Me and my friend are working on final project. My friend is a little bit ahead and made all his database on Yii2 framework.
Everything worked fine, our database is on AWS and I got it by simple requests on my Android app.
Now I came to the part where I need to use login-password. Here I'm stuck, because all I can fetch from database is salted password. My friend used salt on the password part (which is the right thing to do).
The website is still on our hard drive.
1) Do we have to upload it online and only afterward to develop some
API function that calls to database, so my app can access validation
part of the website?
2) Maybe Yii2 already has a validation function
build-in somewhere that can be used by Android app? An example would
be super-helpful.
3) I saw a lot of examples about API functions,
but all of them look pretty complicated and not related to Java at
all.
Yii2 validation is actually online here: https://github.com/yiisoft/yii2-framework/blob/master/base/Security.php on validatePassword function.
Do you implement IdentityInterface on your user model?
if yes, than you can use this in your yii2 rest api.
public function actionLoginUser(){
$data = Yii::$app->request->post();
$username = $data['username'];
$password = $data['password'];
$user = User::findByUsername($username);
if($user->validatePassword($password)){
//your next response
}
}
Where validatePassword method is like this:
public function validatePassword($password)
{
return Yii::$app->security->validatePassword($password, $this->password_hash);
}
Sorry for bad english
Related
Brief information: I am working on a quiz application for Android. The database is on Firebase and the users login via anonymously. When the user opened the application, it will be automatically signed-in.
My question is about firebase. I could not build the intelligence for firebase requests.
When the application is opened;
1) signInAnonymously (which firebase function) should be called first.
2) Then i check that the signed user has a saved point or not on firebase database.
3) If the user does not have point, it is generated.
4) Then i send a request to get the point of user.
In all steps, i send a request to firebase via async firebase methods. The sequence is important because the output of any step can be an input for the next step.
I handle this via callback. But i do not know that it is the best way.
screenshots of callbacks for these steps
Can you give me advice for these? If i do not use callbacks, problems are occured because of asynchronous firebase methods. The reason of that i open this issue is undetermined problems. I can learn and build any other algorithm to make it better. Thank you.
It looks like you are using nested callbacks and I am not a Java programmer, but you may want to take it easy on yourself and not go that route.
If my signing in anonymously you mean a One-Time-Password authentication flow such as just providing a phone number, that would definitely be a good approach.
You can use Google Cloud Functions, but the functions would have to be written in Nodejs, Python or Go.
Either way take a look at this flow below:
User requests OTP
Acknowledge the request
Generate code, save the code on backend (GCF)
Text user the code
User sends you the correct code
Compare codes on the server
Send user some kind of token or as you say a "point" to identify them.
I do believe Java does have support for JSON Web Tokens.
So after your setup GCF project, you are going to get some folder and files like so:
.firebaserc: a hidden file that helps you quickly switch between projects with firebase use.
firebase.json: describes properties for your project.
functions/: this folder contains all the code for your functions.
functions/package.json: an NPM package file describing your Cloud Functions.
functions/index.js: the main source for your Cloud Functions code.
functions/node_modules/: the folder where all your NPM dependencies are installed.
You want to import the needed modules and initialize the app:
const admin = require("firebase-admin");
const functions = require("firebase-functions");
const serviceAccount = require("./service_account.json");
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
databaseURL: "https://my-project.firebaseio.com"
});
That service_account.json is something you need to create, its not a library.
It will have a bunch of private and public keys that you get from your Firebase console. Ensure you also place that file inside your .gitignore files as well.
So I am skipping some crucial details here that you will have to figure out so as to get to your main question.
First, you need the idea of a user, so you need to create a user inside GCF so that in itself is going to be a function and as you mentioned Firebase is asynchronous so it would look something like this:
const admin = require("firebase-admin");
module.exports = function(req, res) {
// Verify the user provided a phone
if (!req.body.phone) {
return res.status(422).send({ error: "Bad Input" });
}
// Format the phone number to remove dashes and parens
const phone = String(req.body.phone).replace(/[^\d]/g, "");
// Create a new user account using that phone number
admin
.auth()
.createUser({ uid: phone })
.then(user => res.send(user))
.catch(err => res.status(422).send({ error: err }));
// Respond to user request saying account was made
};
So the code above I grabbed from a previous project of mine, except the whole thing was in JavaScript. For you this part will be in JavaScript or Nodejs specifically as well since again, Nodejs, Go or Python are the only languages supported by GCF.
So the comments are self-explanatory but I feel compelled to explain that the first thing I had to resolve is how to pass in information to this function in a request.
To do that I had to reference the req.body object as you see above. req.body contains all the different data that was passed to this function when the user called it. I was not sure if you knew that. So before you go and copy paste what I have above, do a res.send(req.body);. So nothing else inside that module.exports = function(req, res) {} except res.send(req.body);, so you can get a good sense of how this all works.
For every function you create you need to run a firebase deploy name-of-project.
