enhanced security and new password

Forum to discuss the Web client version of Servoy.

enhanced security and new password

Postby IT2Be » Mon Jun 20, 2016 5:19 pm

I want to force the user to create a new password on first login.

I have a login module and an authentication module (very much like how it is documented on the wiki).

What would be the best approach to do this in a web client (no NG yet).

The way I see this:

- login form shows
- user logs in with provided username/password
- check for first time login
- show new window, dialog or hide current fields and show new fields?

Thanks,
Marcel
Marcel J.G. Trapman (IT2BE)
SAN partner - Freelance Java and Servoy
Servoy Components - IT2BE Plug-ins and Beans for Servoy
ServoyForge - Open Source Components for Servoy
User avatar
IT2Be
Servoy Expert
 
Posts: 4766
Joined: Tue Oct 14, 2003 7:09 pm
Location: Germany

Re: enhanced security and new password

Postby sbutler » Mon Jun 20, 2016 5:47 pm

As you probably know, Servoy doesn't let you switch forms on the login solution. However, you can use tabpanels. So I tend to build my login forms with a tabpanel. 1st tab is login, 2nd tab is forgot password, 3rd tab is password reset. Then I switch the tabs in the tabpanel to show the one I want. Seems to give the most flexibility.
Scott Butler
iTech Professionals, Inc.
SAN Partner

Servoy Consulting & Development
Servoy University- Training Videos
Servoy Components- Plugins, Beans, and Web Components
Servoy Guy- Tips & Resources
ServoyForge- Open Source Components
User avatar
sbutler
Servoy Expert
 
Posts: 759
Joined: Sun Jan 08, 2006 7:15 am
Location: Cincinnati, OH

Re: enhanced security and new password

Postby IT2Be » Mon Jun 20, 2016 6:18 pm

Thank you Scott, that was what I was thinking as well.

Your remark about not being allowed to switch forms was basically the background of my question :)
Marcel J.G. Trapman (IT2BE)
SAN partner - Freelance Java and Servoy
Servoy Components - IT2BE Plug-ins and Beans for Servoy
ServoyForge - Open Source Components for Servoy
User avatar
IT2Be
Servoy Expert
 
Posts: 4766
Joined: Tue Oct 14, 2003 7:09 pm
Location: Germany

Re: enhanced security and new password

Postby rgansevles » Mon Jun 20, 2016 11:52 pm

Scott,

Servoy lets you switch to any form in the login-solution.
You cannot switch to a form that is in your main solution (or in a module) until the user is logged in.

The only difference is that in the login-solution you do not have directly access to the database (only via calls to an authenticator solution).

Rob
Rob Gansevles
Servoy
User avatar
rgansevles
 
Posts: 1927
Joined: Wed Nov 15, 2006 6:17 pm
Location: Amersfoort, NL

Re: enhanced security and new password

Postby IT2Be » Mon Jun 20, 2016 11:57 pm

Hi Rob,

So how do you suggest to deal with what I want?
Marcel J.G. Trapman (IT2BE)
SAN partner - Freelance Java and Servoy
Servoy Components - IT2BE Plug-ins and Beans for Servoy
ServoyForge - Open Source Components for Servoy
User avatar
IT2Be
Servoy Expert
 
Posts: 4766
Joined: Tue Oct 14, 2003 7:09 pm
Location: Germany

Re: enhanced security and new password

Postby patrick » Tue Jun 21, 2016 9:26 am

You will have to use the authenticator solution for that. So you have to call the authenticator with the new password. Something like this:

Code: Select all
security.authenticate("authenticateSolution", "scopes.authenticate.changePassword", [oldPassword, newPassword]);


That scopes.authenticate.changePassword can then return something that lets the login solution know whether that was successful etc.
Patrick Ruhsert
Servoy DACH
patrick
 
Posts: 3703
Joined: Wed Jun 11, 2003 10:33 am
Location: Munich, Germany

Re: enhanced security and new password

Postby IT2Be » Tue Jun 21, 2016 10:53 am

Aha, so I can use the Authenticate solution/module for anything related to the database.

Thanks, that helps :)
Marcel J.G. Trapman (IT2BE)
SAN partner - Freelance Java and Servoy
Servoy Components - IT2BE Plug-ins and Beans for Servoy
ServoyForge - Open Source Components for Servoy
User avatar
IT2Be
Servoy Expert
 
Posts: 4766
Joined: Tue Oct 14, 2003 7:09 pm
Location: Germany

Re: enhanced security and new password

Postby patrick » Tue Jun 21, 2016 11:17 am

Let's put it this way: before a user is logged in, you have no access to the database. The authenticator runs on the server as a headless client and can do anything. You just have to ping-pong with it like you would do with a webservice maybe.
Patrick Ruhsert
Servoy DACH
patrick
 
Posts: 3703
Joined: Wed Jun 11, 2003 10:33 am
Location: Munich, Germany

Re: enhanced security and new password

Postby rgansevles » Tue Jun 21, 2016 10:24 pm

Exactly,

It is documented in the wiki: https://wiki.servoy.com/display/public/ ... g+Security

Rob
Rob Gansevles
Servoy
User avatar
rgansevles
 
Posts: 1927
Joined: Wed Nov 15, 2006 6:17 pm
Location: Amersfoort, NL


Return to Servoy Web Client

Who is online

Users browsing this forum: No registered users and 2 guests

cron