Hello I am having an issue preventing a user from accessing my site by typing in the URL. I have a login which I want to be the only way to access my /factory/homepage.html page.
But if a user types /factory/homepage.html into the URL field, they can access the homepage.html.
Im already using app.get('/factory/'), but my res.redirect('/website/userLogin.html') does not redirect to the login page.
Here is my code:
app.get('/factory/*', function(req,res,next){
console.log("going through app.get...");
res.redirect('../website/userLogin.html');
console.log('after redirect...');
});
The output is:
going through app.get...
after redirect...
And the user is taken to factory/homepage.html. I also tried app.use('/factory/*'), but no luck. The redirecting only works if a path that doesn't exist in my factory directory is entered, for example /factory/hello.html will redirect to /website/userLogin.html
I'll like for the directory /factory to not be accessible through typing in the url. Then after i will implement a middleware function to check if the user is authenticated.
Any help will be appreciated!
I'd try something like this.
app.get('/factory/*', function(req,res,next){
var authenticated = false;
//do something to authenticate user
if(authenticated === true){
//user is already authenticated
res.redirect('/factory/homepage.html');
}else{
//redirect to login
res.redirect('../website/userLogin.html');
}
});
Related
I'm following the guide on Stripes docs https://stripe.com/docs/billing/subscriptions/fixed-price
Everything works, I just cannot work out how to actually redirect the user from the JS
function onSubscriptionComplete(result) {
// Payment was successful.
if (result.subscription.status === 'active') {
console.log('redirect');
location.href = 'https://google.com';
}
}
Here the console is logging redirect but the user is not redirected. What is the best way to redirect the user after confirming the payment?
I am trying to build a login page. After a user has logged in correctly I want to exit the index.html page and redirect to my portfolio.html page.
firebase.auth().onAuthStateChanged(user => {
if(user) {
window.location = 'portfolio.html';
} else {
// No user is signed in.
// window.location = 'index.html';
console.log("Not logged in");
}
});
The code above does switch pages, but then constantly reloads the page over and over again in a loop. I am very stuck friends:(.
Thank you for your time.
Isn't it like, you got redirected to portfolio.html, the auth code is exectuted, the user object is already there, so it redirects you to portfolio again. Try adding
if(window.location.indexOf("portfolio.html") === -1){
//redirection here
}
I guess the problem is that the piece of code is also executed in your portfolio.html. So when the page is loaded, firebase checks if there is a user logged in from web storage and in your case, the user is logged in previously. So the listener will be triggered again and reload the page.
I have this logic that I'm trying to implement and I'm failing to do so... Here is the deal. I have implemented the confirmation mail for new users and now with the code that I will paste bellow I'm basically blocking the user from login into the app before he confirms he's email address. Okay fairly clear. But now I want to send him to a dedicated "verifiaction" page where it will only be some kind of text like "You need to verify you email before you can login, click to resend the confirmation link, blablabla". Im also using iron router.
Im doing this for the check:
//(server-side) called whenever a login is attempted
Accounts.validateLoginAttempt(function(attempt){
if (attempt.user && attempt.user.emails && !attempt.user.emails[0].verified ) {
console.log('email not verified');
// Router.go('verification'); - some kind of my "logic" what I want to
}
return true;
});
There is a discussion with the same issue here and in the comments, a user suggests resending the verify email token and alerting the user, instead of redirecting to a page, which would be simpler. The code for that would look like:
Accounts.validateLoginAttempt(function(attempt){
if (attempt.user && attempt.user.emails && !attempt.user.emails[0].verified ) {
Accounts.sendVerificationEmail(user._id);
Alert('Your email has not been verified, we have re-sent the email. Please verify before logging in.');
//you could also use a modal or something fancy if you want.
}
return true;
});
If definitely want to create a page, there is an answer here about ways to do that, but how you do it it depends on whether you want it to be part of the layout or not.
This question is in relation to this question: FB.logout() called without an access token
I had a question i was hoping someone could help with.
