the rest of the query doesn't find those documents. Alternatively, if this isn't possible, what is a sane way for setting up an alternative indexing approach that would make this possible? Could I add a field per user in the index to store their scores? I'm thinking in the order of 1000 users. The major drawback of that approach is the number of times a document would need to be reindexed (i.e. each time it was used by the user).

    Read the article

  • Authorization in a more purely OOP style...

    - by noblethrasher
    I've never seen this done but I had an idea of doing authorization in a more purely OO way. For each method that requires authorization we associate a delegate. During initialization of the class we wire up the delegates so that they point to the appropriate method (based on the user's rights). For example: class User { private deleteMemberDelegate deleteMember; public StatusMessage DeleteMember(Member member) { if(deleteMember != null) { deleteMember(member); } } //other methods defined similarly... User(string name, string password) //cstor. { //wire up delegates based on user's rights. //Thus we handle authentication and authorization in the same method. } } This way the client code never has to explictly check whether or not a user is in a role, it just calls the method. Of course each method should return a status message so that we know if and why it failed. Thoughts?

    Read the article

  • How extensive is an Object in CakePHP model linkage?

    - by Andre
    I was hoping someone with an understanding on CakePHP could shed some light on a question I've been having. Here's my scenario, I have a User this User has a Company which in turn has many Department and many Address. If I were to get a User could I expect to have access to the Company and all models associated with that Company? So would $user['Company']['Department'][0] or $user['Company']['Address'][0] be possible? Which brings me back to the original question, how extensive is the linkage between models?

    Read the article

  • More strict query yields more results?

    - by Mark
    I've got a query that looks like this affiliates = User.objects.annotate(referral_count=Count('referrals')).filter(referral_count__gt=0) But when I restrict it more by adding referrals__user__date_joined__gt=start_date to the filter, I get even higher referral counts. I'm trying to count the number of people a user has referred within a time period. The relevant model looks like this: class Profile(models.Model): user = models.ForeignKey(User, unique=True, related_name='profile') referred_by = models.ForeignKey(User, null=True, blank=True, related_name='referrals') In contrast, when I try it like this: affiliates = User.objects \ .exclude(referrals__user__date_joined__lte=sd, referrals__user__date_joined__gt=ed) \ .annotate(referral_count=Count('referrals')) \ .filter(referral_count__gt=0) The exclude statement seems to do nothing... the counts don't change (should be 0 if no referred users have joined within that time period, but it isn't).

    Read the article

  • Caching roles in a cookie

    - by AspOnMyNet
    1) a) I assume roles are cached ( by setting Roles.CacheRolesInCookie ) only for current user? b) Besides Roles.GetRolesForUser(_currentUser), are there any other methods that will read role information for current user from role cookie and thus won’t have to connect to the data base? 2) a) I assume that normally role cookie gets updated only when current user is added or removed from the role(s) or when the cookie expires? b) Because role names can be cached apart from the data source, it is possible that changes to role management at the data source would not be reflected in the cached values. In this case, the user must close and re-open their browser to clear the cached cookie value. How exactly could role cookie get cached apart from the data source? 3) If the number of roles cached in a role cookie equals the value of Roles.MaxCachedResults, then I assume when Roles.GetRolesForUser (_currentuser) gets called, it will need to check the DB to see whether user is also a member of any additional roles? thanx