After you feel you have a handle on this and its all working successfully, you can create your Android Studio project and add the database dependency like so:
compile 'com.google.firebase:firebase-database:10.2.1'
And then you will probably want to create your User model, maybe like this:
public class User {
public String phone;
public User() {
// Default constructor required for calls to DataSnapshot.getValue(User.class)
}
public User(String phone) {
this.phone = phone;
}
}
And so on, anyway I hope that kind of gives you a good enough idea that it gets you going. Best of luck. I know I failed to take time out to explain that the regex in my code is to sanitize the phone number and probably some other stuff. So again, don't just copy paste what I offered, study it.
I have a Spreadsheet with some Apps Script functions bound to it.
I also have an Android client using Google Sheets API v4 to interact with that spreadsheet.
Is there a way for the Android client to call/run some function in the Apps Script code?
The reason I need to code to be run on the Apps Script side, and not simply on the Android client, is because I'm sending some email when something happens to the doc, and I would like the email to be sent from the owner account of the spreadsheet, and not from the Android user authenticated via the API.
I know I can trigger functions implicitly like by adding rows to a doc, but is there a way to directly run a specific function?
Yes. You can make GET and POST requests to Google apps-scripts. from anywhere that can make REST type calls including clients. If you need authentication there is also the apps-script client libraries. I wrote a short script for emailing from a request from one apps-script to another here. But, it would work if you called the emailing script from your client also.
Deploy your Google Apps Script as Web Apps > reference, by this way you can run function Get(e) or Post(e) and invoke other functions inside one of them with conditions....
You might have gotten the answer to your question. Just in case you have not, below are some points that may help with your development:
1) Create the server side script (i.e., Google Apps Script) function like usual:
function myFunction(inputVar) {
// do something
return returnVar;
}
2) Create a doGet(e) or doPost(e) function like below - can be in the same .gs file with the function in 1) :
function doGet(e) {
var returnVar = "";
if (e.parameter.par1 != null) {
var inputVar = e.parameter.par1;
returnVar = myFunction(inputVar);
}
return HtmlService.createHtmlOutput(returnVar);
}
3) Publish and deploy your project as webapp. Note the deployed URL.
4) From your Android client do HTTP call with the URL as: your_webapp_url?par1="input value"
I need to develop an API for web as well as mobile with NodeJS as backend. Since, both have common endpoints --> I was wondering how to handle error cases like for e.g. --> if there is an error and user is on web I can do res.redirect and the user will be redirected whereas if the request was from mobile then I will have to set an 'action' variable which will guide the mobile app to take the next action for e.g. ask the user to login again.
app.get('/users/musicList', function(req, res){
// check with db.
// lets say there is some error --> the API token is not valid so user needs to
// login
if (req was from web) {
res.redirect('/signin');
} else {
var result = {action : 'SIGNIN'};
res.status(200).json(result);
}
});
Is this the correct way to go ? It makes code look a bit messy. Any suggestions.
An Easy way to do this is to have two different endpoints for mobile and web. (Wait I have two more solution).But this would result in code duplication.
web: domain/route
mobile: domain/api/route
Another way is to have only api/route which uses only json. And to handle the error and routing in front end. This works if you are using front-end frameworks like angular and using AJAX requests.
Third one is to check for the client need and acting as in your question. Check this link for how to determine what client needs.
NodeJS : Validating request type (checking for JSON or HTML)
I started with Objectify and Google endpoint.
I successfully went through adding module, generating endpoints i have client libraries, I can get, list, insert, remove, update results on android. But I got stuck on filtering. I read on objectify wiki that there is something like that possible:
List<Car> cars = ofy().load().type(Car.class).filter("year >", 1999).list();
But problem is I cant get Objectify on android side. How can i achieve this. Can I even get it on android side?
I aslo read RESTful URL design for search i tried it and it worked but I would like to use objectify.
Also am not sure if I understand endpoints very well. Are they the only way to communicate with other side?
Probably I do understand endpoints better now. I created mehod on backend side eg
#ApiMethod(name = "search")
public List<Car> search(//some params){
return ofy().load().type(Car.class).filter("year >", 1999).list();
}
this works perfectly on client side I just call myApi.search();
Hey i'm working on a web application in combination with an android app. Now i want in my mobile app that the user have to log in with the same user data like on the web application. So i want to send a username and a password to the controller and in the login action of this controller the user should be verified and the additional user id should be send back to the application (the id is used for several operations in the app). I looked for the Auth Component of CakePHP but i don't find any solution for my problem. I hope you can help me.
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('index','view');
$this->set('logged_in', $this->Auth->loggedIn());
$this->set('current_user',$this->Auth->user());
if($this->name == 'Specific') {
// for the specific controller
$this->Auth->authenticate = array('Basic');
} else {
// everything else
}
}
checkout KVZ's rest plugin it may be of interest https://github.com/kvz/cakephp-rest-plugin
Not sure about what you need to do on the cakephp side of things, but if you want to have a set of account credentials stored securely and persistently on an Android device, I suggest you take a look at the AbstractAccountAuthenticator class.
The AuthComponent has a login() method you can use to manually login users. Depending on the Cake version you're using this method also checks the credentials you supply (actually Auth is completely restructured in 2.0 in a way that's much more useful for situations like yours, it's worth taking a look!).
You can send in the login credentials from your android app any way you please (XML, POST parameters), extract them in your login action and send them to the AuthComponent (or, in 2.0, write a custom authenticator object to handle it all).