I am trying to set up a dynamic hotspot system. Users will pay for a certain amount and will be granted access to internet for, let's say, an hour. I will write an application that will make the necessary changes in Radius mysql database. It will be a completely automated system. Some kind of a wifi vending machine. My questions is as follows:
When a user first identifies himself I will create a row in radcheck table.
1) How can I allow this user for only 1 hours after the payment and reject afterwards.
2) If the same user comes next week for example what changes in the database should I do to grant a new one hour access to the same user?
Related
We are building a web app that lets Office365 customers create a realistic plan for their week, by showing them how much time they actually have to work each day (it's called Weekly if you're interested).
The problem we are running into however is that some companies, primarily large ones, block apps entirely from making Microsoft Graph calls to their users. What's tricky is that we send them to Office365 to grant us permissions, their company blocks the access request, and we never see those users again, so currently don't have any way of knowing what happened.
We'd like to be able to display our own message that says something like "Your company has blocked access to our application, please contact your IT department for help".
Is there any way of knowing before sending the user over to grant access that their company (the domain) even allows apps? If not is there some way to send the user back to the requesting app with some details about why the grant failed (did the user not grant permissions, did the company block access, etc.)?
Thanks for your help!
If the administrator disables the ability for users in the organization to consent then the error message will be something like:
AADSTS90093: An administrator of {tenantDisplayName} has set a policy that prevents you from granting {name of app} the permissions
it is requesting. Contact an administrator of {tenantDisplayName}, who
can grant permissions to this app on your behalf.
https://apps.dev.microsoft.com/portal/tools/errors?errorName=graph_user_unauthorized
My original plan for the iOS app I'm developing was to make it free for all users except for administrators of "organizations" stored in a cloud database. These administrators pay a monthly subscription fee to maintain these organizations, and free users join them. An organization's administrator is the only one who can accept new users and set user permissions.
However, I realized that I have no way to check whether an administrator's subscription has expired from the point of view of another users, meaning it may be possible for an administrator to get a free trial, set up an organization, join it from an alternate account, set up permissions, cancel the subscription, and continue using the app as normal without paying. Currently, the only case that the app can handle is if the administrator tries to log into an organization after the subscription has expired.
I planned to avoid this issue by having "active" and "inactive" states for organizations stored in the database, but I still need a way for the app to recognize that a subscription has expired and deactivate the organizations associated with the user in question. I'm not sure how to do this, other than from the point of view of the admin, who could simply stop using the account before the subscription expires, and/or delegate management of an alternate, non-admin account to someone else.
I also realized that this specific setup might violate Apple's policy on in-app purchases, since I am effectively indirectly taking functionality away from free users due to paid users' subscriptions expiring. If this is the case, I'll have to rethink the payment structure of my app entirely. Am I allowed to handle subscriptions this way? If so, how can I a) reliably ensure that my app disables an organization when its admin's subscription runs out, or b) check whether an admin's subscription has run out when another user in the organization tries to log in?
I'm a Freelance developer creating a site for a start-up company.
Getting PCI compliant at this time is going to be tough, since the site is still in major development and the funds are quite short.
The situation is this: They want to accept payments on demand in a fast and easy way. This is going to involve punching an id followed by a PIN into a virtual pinpad. This should process the transaction, charge the card, and be done. Because we are not currently PCI compliant, I would like the security to be as follows:
User, in Account Management, can click a link to redirect to the third-party payment processor (We are currently using Authorize.Net). On this page, the user enters their card information followed by email/some form of ID. Their card is saved through this third-party, and the third-party sends us their ID for the user as long as the user email (Or whichever identification used on our end). Now, when the user wants to create a transaction, we send the User ID, our API Key, and the transaction Key used by the third-party as well as the amount to charge. They charge the account and all is good.
Anybody have experience in this? Is this possible? Other solutions are welcome. Again, the company is slightly low on funds, and the transactions are usually going to be ~$10. They are currently working through 100% cash right now and averaging about 30 transactions a day, which is expected to increase drastically over the summer.