    Read the article

  • cannot access localhost using ip

    - by Robert
    I have done a small web development project using eclipse. It runs well when I try running it on browser with url localhost:8080/myproject/home.html. But if I want to access it on another machine (laptop, mobile, etc. using the same wifi) it is not possible; it is not able to connect. After Googling for a while found out that I have to use the IP address instead of 'localhost'. So I tried 10.0.0.4:8080/myproject/home.html, but still does not work. In fact i am unable to open that url on the same machine (where localhost:8080/myproject/home.html works fine). I also added a new Inbound rule in control panel firewall settings, allowing access to all ports for protocol TCP. Still have problem in running application with the url 10.0.0.4:8080/myproject/home.html (both on same machine as well as laptop and mobile). FYI i am using Eclipse Indigo, Apache tomcat 6.0 and server.xml file contents is as below: <?xml version="1.0" encoding="UTF-8"?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --><!-- Note: A "Server" is not itself a "Container", so you may not define subcomponents such as "Valves" at this level. Documentation at /docs/config/server.html --><Server port="8005" shutdown="SHUTDOWN"> <!--APR library loader. Documentation at /docs/apr.html --> <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/> <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html --> <Listener className="org.apache.catalina.core.JasperListener"/> <!-- Prevent memory leaks due to use of particular java/javax APIs--> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/> <!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html --> <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"/> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/> <!-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html --> <GlobalNamingResources> <!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users --> <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/> </GlobalNamingResources> <!-- A "Service" is a collection of one or more "Connectors" that share a single "Container" Note: A "Service" is not itself a "Container", so you may not define subcomponents such as "Valves" at this level. Documentation at /docs/config/service.html --> <Service name="Catalina"> <!--The connectors can use a shared executor, you can define one or more named thread pools--> <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" maxThreads="150" minSpareThreads="4"/> --> <!-- A "Connector" represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector port="8080" protocol="HTTP/1.1" address="10.0.0.4" connectionTimeout="20000" redirectPort="8443" /> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> --> <!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation --> <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> --> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/> <!-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html --> <!-- You should set jvmRoute to support load-balancing via AJP ie : <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> --> <Engine defaultHost="localhost" name="Catalina"> <!--For clustering, please take a look at documentation at: /docs/cluster-howto.html (simple how to) /docs/config/cluster.html (reference documentation) --> <!-- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> --> <!-- The request dumper valve dumps useful debugging information about the request and response data received and sent by Tomcat. Documentation at: /docs/config/valve.html --> <!-- <Valve className="org.apache.catalina.valves.RequestDumperValve"/> --> <!-- This Realm uses the UserDatabase configured in the global JNDI resources under the key "UserDatabase". Any edits that are performed against this UserDatabase are immediately available for use by the Realm. --> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> <!-- Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2. --> <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true" xmlNamespaceAware="false" xmlValidation="false"> <!-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html --> <!-- <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> --> <!-- Access log processes all example. Documentation at: /docs/config/valve.html --> <!-- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/> --> <Context docBase="myproject" path="/myproject" reloadable="true" source="org.eclipse.jst.jee.server:myproject"/></Host> </Engine> </Service> </Server>

    Read the article

  • ASP.NET MVC - How to save some data between requests ?

    - by Tony
    Hi, I'm trying to solve the problem: when a user is being logged into a WebSite (via user control .ascx stored on the Master Page), it's name is being stored in a Page.User.Identity.Name property. OK, but how to retrieve that user name in the controller ? Is it possible without registering System.Security.Principal namespace in the controller ? In the other words - the controller must know whose user wants to do some action (e.g. change account data). I could store it's name in the Html.Hidden control on each View but I don't want to have a mess in my Views

    Read the article

  • basic unique ModelForm field for Google App Engine

    - by Alexander Vasiljev
    I do not care about concurrency issues. It is relatively easy to build unique form field: from django import forms class UniqueUserEmailField(forms.CharField): def clean(self, value): self.check_uniqueness(super(UniqueUserEmailField, self).clean(value)) def check_uniqueness(self, value): same_user = users.User.all().filter('email', value).get() if same_user: raise forms.ValidationError('%s already_registered' % value) so one could add users on-the-fly. Editing existing user is tricky. This field would not allow to save user having other user email. At the same time it would not allow to save a user with the same email. What code do you use to put a field with uniqueness check into ModelForm?

    Read the article

  • How to map to tables in database PHPMyAdmin

    - by thegrede
    I'm working now on a project which a user can save their own coupon codes on the websites, so I want to know what is the best to do that, Lets say, I have 1 table with the users, like this, userId | firstName | lastName | codeId and then I have a table of the coupon codes, like this, codeId | codeNumber So what I can do is to connect the codeId to userId so when someone saves the coupons goes the codeId from the coupon table into the codeId of the users table, But now what if when a user have multiple coupons what do I do it should be connected to the user? I have 2 options what to do, Option 1, Saving the codeId from coupons table into the codeId of users table like 1,2,3,4,5, Option 2 To make a new row into the coupons table and to connect the user to the code with adding another field in the coupon table userId and putting into it the user which has added the coupon his userId of the users table, So what of the two options is better to do? Thanks you guys.

