I have got multiple wikis. They all use the same server, assets and domain. They use separate databases and subdomains like so:
de.[myPage].org
en.[myPage].org
es.[myPage].org
Somehow the Login information does not travel with the user, when subdomain is changed.
For Example: Whenever i am logged in as "Max" and change from
de.[myPage].org
to
en.[myPage].org
i get logged out/am not logged in anymore.
How do i fix this? It may be, that databases differ.
Login is done via cookies which contain a user token; if the token matches the one stored in the database, the system accepts you as logged-in. So, you need to share the user table by enabling $wgSharedDB, and you need to share the cookie (which by default your browser limits by domain name) by setting $wgCookieDomain to .[myPage].org.
If this is not an option (e.g. you already have established users in different databases which cannot be merged due to conflicts, or you have different second-level domains) the CentralAuth extension can provide more sophisticated single sign-on, but it's a bit of a pain to administer (as the big bold warning on the extension page suggests).
Related
Im' developing an app with ionic/cordova and have used the localStorage for many times.
For example I have such a thing:
window.localStorage['is_user_paid'] = 1;
So, if user pay the money, I set this localStorage item.
Now, if another app set this to 1, and run in the device, does my app assume the user is really paid? Is it necessary to use an app key like 2afjx8y_is_user_paid ? Any idea?
When running under Cordova, localStorage is sandboxed to your app; no other apps can see the content within your app's localStorage, nor can they change the contents. Likewise, your app can only see its own localStorage contents.
Now, sandboxed does not mean not readable/editable by the user, however, which is why it is vitally important not to store things like passwords in localStorage -- the file itself is mostly human-readable and easily accessible by your end user. However, apps are prevented from accessing any localStorage other than their own.
Note: there are ways around this when apps from the same company need to share data, but they involve a different storage mechanism.)
I got around this once upon a time by creating a unique identifier within my app (stored not in the code but in the datastore), and I would use it whenever accessing local storage.
The code is predictable enough, the logic is what's important:
Create a value in your datastore (or a file that isn't readable via a URL, like in the GAE that might be an app.yaml file, or whatever) that you use as unique ID. You can do this by hand if you have to. Generate a GUID of some kind and just store it. Don't put it in your dev code or hardcode it into a JS page, make sure it's off to the side (unless you don't care, but you probably should).
Whenever you access local storage, either to get or put, run it through a function that retrieves that info (or already retrieved it as part of bootstrapping the app, whatever works for your context), and just prepend it to whatever you're calling your key.
That way you can continue coding as if you're just using an easy to understand key, like 'user_name', but the stored/retrieved key will look like "abd12342Baa345324w3423sdfs323DD_user_name".
From time to time, if so inclined, you can change that key, set up your code such that if it retrieves 'user_name' with the old key, you swap it out for the new one and continue your ops as usual.
I did this at work for an app in production and all around it was considered a legit way to go about it. I got the approach from a GAE article that shows how to store and retrieve client tokens for Google Login without putting them in your code; you can even store different versions of that UID for dev/qa/prod and whatever else. It's not specific to GAE, the concept should pan out to any environment.
Of course, if another developer on that project decides to use that same function and same GUID, then the problem just moves. A little discipline can clean that up though, I put in a comment above that util function and we never have a problem.
I am building my personal website using Jekyll and hosting it at github-pages. I would like to have a password protected area (just password protected directory, not the whole website). I have tried a few options and tricks to get htaccess to work but failed.
I would like to know if someone managed to use htaccess, or any other method, to protect a directory on github-pages.
Listing solutions which did not work for me (or I failed to get them to work):
*Flohei.
*Jeremy Ricketts.
GitHubPages (like Bitbucket Pages and GitLab Pages) only serve static pages, so the only solution is something client side (Javascript).
A solution could be, instead of using real authentication, just to share only a secret (password) with all the authorized persons and implement one of the following scheme:
put all the private files in a (not listed) subdirectory and name that with the hash of the chosen password. The index page asks you (with Javascript) for the password and build the correct start link calculating the hash.
See for example: https://github.com/matteobrusa/Password-protection-for-static-pages
PRO:
Very simple approach protecting a whole subdirectory tree
CONS:
possible attack: sniffing the following requests to obtain the name of the subdirectory
the admins on the hosting site have access to the full contents
crypt the page with password and decrypt on the fly with javascript
see for example: https://github.com/robinmoisson/staticrypt
PRO: no plaintext page code around (decrypting happens on the client side)
CONS:
just a single page, and need to reinsert the password on every refresh
an admin could change your Javascript code to obtain the password when you insert it
One option is to use Cloudflare Access to control access at the DNS level.