Unfortunately, with the new DSS 3.1, you may still need to perform a SAQ A-EP. Part of the requirements for the SAQ A-EP are:
Your e-commerce website does not receive cardholder data but controls how consumers, or their
cardholder data, are redirected to a PCI DSS validated third-party payment processor
Even though your site never takes or processes credit card data, since your site does perform a redirect, that redirect could be changed to point to a malicious site.
Further information can be found in the SAQ A-EP.
My Geo based Android app uses Fusion Tables accessed via oAuth to store route information for users.
For the last couple of years I sporadically get notifications from users in Asia Pacific telling them that their authentication has failed. This means that the key that is registered on the API dashboard for com.spiralsoftware.bestroutepro is not being recognized.
This does not happen for all users in that region and has not happened anywhere else in the world. I suspect that there must be a bad server somewhere that my users connect to sometimes.
Once the authentication has failed it doesn't seem to come back: they appear to be locked out of being able to load their saved routes forever.
Normally the users experiencing the problem are in Australia or New Zealand but this evening I received an email from a user in the Philippines.
I can't create another API key without deleting the existing one which means all other users will be unable to access their Fusion Tables until they upgrade the app.
The folks who are affected have paid money for the app and I don't know what to tell them.
Is there anything I can do to get these users authenticated?
I am thinking to embed google calendar in my website to achieve the following and was wondering if this is doable in google calendar. Otherwise I have to go find another solution.
I have groups of users with one super user, and rest are regular users as follows:
GroupA
Super User 1
Regular User 1
Regular user 2
etc
Group B
Super User 2
Regular User 3
Regular User 4
etc
Each group have their own calendar. Users in each group can not see the other group's calendar. Only able to see their own group's calendar.
Super users of each group have all access to the calendar (add, modify, delete) and have the ability to control how much access regular users have in their group. (read only? read/write etc)
All users are registered to my website, therefore I am thinking to use only one google calendar account (my own account) to create a calendar for each group. Which leads to a question of authenticating my website to google's API. I need the authentication process to be automatic, hidden away from the user and be done on the server side.
My site is built using PHP/Mysql
Q1:
I have tried the Javascript client library provided by google, however it require the user to type in username/password to log into google so that the authentication (OAuth2) process can work. As mentioned in previous paragraph, I only want the user's to log into my website, they do not need to login again into google account. This should be done on serverside.
I even went as far to create a login form with information prepopulated (hidden from the user, the username/password will be visible in "view page source") and send the request to https://accounts.google.com/ServiceLoginAuth, and make the form automatic submit once the user successfully login into my website. However this causes cross domain issues.
Q2:
I may potentially have 10's of thousands of groups registered on my website. each group may have couple hundred users. Can one single google account create that many calendars?
Q3:
Once the calendar is embedded into my website, it seems to be read-only. Is it possible to make it interactive so super users in each group can add/delete/modify events?
Any ideas/suggestions is much appreciated.
Thank you
No answers? It seems like your question is straightforward. If I understand correctly, you want to access calendars from several Google accounts/users. Each user needs to authorize this access, but they only need to do so once. You could generate these requests and send them out via email, for example. When the user grants permission, Google forwards a grant code to your specified callback_uri. The grant code is extremely volatile. It's used to request a token from Google that apparently lasts indefinitely. So there's no requirement that users continually log into Google.
In Google's calendar/simple.php example. The token is stored as a SESSION variable. Even though the token is persistent, the SESSION variable is not. Users have to grant authorization every time the SESSION variable expires. Storing persistent data in a volatile variable is absurd and probably gives the wrong impression about the OAuth2 token mechanism.
I spent a lot of time writing documentation that I couldn't find anywhere else. Please take a look if you think it might help: http://www.tqis.com/eloquency/googlecalendar.htm
What you're asking isn't possible in Google Calendar.
If you're looking to support thousands of groups and each group needs it's own calendar, then you're saying that you'd need thousands of calendars with access control and you'd need authentication to the calendar to be transparent.