Between the Active Directory Plugin and the Build User Vars Plugin i use the email attribute field so we send email messages about jobs after they have run.
Currently Ad is integrated and populates the user's details and the Build user vars plugin takes the email from this user's account to send the mail.
Does anyone know how i can change the AD lookup attribute to something else for email? I did try to manually modify the email on the user's account but it keeps getting reset to the old value. Modifying it in AD isn't an option as i would like to redirect the attribute for all users.
I upgraded to the latest version of the AD plugin which allows modification of email address.
Related
So I have an iOS app that uses Firebase, signs users in anonymously initially and then allows them to later add an email address, which is linked to the Firebase user using a call to:
Auth.auth().currentUser?.linkAndRetrieveData(with: credential)
This all works fine but I'm now running into the issue of being unable to update that user's email. I assumed this would work by simply sending another email link to the new email, then calling linkAndRetrieveData with the new credentials.
This, however, gives me a FIRAuthErrorCodeProviderAlreadyLinked error, because the user already has an email address. I would've expected it to just overwrite the existing email. I then tried/considered to solutions:
Unlink the email provider, then relink with the new credentials. First, this seems impossible since the stated "providerId" for an email-link-authenticated user is "Firebase", and when I feed that into unlink it fails. Second, this is bug prone because you could successfully unlink the first email and then have the link of the new email fail.
Use the provided "updateEmail" method - this doesn't work because it assumes email/password authentication, and I'm using email link authentication. Even if this did work, it would mean having an unverified email.
So I'm wondering how to do this, or if it's actually possible that this isn't supported at all. I can't believe this wouldn't be supported since it seems like a very common issue and basically makes email link authentication a nonstarter.
updateEmail() is the method to change email for signed in user, no matter how the user was created or authenticated. You are right that the new email address would become unverified. The sendEmailVerification() method can then be triggered to send a verification email to the user, so they can verify the email address.
The providerID for an email link user should be "emailLink" (Android link, since I couldn't find the iOS version quickly, and the values come from the server anyway).
But note that a linked account will always have a top-level provider of "firebase", and then have the actual values of the linked accounts in the UserInfo elements of the provider array.
I have the Mautic and Salesforce integration working fairly well, and now I would like to sync the email bounce status back to Salesforce. This allows Salesforce users to update email addresses when they are talking to prospects and making notes in Salesforce. I don't see how to sync the bounce back since there is no "email bounced" field in a Mautic contact.
Using Mautic, I can detect bounced emails as shown below once their email has bounced:
However, when I go the Salesforce plugin, there's no field to select for this bounce, something like "Email Bounced":
Maybe I can create a custom field called "Email Bounced", but then how would I populate it? Ideas? Thank you!
The solution below assumes the cron jobs for syncing and segments are set up (that's a small project in itself). It also assumes email inbox monitoring has been setup.
Create a field in SalesForce to store the Invalid Email flag.
See SalesForce help. Create a Boolean field called "Email Invalid".
Create a field in Mautic to store the Invalid Email flag.
Create a segment with contacts having a bounced email.
From https://www.irelandwebsitedesign.com/images/learning-centre/mautic/mautic_docs_en.pdf:
a. Go to Segments / New.
b. Type in the segment name. For example Bounced emails.
c. Select the Filters tab.
d. Create new Bounced Email equals Yes filter.
e. Wait for the app/console mautic:segments:update command to be automatically triggered by a cron job or execute it manually.
Create a campaign to update the bounce date.
This campaign will update the "Email Invalid" field when a contact is added to this segment.
Set the fields to sync in the plug-in.
I have an iOS app that I'd like to restrict access to, making it only available to users from a specific email domain.
The app requires the users to log in using their Google Account.
I've found various answers online that suggested adding
".read": "auth.token.email.endsWith('gmail.com')"
But that doesn't seem to return an error in the sign in page, but only when the user in question tries to access the database. Any suggestions?
You will have to enforce that. You have multiple tools to do so:
After signInWithCredential resolves, you can check the domain and that it is a google.com provider. If you are allowing email/password users, you need to verify those too. If the user doesn't meet your criteria, use the delete API on the user and issue an error to the user that they need to sign in with a certain account.
Enforce the check in your rules, as you can't always trust the client. Ensure that if a user signs up, and isn't deleted, he/she can't access the data.
Use Firebase functions which has a trigger for user creation. On user creation, check your criteria is met, if not, use the firebase-admin module to delete that user.
If you are using the Google sign-in library for iOS to get the Google credential, you can check the Google user email and Google ID token before you signInWithCredential in Firebase and block the sign in attempt.
Write your own clean up script: If you are hosting your own server and do not want to use Firebase Functions, you can run a daily script that downloads all your users using the Firebase CLI SDK and then deletes all users using firebase-admin SDK that do no match your criteria.
Since the required email domain is #gmail.com, you could just disable the email and password and enable the Google sign in method in your Firebase console. So, the only way a user can sign in on your app is with a Google account.
https://firebase.google.com/docs/auth/ios/google-signin
Include the email and password sign up option and just check for domains within your app. This will be a simple string comparison test on the email address.
Or just spin up a server to which you'll be sending the emails to for verification. This way you wouldn't have to push out new updates every time you add an extra domain. You can try and see if cloud functions would be helpful instead of spinning up a new server.
Jenkins send an email with user named undisclosed-participant with email address "undisclosed-participant#email.invalid".
We've tried changing values in email-ext plugin and still it doesnt work to use a legit user and email address.
How can we change that to use a legit user and an email address ?
Thanks
Go to Manage Jenkins - Configure Systems
Search for "System Admin e-mail address"
Make sure it is NOT empty.
Enter a legit email address.
Save it Rerun job to make sure you get email notification.
I've upgraded to Devise 3.2.1 and Rails 4.0, and I'm trying to figure out my signup now that one doesn't login on confirmation.
I allow users to create a message and specify the recipient of the message via an email address. Then I send emails notifying the recipient that they've received a message on the service. If the recipient doesn't have an account on the service, I create the account without a password, and the email I send to the recipient acts a confirmation email. With prior versions, the recipient would then click on the link, thus confirming, and then be taken to a password creation stage and then finally, they'd have a confirmed account created with password and can go see the message.
With Devise 3.1, they no longer allow login via confirmation as they consider it a security risk, however I fear it may greatly increase the complexity of my sign up process. I can no longer redirect to a password creation page as they aren't logged in. I'm toying with the idea of taking them to a special signup page or creating the account and then sending a special form of password reset.
I don't want to notify them via email, then send them a second email as a confirmation. That adds unnecessary complexity to my signup.
I wondered if anyone else has dealt with this issue and how they handled it. I'd like to avoid using:
config.allow_insecure_sign_in_after_confirmation = true
as that will go away soon and is really not the right way.
Is there a secure, yet fast way to do this with Devise 3.2?
Thanks!
I'm switching to using sorcery ( https://github.com/NoamB/sorcery ) for greater control over authentication and building my flow with that.
This is precisely the problem that devise invitable gem solves in a secure manner. I would recommend using this tool, rather than trying to hand-roll your own solution which is more likely to contain security flaws.
The gem workflow is basically:
An admin invites a new user.
The new user is created with a random password. (I actually helped write this bit!)
The user is sent an invitation email. (This is fully customisable in how it works, but has some simple default settings.)
The user receives a link, which contains a URL with a unique invitation_token.
After clicking this link, the user must choose their real password.