After setting up a custom domain for your Git pages using Cloudflare for DNS, you can use their Access rules policy to require authentication at the specified url path.
This could still be bypassed if someone is familiar with bypassing DNS blocks.
https://www.cloudflare.com/products/cloudflare-access/
You can give a try to Jekyll Auth and if you run into troubles, this issue can be useful.
You can use Render to deploy your static Web app. It has a npm package that encrypted your html files and user can not see it in browser. So you can use frontend password validation.
When a new user is added to liferay a public page can be created automatically for him.
Where should I look in the source of Liferay to implement such a functionnality ?
Or maybe it's already possible by configuration? If it is so how could I do it?
Thanks
Technically this is done in UserLocalServiceImpl.addUserWithWorkflow(...), but depending on what you really need, you can do part of what you ask for through configuration:
When you create a UserGroup, you can edit the "pages" (or site template) for a usergroup. These pages will be copied/linked to a user's personal site if the user is member of that usergroup. In ControlPanel/Portal/PortalSettings you can choose this usergroup to be the default user group for all newly created users, so that they all get those pages.
Now this doesn't assign a subdomain (like a virtual host) that you mention in the title of this question. If you want to assign a virtual host to the site (called "group" in technical terms when you dig into java code), you'll have to override the method given above (e.g. through a hook that overrides UserLocalService) and configures the user's site/group with a virtual host. However, the UI does not allow to configure virtual hosts for user's sites, but you might be able to do this through the API, e.g. programmatically
If it's enough for you, you can also just implement a blank redirection from http://username.example.com (wildcard on 'username') to http://www.example.com/web/username - e.g. use Apache's mod_rewrite
Finally, i must follow that: http://www.liferay.com/community/forums/-/message_boards/message/10268877.
I just want to user UI, so i must custom portlet to solve that :|
We have 2 different websites. One is xy.com another is xyz.com. The domain xyz.com is redirected to a folder on xy.com\one
This works fine. Now we want a particular link to be opened (for example, www.xyz.com\abc.html). I am placing this file in xy.com\one\abc.html. But when I enter this url, it takes me to home page, instead of abc.html. Though I can open abc.html, by entering www.xy.com\one\abc.html.
I need to open this file, from link, www.xyz.com\abc.html. How to accomplish this??
Regards,
Rahul Jain
I think the problem is your slashes are reversed. Did you keep your url's near a strong magnet?
If you are using apache you might want to have a look at mod_rewrite. There are similar methods available for other servers.
Would be good to know which environment you are using (web server and server side language) and if you are applying the re-direct rules in a programmatic way or via server configuration.
To give a serious reply, there could be several things wrong in the redirect.
You have to setup a redirect from the old domain to the new, by using a .htaccess on the old domain, changing the DNS records for the domain, or probably some other alternatives. Which of these have you used?
In case of the second option the receiving server (xy.com) has to accept the incoming domain (xyz.com). When I set my DNS records for a domain to go to a certain server, I have to actually setup the server to accept that domain, usually by "parking" it in Cpanel. Some hosts charge per parked domain, which is why they don't accept the incoming traffic automatically.
Depending on the method used, the receiving server has to be told what to do with the request.
So most importantly: HOW did you set up the redirect? Was it a DNS record? Was it a htaccess on the side of xy.com? Any other methods? (sorry, this isn't really an answer either but it was too long for the comments)
I usually don't use Smarty but am in the process of editing a prebuilt app, that uses Smarty for templating. It's super easy to check for the login status, but I have searched the Smarty site, docs and the app vendors docs and cannot find a tag of function to check for the initial user login. We need to pass a message to the user at their first login only.. and instead of writing it out I am hoping there is a tag we can use within Smarty, since it's already being used.
Thanks!
You can not do this by Smarty.
To differ the initial login from a later one, you have to store this information somewere. One aproach would be to use PHP and store it in the user database table (table "user", field "first_login").
The other one would be to store it in a cookie on the client side. But I wount suggest it, for you can not rely on it, as the user can turn of cookies.
So you need to find out, weather your application already stores this information in the user db table. Which it does most likely not. Therefore you need to define the db field and set it after login (using PHP). Afterwards you can user $smarty->assign() in your PHP code to publish your message to smarty in case of first login.