    Read the article

  • sql insert query needed

    - by masfenix
    Hey guys, so I have two tables. They are pictured below. I have a master table "all_reports". And a user table "user list". The master table may have users that do not exist in the user list. I need to add them to the user list. The master table may have duplicates in them (check picture). The master list does not contain all the information that the user list requires (no manager, no HR status, no department.. again check picture).

    Read the article

  • Joining a one-to-many association with a many-to-many association in Rails 3

    - by Maz
    Hi all, I have a many-to-many association between a User class and a Table class. Additionally, i have a one-to-many association between the User and the Table (one User ultimately owns the table). I am trying to access all of the tables which the user may access (essintally joining both associations). Additionally, it would be nice to do this this with named_scope (now scope) Here's what I have so far: class User < ActiveRecord::Base acts_as_authentic attr_accessible :email, :password, :password_confirmation has_many :feedbacks has_many :tables has_many :user_table_permissions has_many :editableTables, :class_name => "Table", :through => :user_table_permissions def allTables editableTables.merge(tables) end end Thanks.

    Read the article

  • nHibernate query by example with multiple associated objects

    - by BurnWithLife
    I'm trying to use nhibernate's query by example to build dynamic queries. I'm stuck on how to code for an example object with multiple associations. Here's an example from NHibernate in Action. Its a User object with Items. Example exampleUser = Example.Create(u).IgnoreCase().EnableLike(MatchMode.Anywhere); Example exampleItem = Example.Create(i).IgnoreCase().EnableLike(MatchMode.Anywhere); return GetSession().CreateCriteria(typeof(User)) .Add( exampleUser ) .CreateCriteria("Items") .Add( exampleItem ) .List<User>(); If the User object has let's say a Category object as a property, how could I add that in to the above example? If i put another CreateCriteria at the end it refers to the Items, not the User.

