i am working on a project that sent a URL link to a user and the user has to put the user account information to log into that account .Is there any way to implement the user account information to that link in order the user won't type every time his account information when he receiving his information?.
You will need to generate an unique link and tie it with the user for a specific period of time (for security reason). Then send the link to the user so that he/she can login using that link within that specific period of time. If that time is passed, he/she will need to request a new link.
So here's the step by step breakdown:
1. User inputs his email/phone number.
2. You check on the database if there's any user available for that email/phone number in your database. If user found, you will need to store an unique token for that user and store it.
3. Generate the link with that token.
4. When user click on the link, match the token with your database and user, and if it matches that means user is authorized and let him login. Delete the token.
Let me know if you need any more explanation.
Related
Apple SignIn is designed in a way that you only receive the email-address and the users name during the initial signin / when you create an account. My App is running on a parse backend, so when a user signs in the first time I create a parse user and save the name and email to it. The user can delete the account in my app - when he does, I delete the parse user object which includes the id and the token, but also email and name. When a user decides to reregister, Apple assumes that he already has an account and only gives me the id and token, with which I can create a new parse user but I cannot get the email / name again. Is there any proper way to handle this issue?
You need to revoke the user token when the user deletes his account.
You can do it by using Apple API explained here in Apple docs
Once you do it, when a user deletes his account and sign in again, you will get his email and name, as if it is his first time login in your app!
With reference of Obtain a link to a specific email in GMail, I understand how to get a link to a specific email in Gmail with a thread id obtained from gmail API.
However, when there are multiple users login in chrome, https://mail.google.com/mail/u/0/#all/abc123def456 will always direct to the mailbox of user 1 but the thread id is actually from user 2. Therefore, the email can never be reached.
How can I determine which users' mailbox I am looking for with a thread id or other information?
The in the URL indicates that it's for user #1, so if you want it to open for user #2, simply change the U/0 to U/1.
Keep in mind that the number is only based for that browser, and logged in users at the time, if you log out of one, every user in that browser gets logged out, and the u/# get's reset.
Cheers.
I am using devise for user authentication, how i can request from user, after clicking on sign in button, to enter sms code which is automaticaly sent to his mobile phone, for successful sign in.
I followed some instructions from internet, also i made twilio and got API key, but still no idea how to finish this.
We need more info for a complete answer (if possible).
First you need a sms provider (you seem to have chosen twilio).
Then you need code to be able to send sms using that provider.
https://www.twilio.com/blog/2012/02/adding-twilio-sms-messaging-to-your-rails-app.html
Then you need the logic. This is one way of doing it.
I am assuming you are using a database with login credentials.
Add a new table with 3 columns (adding another for primary key would not hurt), one columns for user_id, one column for a code, the next for a date.
Then when a user want to login create a code (numeric or not) and add the code to the table with current date and user_id, then send the sms to the users phone number and redirect the user to a page where he can enter the code. When he enters the code you compare it to your row in the database and validates it, having the date will make it easy to add a timeout of the code so that the user would have to enter the code in 60 seconds or what time you would prefer. You would have to send a id to the page where the user enters the sms code so you know which user it is, and that should of course be checked against the table. Using this approach makes it easy to track all tries the user has made.
A tip would be to add a limit on the numbers of sms per day/hour the user can use. Then he would be locked out for the rest of the day and would have to try again tomorrow. Otherwise someone with a user/pass could send thousands of request and forcing you to send out that many sms costing you a lot of money. That of course depend on is you debit the sms to the users account in some way..
Just wanted to mention it..
As my way....may be this process
create a dumy page for devise login .. in which take login details
Find users details from db and send him/her message
After submit on dummy page, next step will be to enter message otp code
after submit on this .... match otp of user with send otp
if it is correct than logged into device panel by api's
I have a website where users can create an account and log in. This is stored in a database on the server. I also want users to be able to log in with Facebook etc, and thus skip the account creation. I don't know how to combine this and keep it persistent in the database. Any good examples on this use case?
Let's first see how logins work in general. When a user is logging in for the first time, a session id is generated for the user and is stored in the browser of the user as a cookie (note that there are mechanisms to store session id without a cookie, but let's assume you require a cookie for simplicity).
For subsequent requests to other pages in the same website, the cookie is also sent along. With this cookie (which has the session id), the unique user can be identified.
So, all that you require to know to identify a user in the server side (upon a web request) is the session id.
Having said that, if you want to include facebook etc into the login mechanisms, you need to do two things:
Connect your website with facebook (you will require a facebook developer account and some keys. Look here). When you do this successfully, if the user selects facebook login, your website should redirect to facebook login page and once the user logs in into facebook account, facebook will redirect back to your website with a token. This token is an indication that the user is a 'real' user. If required, you can use the token to get more details (such as facebook id, email address, name, etc.) from APIs facebook.
The second step is the same for any authentication flow. You need to generate a session id for use by your server and then save the session id in cookie.
What I have specified is the general flow on how your requirement could be achieved. The mechanics of how to do this will depend on the server side technology that you are adopting (such as ASP.NET, Ruby, etc.)
Additionally, if your website requires storing information about the user behavior / user activity, you may need to additionally check if the user logged in via FB already exists in your database. If not present, you can store the user's facebook id or something to uniquely identify the user later. With this as the primary key / user id, you can store user activity (such as inserting a record in orders table if the user purchases a product).
I am sending link to an registered user. When they click the link i want them to redirect to access
their account without any authentication(login). But when they access site normally they
should do login. I am using Digest/sha for password encryption.Any one have idea?
You can try Following..
You have to send the link to their mail account.
so user can access the account with in 5 minutes.
After Five minute this link is not worked.
You have to pass the some unique key with the link.
like.
www.google.com?id=12d123e33ert
You have to generate unique link each and every request for user.
And store into one database table. with the Email ,timestamp.
If user dont click to this link within 5 minutes.
you have to clear the database whose timestamp is bigger than 5 minutes using the crone job Functionality of the server.
If Eamil and link key is matched with our store key than user can access the website.
otherwise not.
You got my Point?
The simplest way to do this is to use a lot of the same logic that the forgot password functionality uses here in this Railscast:
http://railscasts.com/episodes/274-remember-me-reset-password