we have the following issue:
We're testing an application that terminates all the current sessions from all active devices for a given user once they log out. This results in the AuthenticatedUser role getting logged out with no way to automatically log back in, and all subsequent tests failing after a logout.
Is there a way that the Role can be re-initialized or somehow forced to redo the login steps after a session expires? I tried manually forcing a login inside test.after after the a logout step but it doesn't seem to work.
Thanks in advance.
You can re-initialize Role using only a private API. See the example in this GitHub thread.
Related
Is there an example somewhere how to implement yii2-mfa in the yii user login?
I have implemented the plugin, but it not works. The Problem is, it looks like the script is skipping the login entirely. There is no login, but no view appears with the entry of the otp. The script tries to access the dashboard without logging in. However, this generates errors because the Yii::$app->user->identity is empty.
I have been using Firebase Analytics for my apps and I like it.
Currently I have 300 events set up on one of my apps.
I learned that the max number of events we can have is 500.
What would happen if # of events exceeds 500 on Firebase Analytics?
Would it just stop logging new event? (501st event)
Or is there any better way to avoid it?
I will appreciate your advice!
Extra events are dropped. A firebase_error event is logged with a firebase_error parameter which indicates the error code. See this documentation for more information.
There's no other way to avoid it, but to manage your event logging implementation properly. Note that event in Google Analytics for Firebase is equivalent to the user's interaction within your app.
I would not suggest to create or log an event with incremental index, prefix or suffix in the name. You may also want to use the event parameter.
For example, you have a login page (with authentication methods of using Facebook, Google or Username/Password) and you'd like to track what is the most commonly used by the users. With this, you could log a custom event with the name of "user_login" and a parameter or login_method. After this, add the parameter in the custom parameter reporting to see the counts.
Hope this helps :)
Just for clarification because this confused us and there is no clear documentation on this:
The 500 events limit is per user per day and not per project globally. So events are only dropped after a single user uses more than 500 unique events per day, everyone else will continue to log events.
So if you have more than 500 events thats fine, you dont need to replace them you just need to remove them from your current app from being logged and use new ones, then this user will never use the old events and it does not count towards his 500 event limit.
I'm playing around with the CakeDC/Users plugin and I can't for the life of me figure out how to give permission for non-logged in visitors (lets call them 'guests') to access things like my /pages/home, or if I was to do a Blog plugin, allow guests to see posts etc (but not edit).
Is this possible using the 'permissions.php' file? Seems to only work for user groups (admin and user) rather than guests? Or do I have to play around with $this->Auth->allow() and $this->Auth->deny() as in this post which seems to make the permissions.php file kinda pointless...
RBAC permissions defined in CakeDC/Users are checked in the authorization step, which means you have a user already logged in (authenticated) requesting access to a specific controller/action.
All these checks happen in the core CakePHP AuthComponent per the plugin configuration.
You want to exclude specific pages from Auth, which is something managed outside of the plugin (for now). The right way to do that is using
$this->Auth->allow('yourAction');
In the controller's beforeFilter function.
I'm writing a Box App for enterprise use. The scenario is the application scans the user account, and changes the permission of certain file (which we believe it's sensitive) to 'disallow download'. Good thing is it can be done, however, when user logins, he/she can easily change the permission back to 'allow download' from webpage. Is there any way to prevent user changing the permission back? Any idea?
Lock unlock functionality is coming soon in the V2 API. Stay tuned for a blog post in the next week or so.
We currently have an implementation that uses boxes API. Our authentication process follows the process outlined here:
http://developers.box.com/get-started/#authenticating
Sometime in the recent past this has stopped working. When we go to the oauth URL (for example, https://www.box.net/api/1.0/auth/rev37d850p6pixlemm5ok8doxj2g77kg), it will initially show the login credentials page, but faster than a user could reasonably enter their credentials the page starts returning "expired ticket". If I immediately go to the token's page after creating it I can reload the page a few times before it goes into the "expired ticket" state. This is clearly not consistent with the expected 10 minute expiry time stated in the documentation.
We've had this authentication working correctly up to now, so it seems like something has changed.
We are investigating. More news once we have some additional information.
New info>> We've identified the bug, and will be pushing a fix this afternoon.
The fix has been rolled out. Please let us know if you are still experiencing any problems with SSO.
Our Android app has the same problem. As far as I investigated it, using get_auth_token API causes the ticket to expire. So you have to make sure the user has successfully logged in BEFORE attempting to get the authentication token (which is not the case with Box SDK for Android). But I don't see a viable way to check whether the user has logged in.