How to implement user registration with the Zotonic mod_signup module? - zotonic

I would like users to be able to sign up a website made with Zotonic. According to the release notes of version 0.5.0, I should use the mod_signup module.
What is the correct way to use this module in a website? I've tried to create a "signup" page and to include the templates of mod_signup, without success.

When you enable the mod_signup module you will be able to use the signup form on the '/signup' page. Check the dispatch rules of mod_signup.
You will also need to enable mod_emailer and (optionally) mod_acl_simple_roles (disable mod_acl_adminonly).
Available config keys are:
mod_signup.request_confirm set to 0 or 1 to disable or enable confirmation e-mails
mod_signup.member_category set to the category for the new members (defaults to person)
mod_signup.member_visible_for the visibility of the new members, defaults to 0 (world viewable), choose 1 for only visible for members.

Related

CAS 6.2.x MFA Principal Attribute Trigger 'memberOf' Active Directory Not Working

I have CAS 6.2.x running in Kubernetes building the image from this repo. I am passing in the cas.properties file via configmap.I have it wired up against Active Directory and am able to login with the Username/Password. I am now working to enable MFA with the Google Authenticator plugin. I have this working as well if I force the flow globally with the following:
cas.authn.mfa.global-provider-id=mfa-gauth
When I try to use the values described here for Multifactor Authentication: Principal Attribute Trigger it doesn't send me to the MFA flow. These are the settings that I have set:
cas.authn.ldap[0].principalAttributeList=userPrincipalName,cn,givenName,sAMAccountName,memberOf
cas.authn.mfa.global-principal-attribute-name-triggers=memberOf
cas.authn.mfa.global-principal-attribute-value-regex=ForceMfa
When I log in these are the values returned back for memberOf:
memberOf
[CN=Group2,OU=MyOu,DC=subdomain,DC=domain,DC=local, CN=Group1,OU=MyOu,DC=subdomain,DC=domain,DC=local, CN=ForceMfa,OU=MyOu,DC=subdomain,DC=domain,DC=local]
Principal
I used Misagh blog post as a guide.
If I change the trigger and regex to sAMAccountName and my username it then works as expected. Not sure if I need to change the regex format to find the group name or if I just have something else wrong. It just seems like the regex is not finding a match for some reason as the settings seem to be working for me, just not with memberOf.
Thank you
Consider switching this to:
cas.authn.mfa.global-principal-attribute-value-regex=.*ForceMfa.+
Then, attach/review your logs for org.apereo.cas under either DEBUG/TRACE so you can see what's happening.

How remember me is working on Laravel and Yii2?

I have installed two different PHP frameworks Laravel 5.3 and Yii2 advanced. Both frameworks provide authentication out of the box which is great.
And both have the checkbox Remember me on the login page.
In Laravel, I have found that there is a remember_token field on users table which is as per my understanding used for the remember me feature.
But there is no such extra field on Yii2's user table.
So, I guess both provides the same feature but working differently. So I want to know that how that feature is working on both the frameworks?
Any help would be appreciated.
Note: I'm asking this because I have one system built with Yii2 and now I'm going to build a new system with Laravel. New Laravel system will use the same user table of the Yii2. Means the user can login into both the system with the same credentials.
Thanks,
Parth vora
Yii2 have auth_key - its default name, but you can define ur own column name and then declare it in identity class, which implements yii\web\IdentityInterface, in function getAuthKey().
The remember me function in Yii 2 (and most php frameworks) makes use of cookie-based login.
From the docs:
getAuthKey() returns a key used to verify cookie-based login. The key is stored in the login cookie and will be later compared with the server-side version to make sure the login cookie is valid.
Yii uses the auth_key field by default. That's probably the same field as Laravel's remember_token.
How it works is as follows:
Login with the remember me field checked.
Yii sets a cookie containing the user's (serialized) id, auth_key and duration (amount of seconds representing the duration of validity for this cookie). In yii2, the cookie name is specified by the identityCookie array in the config (user component).
All guests' requests are checked for the existance of the cookie, if it exists and is valid, the user is logged in.
That's basicly how cookie based logins work, so I'm assuming that Laravel uses a similar, if not exact same implementation.