    Read the article

  • Developing Schema Compare for Oracle (Part 4): Script Configuration

    - by Simon Cooper
    If you've had a chance to play around with the Schema Compare for Oracle beta, you may have come across this screen in the synchronization wizard: This screen is one of the few screens that, along with the project configuration form, doesn't come from SQL Compare. This screen was designed to solve a couple of issues that, although aren't specific to Oracle, are much more of a problem than on SQL Server: Datatype conversions and NOT NULL columns. 1. Datatype conversions SQL Server is generally quite forgiving when it comes to datatype conversions using ALTER TABLE. For example, you can convert from a VARCHAR to INT using ALTER TABLE as long as all the character values are parsable as integers. Oracle, on the other hand, only allows ALTER TABLE conversions that don't change the internal data format. Essentially, every change that requires an actual datatype conversion has to be done using a rebuild with a conversion function. That's OK, as we can simply hard-code the various conversion functions for the valid datatype conversions and insert those into the rebuild SELECT list. However, as there always is with Oracle, there's a catch. Have a look at the NUMTODSINTERVAL function. As well as specifying the value (or column) to convert, you have to specify an interval_unit, which tells oracle how to interpret the input number. We can't hardcode a default for this parameter, as it is entirely dependent on the user's data context! So, in order to convert NUMBER to INTERVAL DAY TO SECOND/INTERVAL YEAR TO MONTH, we need to have feedback from the user as to what to put in this parameter while we're generating the sync script - this requires a new step in the engine action/script generation to insert these values into the script, as well as new UI to allow the user to specify these values in a sensible fashion. In implementing the engine and UI infrastructure to allow this it made much more sense to implement it for any rebuild datatype conversion, not just NUMBER to INTERVALs. For conversions which we can do, we pre-fill the 'value' box with the appropriate function from the documentation. The user can also type in arbitary SQL expressions, which allows the user to specify optional format parameters for the relevant conversion functions, or indeed call their own functions to convert between values that don't have a built-in conversion defined. As the value gets inserted as-is into the rebuild SELECT list, any expression that is valid in that context can be specified as the conversion value. 2. NOT NULL columns Another problem that is solved by the new step in the sync wizard is adding a NOT NULL column to a table. If the table contains data (as most database tables do), you can't just add a NOT NULL column, as Oracle doesn't know what value to put in the new column for existing rows - the DDL statement will fail. There are actually 3 separate scenarios for this problem that have separate solutions within the engine: Adding a NOT NULL column to a table without a rebuild Here, the workaround is to add a column default with an appropriate value to the column you're adding: ALTER TABLE tbl1 ADD newcol NUMBER DEFAULT <value> NOT NULL; Note, however, there is something to bear in mind about this solution; once specified on a column, a default cannot be removed. To 'remove' a default from a column you change it to have a default of NULL, hence there's code in the engine to treat a NULL default the same as no default at all. Adding a NOT NULL column to a table, where a separate change forced a table rebuild Fortunately, in this case, a column default is not required - we can simply insert the default value into the rebuild SELECT clause. Changing an existing NULL to a NOT NULL column To implement this, we run an UPDATE command before the ALTER TABLE to change all the NULLs in the column to the required default value. For all three, we need some way of allowing the user to specify a default value to use instead of NULL; as this is essentially the same problem as datatype conversion (inserting values into the sync script), we can re-use the UI and engine implementation of datatype conversion values. We also provide the option to alter the new column to allow NULLs, or to ignore the problem completely. Note that there is the same (long-running) problem in SQL Compare, but it is much more of an issue in Oracle as you cannot easily roll back executed DDL statements if the script fails at some point during execution. Furthermore, the engine of SQL Compare is far less conducive to inserting user-supplied values into the generated script. As we're writing the Schema Compare engine from scratch, we used what we learnt from the SQL Compare engine and designed it to be far more modular, which makes inserting procedures like this much easier.

    Read the article

  • Calculating spam probability

    - by Hobhouse
    I am building a website in python/django and want to predict wether a user submission is valid or wether it is spam. Users have an accept rate on their submissions, like this website has. Users can moderate other users' submissions; and these moderations are later metamoderated by an admin. Given this: user A with an submission accept rate of 60% submits something. user B moderates A's post as a valid submission. However, his moderations are often wrong, and his moderations' accept rate is a mere 30%. user C moderates A's post as spam. User C is usually right. His moderations' accept rate is 80%. How can I predict the chance of A's post being spam?

    Read the article

  • Design an api using rails and change the forgot password functionality

    - by ragupathi
    I have been using rails for developing web applications and now i need to do design an api for iphone application and since i used respond to json it also produces json but i use devise for authentication in my web application and when i send email and password along with the api it gives out {"user":{"authentication_token":"Lsusyd27ewgasga63","email":"[email protected]"}} and there is forgot password functionality in the iphone app but in the web application when clicking on forgot password button it sends an email to the users email, whereby the user has to go to his mail and click on the link sent and it will take to the change password path and after changing it the user will be login but in this iphone app i want to send the password to the user mail and the user can use that password and login. How can i do this? Also do i have to create new controllers for api or the web application controller is enough if it respond as json? please help me.

    Read the article

  • How to write a custom (odd) authentication plugins for Wordpress, Joomla and MediaWiki

    - by Bart van Heukelom
    On our network (a group of related websites - not a LAN) we have a common authentication system which works like this: On a network site ("consumer") the user clicks on a login link This redirects the user to a login page on our auth system ("RAS"). Upon successful login the user is directed back to the consumer site. Extra data is passed in the query string. This extra data does not include any information about the user yet. The consumer site's backend contacts RAS to get the information about the logged in user. So as you can see, the consumer site knows nothing about the authentication method. It doesn't know if it's by username/password, fingerprint, smartcard, or winning a game of poker. This is the main problem I'm encountering when trying to find out how I could write custom authentication plugins for these packages, acting as consumer sites: Wordpress Joomla MediaWiki For example Joomla offers a pretty simple auth plugin system, but it depends on a username/password entered on the Joomla site. Any hints on where to start?

