I configured my allauth signup and email confirmation. I am able to receive the email confirmation and click verify email but I wanted it to redirect to an external URL which is the main frontend URL. So instead of /account/profile it should redirect to https://redirect-to-here.com I tried using the redirect shortcut from django but can't seem to make it work also I'm trying to read the documentation on how to achieve this.
def get_email_confirmation_redirect_url(self, request):
return resolve("auth_redirect")
# url
path("auth/redirect/", auth_direct, name="auth_redirect")
# method
def auth_redirect():
return redirect("https://redirect-to-here.com")
In your settings.py, set this variable
ACCOUNT_SIGNUP_REDIRECT_URL = "https://redirect-to-here.com"
Related
I want to implement mailchimp oauth2 authentication.
I am reading here https://mailchimp.com/developer/release-notes/stricter-rules-for-url-matching-oauth-2/
that only support exact matching on the redirect URI
My question is simple, how would I know which user is the one that actually authorizes my application. When I am trying to add the current user id I am getting an error
call_back_url = url_for(controller: '/webhooks/mailchimp', action: 'handler', only_path: false, id: current_user.id)
Error call back uri mismatch.
Is there another way to add info about the user on the webhook callback?
I have found out how, I can add a state param on the redirect_to url, and then this is available on the webhook callback.
query_params = "response_type=code&client_id=#{client_id}&redirect_uri=#{call_back_url}&state=#{current_user.id}"
I'm trying to create an authentication flow using Auth Code Grant where I've added necessary omniauth strategy for Docusign to create /auth/docusign routes in Rails API only application.
Here are the steps followed
I'm issuing a request to the route from VueJS client.
window.open("http://localhost:4000/auth/docusign", "targetWindow", "width=350,height=250")
After user enters credentials and on successful login I'm calling the callback:
class SessionsController < Devise::SessionsController
def docusign
internal_destroy
#success = false
userinfo = request.env['omniauth.auth']
request_info = request.env['omniauth.params']
if userinfo
info = userinfo.info
cred = userinfo.credentials
user = User.find_by(email: info['email']) || User.find_by(id: session[:user_id])
if user
organization = user.organization
organization.organization_providers.where(provider_name: 'Docusign').destroy_all
OrganizationProvider.create(email: info['email'], token_expires_at: Time.at(cred['expires_at']), token_expires_at: Time.now, provider_name: 'Docusign', organization_id: organization.id, token: cred.token)
#success = true
end
end
render 'sessions/docusign'
end
end
I'd like to pass some params (which I'm accessing in the callback as request.env['omniauth.params']) for executing some backend tasks in the method.
When I try window.open("http://localhost:4000/auth/docusign?email='"+email+"'", "targetWindow", "width=350,height=250")
It says that the url doesn't match with any redirect urls
I have also tried passing in redirect_to('/auth/docusign', query: query) but on doing so, it doesn't open in a browser due to CORS.
I'm also trying to set it in session cookie, but since it's an API only server, I'm still working towards setting up cookie store.
Question
Which is the best way to achieve this? To pass some params in the callback and retrieve it.
Then the execution flow continues on the Rails server and the window serves a page with an appropriate response as per authentication status. However during this time, the client window which started the request is not aware of the authentication outcome.
Question
How can I communicate to the VueJS client that the authentication process is completed?
Question
Am I doing the above flow correctly or are there any better ways to achieve the same?
Thanks in advance
You need to log into your DocuSign Developer Account, Click on Admin and go on the left nav down to "API and Keys" where you can find the integration key you set. Did you set one?
If you did, you should find it and then add the redirectUri to the OAuth settings for that key (client ID in OAuth).
That is why DocuSign login tells you that the redirectURI doesn't match. You can add http://localhost:4000/auth to the list and that should work for your local env.
You cannot past custom variables on the redirectUri, it has to match exactly to the one you entered. If you need to pass values to it, there's a way to do that using state.
Here is how the URL should look, notice the &state= part of it:
https://account-d.docusign.com/oauth/auth?
response_type=code
&scope=YOUR_REQUESTED_SCOPES
&client_id=YOUR_INTEGRATION_KEY
&state=YOUR_CUSTOM_STATE
&redirect_uri=YOUR_REDIRECT_URI
&login_hint=YOUR_LOGIN_HINT
You can put whatever you want in there (URI encoded of course) and that value would come back to you when redirected back also with &state= parameter.
This solves the problem and allows you to pass arguments back to your redirect URI.
I'm using dj-allauth on my django app. When people sign up to my django project/app, I want to check that the domain on their email matches mydomain.com. Is this possible? I think I can do it by changing the signup form. I've tried the following which doesn't seem to do anything when I submit the signup form. There aren't any errors. It isn't checking for the domain, it's prompting for the user's nickname and then appending the domain automatically.
forms.py
class VSBSignupForm(SignupForm):
def save(self, request):
# Ensure you call the parent classes save.
# .save() returns a User object.
user = super(VSBSignupForm, self).save(request)
user.email_address = user.username + "#mydomain.com"
user.save()
# You must return the original result.
return user
settings.py
ACCOUNT_FORMS = {'signup': 'myapp.forms.VSBSignupForm'}
I changed the template for the signup.html such that it asks for the nickname and password, but not the email address.
edit I tried putting a print statement in the form save method and it didn't print anything in the shell, which makes me think the form isn't being used.
I want to have an additional layer of authentication by asking for an access code from users who plan to sign up.
Basically, users have to input an access code prior to getting into the sign up page. I was thinking it could be something like schoology's way for students to sign up (https://app.schoology.com/register.php?type=student)
I am using Devise for authentication
I think you should not do this: Adding another layer to registration avoid users from register to your site.
But anyway, if you just want to put a general password for the whole website you could use Http Basic Authentication
Frontend Only solution:
Make a textfield and check the input via javascript. If it matches your code you hide the input field and show the registration form.
With backend:
First put just the password form on the page and in your rails app you need a action in a controller. There you check if the code matches and et a variable like #code_valid = true. In frontend you only display the registration form when the code is valid
# /controllers/pre_signup_controller.rb
.
.
def validate_code
#code_valid = params[:code] == '12345' ? true : false
if #code_valid
redirect_to ///where ever your registration page is
end
end
In order to have a post-registration page, I added a RegistrationsController and method to provide a custom page to tell the user to check their email for the account confirmation link.
def after_inactive_sign_up_path_for(resource)
"/awaiting_confirmation"
end
Is there any way on that page (which is seen by a user who has created an account, but not confirmed it, and not signed in yet) to show the email address they used to create the account.
I'd like the page to say "we just sent a confirmation link to you at useremail#userdomain.com"
But the view for that page cannot display current_user.email because current_user is nil because they have not signed in.
Is there some other devise variable, or session variable, that would contain the registration info that was just created?
here's how we solved it ... it was easy.
modified the one-line controller method in my custom registration controller (shown in my question) to:
"/awaiting_confirmation?email=#{resource.email}"
then in the receiving method for the route /awaiting_confirmation I simply do
#email = params[:email]
and display the #email variable in my view.
You can do this two ways, the first is to display a flash message to the user after the email is successfully sent. You still have access to the users email in a variable there so something like:
:notice => "Email was sent to #{userobject.email}"
Or you could pass this object into the page that you are sending the user to after a signup and using it there.
Another way you could tackle this would be to authenticate the user with a token and then the user would be effectively signed in and you could then use current_user.
For that you would want to look into single use token authentication and devise.