Oracle APEX - HTML Links Breaks Session and Requires New Login

Ok so here is what is happening:
I have a client that I am building an application for. My client has a flowchart that they would like posted on the front page of their application. Check. My client then wants this flowchart to be set up as an image map so that a user could click one of the boxes in this flowchart and be taken to a report in another part of the application. Check.
All of that is elementary and, in a technical sense, works. The issue is, and it is an issue I have encountered before with APEX, is that every time a user clicks one of these links it takes them to the login screen. It seems that linking directly to a page's URL breaks the session and requires you to login again, even if you are linking from one page in the application to another in the same application.
I have played with all of the authentication settings in a hopes of fixing this and tried to determine what is breaking the session exactly but with no luck.
Has anyone else had this problem and could share their method for fixing it? I really cant have users logging in every time they click a link and I also cannot simply remove the authentication on the pages. Thanks in advance.
You should pass on the session id in your links. If you don't, then apex will see this as a new session. You can tell from the url: take note of the session id in your url when you are on your image map. When you select an application, take another look at the session id part in the url. If they are different, then you are starting a new session each time.
/apex/f?p=190:90:1674713700462259:::::
190 -> application id
90 -> page id
1674713700462259 -> Session id
To pass on the session, it depends where you construct your links.
In PLSQL, you can find it through :SESSION or :APP_SESSION
For example, in a plsql dynamic region: htp.p('the session id is '||:SESSION);
In javascript code you can use $v("pInstance") to retrieve the value dynamically, or use &APP_SESSION. which will have the value substituted at runtime.
Small example:
function printsome(){
var d = $("<div></div>");
d.text('&APP_SESSION. = ' + $v("pInstance"));
$("body").append(d);
};
So you probably just need to alter the construction of your link somewhat to include the session!
I was assuming the binding variables will do the job. But they were helpless.
Best way is to pass the current session id to an item then use the item value in the link.
f?p=&APP_ID.:32:&P31_SESSION.:::P32_CUSTOMER_ID:#CUSTOMER_ID#

Anonymous users with sitecore domains

I'm checking if this is a sitecore bug, or if I'm missing something obvious.
EDIT FOR CLARIFICATION: The problem I'm having is that I'm trying to set up the configuration settings in the Domains.config file so that Sitecore shouldn't be creating (and/or returning) an anonymous user for a domain set up this way. However, if I use the Domain.GetUsers() function on the domain, I still get the anonymous user returned.
The membership provider is a custom built and connects to LDAP in read only mode.
Details
Using Sitecore 6.4.1 and given the following domain configuration in App_Config/Security/domains.config
<domain name="DOMAINNAME" ensureAnonymousUser="false" anonymousUserName="" everyoneRoleName="" />
and these comments in that domain.config file
anonymousUserName: <snip> Set to blank to disable the anonymous user for the domain. Optional
ensureAnonymousUser: Indicates if the domain should ensure that an anonymous user for the domain exists in the Membership database. Optional - default value: false
everyoneRoleName: <snip> Set to blank to disable the everyone role for the domain. Optional - default value: Everyone
If I use the following code,
List<Sitecore.Security.Accounts.User> users = new List<Sitecore.Security.Accounts.User>();
var domain = Sitecore.Security.Domains.Domain.GetDomain(DOMAINNAME);
users.AddRange(domain.GetUsers().ToArray<Sitecore.Security.Accounts.User>());
I get the anonymous user included in users list. I assumed from the comments in the domain.config file that I shouldn't get the anonymous user if I set up my domain as above.
Is there something obvious that I'm missing?
Just a guess as I have not used 6.4 yet or tweaked any of those types of setting before... but I believe Sitecore always comes pre-packaged with the Anonymous user in the membership. By setting ensureAnonymousUser to false you're just telling it not to ensure its there, but its already there by default. Why don't you try this test:
Set ensureAnonymousUser to true then delete [*] the Anonymous user from the user manager.
Log out and back in and see if it's there again. If so then the "ensure" aspect of that worked. So...
Set ensureAnonymousUser to false then do the same thing. Does the user come back?
This is really just a hunch on how it works -- I don't have an environment like that setup right now to play with, but its worth a shot.
[*] - to delete a user form the User Manager, go to Sitecore > Security > User Manager
I think it's more question to membership provider you use. Take a look at Active Directory Module
Maybe this is something that could help you.

Custom Joomla component integration with Joomla com_user

I am creating a component where registered users will be able to use the features of my component.
My component has a some forms and views. I want to allow only logged in users to access links to my component.
How can i add extra custom fields to the User Registration form of Joomla? I have some extra fields to capture like address and company name.
How can i integrate the authentication with my component?
How can i accomplish my component without creating again the functionality of User registration and authentication.
As i know that i can use joomla user registration and integrate it with my component. But i Dont know how to do it.
Kindly Help
Thanks
There are lots of ways you can accomplish that.
OFC best methods are always integrating without doing core hacks. That said i would suggest two ways.
There are lots of plugins or components which extend the user registration fields. But these are solutions on themselves, so it will be of no use for your component which holds own data (adress, company, etc.).
You simply create a registration frontend view for your component using the joomla users model. That way users can register thru your component and add all extra fields you like. You just have to take care to add the non standard fields to your db tables in the model.
If you realy dont want to create a registration form on your own, you can create an User Plugin in combination of an content override for the registration form. The plugin would than take care of adding the extra fields to your db tables. The correct User Event would be:
function onAfterStoreUser($user, $isnew, $success, $msg) {
...
if ($isnew)
{
myComponent::createExtraFields($user['id'], $args); }
else
{
myComponent::updateExtraFields($user['id'], $args);
}
...
}