    Read the article

  • Django query filter a set of data

    - by dana
    if a have a query like following = Relations.objects.filter(initiated_by = request.user) in which i'm having all the users followed by the currently logged in user, and i want to display those user's blog posts. Using a query like: blog = New.objects.filter(created_by = following) it only shows me the blog posts of the user with the id = 1 (though the currently logged in user doesn't actually follow him) in template i have : {% for object in blog %} <a href='/accounts/profile_view/{{object.created_by}}/'> {{object.created_by}}</a> <br /> {{object.post}}<br /> {% endfor %} Where am i wrong?

    Read the article

  • is this a secure approach in ActiveRecords in Rails?

    - by Adnan
    Hello, I am using the following for my customers to unsubscribe from my mailing list; def index @user = User.find_by_salt(params[:subscribe_code]) if @user.nil? flash[:notice] = "the link is not valid...." render :action => 'index' else Notification.delete_all(:user_id => @user.id) flash[:notice] = "you have been unsubscribed....." redirect_to :controller => 'home' end end my link looks like; http://site.com/unsubscribe/32hj5h2j33j3h333 so the above compares the random string to a field in my user table and accordingly deletes data from the notification table. My question; is this approach secure? is there a better/more efficient way for doing this? All suggestions are welcome.

    Read the article

  • Why getting active record error when trying to work on arrays?

    - by keruilin
    I have the following association in my User model: has_and_belongs_to_many :friends, :class_name => 'User', :foreign_key => 'friend_id' I have the following uniqueness constraint in my user_users table: UNIQUE KEY `no_duplicate_friends` (`user_id`,`friend_id`) In my code, I am retrieving a user's friends -- friends = user.friends. friends is an array. I have a scenario where I want add the user with all those friends to the friends array. Ex: friends << user_with_all_those_homies However, I get the following error: ActiveRecord::StatementInvalid: Mysql::Error: Duplicate entry '18-18' for key 'no_duplicate_friends': INSERT INTO `users_users` (`friend_id`, `user_id`) VALUES (18, 18) What gives?

    Read the article

  • Omniauth + Pow Issue

    - by neon
    I am having a strange issue with Pow and Omniauth. Omniauth (Facebook Login) works fine when using localhost:3000, but when using Pow (appname.dev) things get fishy. Users are taken through the redirect and properly created if they don't exist in the database, as they should be. After this, however, they are redirected to the root_path and not signed in. Their record is saved in the database as expected, but sign in does not occur. Again, this is only happening on Pow (and lvh.me), and not on localhost. Any ideas? I am using the Devise/Omniauth approach for sign-in, and the controller code looks like this: def facebook @user = User.find_for_facebook_oauth(request.env["omniauth.auth"], current_user) if @user.persisted? flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Facebook" sign_in_and_redirect @user, :event => :authentication else session["devise.facebook_data"] = request.env["omniauth.auth"] redirect_to new_user_registration_url end end Again, the user is persisted but there is no flash notice or sign_in that occurs when using POW.

    Read the article

  • Using ASP.NET Session for Lifetime Management (Unity)

    - by Sigray
    I am considering using Unity to manage the lifetime of a custom user class instance. I am planning on extending the LifetimeManager with a custom ASP.NET session manager. What I want to be able to do is store and retrieve the currently logged in user object from my custom classes, and have Unity get the instance of User from the session object in ASP.NET, or (when in a Win32 project) retrieve it statically or from the current thread. So far my best solution is to create a static instance of my Unity container on startup, and use the Resolve method to get my User object from each of my classes. However, this seems to create a dependency on the unity container in my other classes. What is the more "Unity" way of accomplishing this goal? I would like to be able to read/replace the current User instance from any class.

    Read the article

< Previous Page | 430 431 432 433 434 435 436 437 438 439 440 441  | Next Page >