Using feathers-authentication it is possible to authenticate a user using a configurable username field. At the moment, I can configure authentication to use either the username OR email fields of my user model, but I would like to offer both options username AND email to our users.
What would be the best way of doing this?
Apparently, it is possible to concatenate authentication methods so the solution should be something like:
app.configure(auth({ secret: 'super secret' }))
.configure(local()) // defaults usernameField to 'email'
.configure(local({ // support username
name: 'local-username',
usernameField: 'username'
}));
A more complete example can be found on GitHub: https://github.com/jaredhanson/passport-local/pull/148#issuecomment-261506180
Related
I have a system where SPA(React) and I use JWT auth(Node JS). How should I get the role on the Client side(like admin, operator etc) to understand which UI should be rendered(Admin/operator/client). In JWT Auth I see this example
Can I store my role for an each User in my DB table with pw and login or there is another option?
And how to protect routes for an each role?
Based on this documentation https://jwt.io/introduction/, I think you should add a field in the payload of your jwt, for exemple :
{
role: "admin"
}
{
role: "admin"
}
Okay I got it from doc, but it`s not a question I asked actually
I want to add two-factor authentication to dovecot and thought of appending a OTP to the normal password a user has then sending that "new" password to Dovecot so i wondered whether it is possible to edit the password_query in dovecot-sql.conf.ext in such a way that it includes a section where the OTP part of the password is verified.
The authentication in dovecat can work via PAM. Most two factor authentication systems (to be specific OTP systems) add the second factor by just appending the OTP value after the password like:
mySecretPassword788293
This is sent to the authentication backend which knows, how to haĆdle this.
This means that the PAM stack would only request one password (which consists of the static part/knowledge and the OTPpart/possession) and have the OTP backend verify this.
E.g. you could use privacyIDEA to manage your 2nd factors in conjunction with PAM. http://privacyidea.readthedocs.io/en/latest/application_plugins/index.html
Disclaimer: I am core developer of privacyIDEA
I want to retrieve all chat conversations from ejabberd, even after I logout, close the browser and login again. Please suggest any way to do it. I am using converse.js. Should I add something in converse configuration to retrieve the chat conversation ?
Basically, I want Facebook kind of chat where we can retrieve chat conversation between each user after its logged in.
Here is my converse.js config:
converse.initialize({
websocket_url: webSocketUrl, // ConnectionUrl
keepalive: true,
message_carbons: true,
play_sounds: true,
auto_login: true,
jid: user,
password: password,
show_controlbox_by_default: false,
auto_list_rooms:true,
allow_logout: false,
allow_registration: false,
});
Converse.js supports the XMPP extension XEP-0313 Message Archive Management (MAM).
You need to make sure that your XMPP server supports MAM. Ejabberd 15.06 has support for it. You'll need to turn it on in Ejabberd's configuration file.
In converse.js, you want to pass in a value of roster or always to message_archiving when you call converse.initialize.
For example:
converse.initialize({
// Your other options go here...
message_archiving: 'always'
});
roster means that only message to and from contacts in your roster are archived. always of course means that messages are always archived.
There is also the related option archived_messages_page_size, which you can use to set how many messages are fetched at a time.
I'm working on a project that has a three field login form (account, user, password)
is there any way to tell a browser to remember all three fields when trying to save the password for a user? All the browsers I've tested seem to only save the password and username fields.
Try use the:
Autocomplete property: http://help.dottoro.com/ljdwgiwh.php
Or HTML5 localStorage: http://www.thomashardy.me.uk/using-html5-localstorage-on-a-form
I have a rails app that is using Devise perfectly in development. I have altered it, following the official Devise documentation to use a username instead of an email address. I am also using MySQL, instead of SQLite.
When logging in, in development, I can type in "admin" to login as the user "Admin". But in production, "admin" does not work and requires me to type in the case sensitive "Admin".
I'm assuming it's a different setting in my MySQL database?
I'm assuming here that you have an attribute for logging in called login. If it's username, use that instead of login below. In your Devise initializer, there is a setting:
config.case_insensitive_keys = [ :email ]
Change to
config.case_insensitive_keys = [ :email, :login ]
This will:
These keys will be downcased upon creating or modifying a user and when used to authenticate or find a user. Default is :email.
So, you might need to update the Admin's login once, but then if you type in Admin or admin, it will find and authenticate.
Generally for devise we do something on the following manner. Can you check whether this is the case in your AdminUser model
validates :email,:presence => true,
:format => {:with=>email_regex,:message => "not a valid email"},
:uniqueness => {:case_sensitive => false}