I get everything in the link above, but how do you handle when someone uses a public computer and leaves themselves logged in to FB by accident? Then a new user tries to log in to an app, but it is not them. I want to have a button to log them out of FB altogether to "log in as a different user".
I cannot do that until they authorize the app, right? So they need to authorize the app under someone else's account and then log out? There has to be another way.
Any feedback would be great - tried searching for a while on this, but to no avail. I might be over thinking it, but there should be some way to "log in as a different user".
You can do something like:
FB.getLoginStatus(function(response) {
if (response.status === "connected") {
FB.api("me", function(response2) {
// notify the user he is logged in as response2.name, and if it's not him call FB.logout
}
}
else {
// prompt the user to login
}
}
Modify your logout to something like this :-
function logout(response){
console.log("From logout" + response);
if(!response.authResponse){
window.location = "/web/login/";
return;
}
FB.logout(function(response){
FB.Auth.setAuthResponse(null,'unknown');
logout();
});
}
i.e keep on sending logout request to Facebook till the actual logout happens.
Try to use Session and save the user's ID in that session.
You can control the expiration time of that session( by default its 20 minute if the user doesn't have any activity on the page)
then in each page Load even check whether the season is still active for that user or not.
page Load event:
if(Session["LoggedIn"]==null)
{
Response.Redirect("~/Login.aspx");
}
This code above will redirect user to login page of your website if the session has expired.
My site allow users to login via Facebook Connect and also allows them to update a status field our site. I want to include a checkbox below the status update field that will allow them to post this update to their Facebook profile as well if they so choose. In order to do this I need the user to grant our application permissions to post to their Facebook profile which is supported by prompting the user for 'publish_stream' permission using the JS function FB.Connect.showPermissionDialog http://developers.facebook.com/docs/?u=facebook.jslib.FB.Connect.showPermissionDialog.
The problem I'm having is figuring out if I need to prompt the user to do this. Basically the user experience I'd like to have is that when the user checks this box for the first time I want them to be prompted to grant this permission. Once that has been granted I won't need to prompt them in the future if they check that box again. I can't seem to figure out what JS to include in the onclick action of that checkbox that will check to see if the user has granted this permission and if not then prompt them, otherwise do nothing. Also after checking the box and granting the permission I want to do nothing (no page reload) but if they reject the request to grant permission I'd like the checkbox to be unchecked. I think I may need to use the FB.ApiClient.users_hasAppPermission JS function http://developers.facebook.com/docs/?u=facebook.jslib.FB.ApiClient.users_hasAppPermission but am still confused on what this would look like. The psuedo code for this would be:
onclick="
if(user_already_granted_permission) { do_nothing; }
else {
prompt_user_to_grant_permission {
wait_for_response_from_permission_dialog {
if(permission_granted) { do_nothing; }
else { uncheck_checkbox; }
}
}
}
"
One other thing worth noting is that I've already verified the user is logged in through Facebook Connect when the page was rendered. I'm hoping someone else using Facebook Connect has already been able to figure this one out. Thanks in advance for your help!
I recently developed an online demo that uses Facebook Connect and gets the friend list of a given user - it's not the same as your case, but I used FB.Facebook.apiClient.requireLogin to get the user logged, like this:
var api_key = 'd04fba62ff27c6c84a6b767d404bcec3';
var channel_path = '/xd_receiver.htm';
/* initialize facebook API */
FB_RequireFeatures(['Api'], function() {
FB.Facebook.init(api_key, channel_path);
var api = FB.Facebook.apiClient;
api.requireLogin(function(exception){
// user is logged in and my application
// has permissions to get friend list
});
});
You can do something like this:
FB.Facebook.apiClient.users_hasAppPermission('publish_stream', function(has_perms) {
if(has_perms) {
// User has granted the publish_stream permission
} else {
// User has not granted the publish_stream permission
}
});
The second param for the users_hasAppPermission function is a callback which returns the result of the check.