CakePHP 3: validating user from mobile application - android

I'm working on a project which has Web Application and Mobile client. I'm using CakePHP 3.2 for developing web application. There is a table users to store user credentials and register login logout function.
I'm using DefaultPasswordHasher of CakePHP 3.
Now, I want the user to be able to register and login using Android/iOS application using the same users table and login using the hashed password generated by CakePHP or hash password while registration so that CakePHP web client can be used to login.
I'm a learner and new to CakePHP and Android.
How could I do it ?
The main problem is with the hashing of password field because CakePHP uses different technique to hash password every time.
Edit 2
login action of UsersController in CakePHP project is configured to authenticate user and return to some other action. But I want to retrieve user's data after validating.

if you want to retrieve user's data, dont use return $this->redirect().
just use something like this :
$user = $this->Auth->identify();
if($user){ return $user; }

Using same user table you can register login and logout in your web application and android application .
please check this link login. its help you to solve your issue.
thanks.

Related

Firebase Auth using phone number and password

I am developing Android app using Firebase. Because of that, I want to use Firebase Auth. I have following requirements:
Register/Log in using Facebook
Register/Log in using Email/Password
Register/Log in using Phone Number/Password
The first two are OK, I followed basic tutorials. However, Phone Number / Password is the problem here. Firebase supports only Phone Number/SMS Token for this (its called Phone Auth), but there is no mention about my case. I do not want to hack Firebase and use its realtime database instead of Auth 'database'. Is there any better way to achieve this?
Thank you.
If you have both email and phone of your user and you can use Admin SDK, then perhaps you could exchange users phone number to his email and login with email and password in the background.
Something like this (node.js)
admin.auth().getUserByPhoneNumber(phoneNumber)
.then(user => {
firebase.auth().signInWithEmailAndPassword(user.email, password);
});
Firebase phone authentication is using OTP(one time password). This way there is no hassle for the user to remember the password. Once authenticated, you will be registered. The sms code acts as a password. But that is for one time. Usually , users prefer such behaviour in which you dont have to remember the passwords. If you are still looking for the way you want, see this link and create a custom authentication method.
https://firebase.google.com/docs/auth/android/custom-auth
I had a similar problem -
I combined firebase auth(email + password) with (phone+otp) to get phone+password auth -
https://medium.com/#shivampesitbng/firebase-phone-password-auth-in-vue-b94f15b8fb3d
Use Fake Email:
Well, Firebase doesn't support sign in with mobile number and password but it supports email and password. So you can create a fake email with your mobile number.
Ie: 78******69#yourdomain.com
Also, you can create a complete Authentication system using it.
Registration:
Input user mobile and password and proceed to the next page.
Now use Firebase Phone Auth (OTP) to createUser. If process success, link fake email, password credentials in background.
AuthCredential credential = EmailAuthProvider.getCredential(email, password);
auth.getCurrentUser().linkWithCredential(credential);
Login:
Input mobile and password to login. Convert the mobile in fake email and then signInWithEmailAndPassword().
Forget Password:
Redirect the user to a new Page and user Phone Auth to verify the user. If successful, input a new password and change the password of the Email Auth.

Android Quickblox Chat - Get users facebook friends?

I want to use QuickBlox chat module in my app. When the user logs in to the chat module, i want to display their FB friends from which they can select whom to chat with. I read the docs but could not find this. Can someone please help me here?
Thanks!
There are two ways of users authentication: standard login and password and Facebook/Twitter authentication. Depending on this you need to use appropriate password for XMPP connection: either the same password or session token.
Please check out `this .'
In other words since you are using social provider for authentication your password will be equal to QB session token. For example:
QBUUser *user = [QBUUser user];
user.ID = 298;
user.password = [BaseService sharedService].token;
[[QBChat instance] loginWithUser:user];

.htaccess authentication in android

I'm creating an android app that interacts with a MySql database through a PHP page.
So I need to do an authentication on the page and I used the .htaccess apache auth (you can see the login form here http://www.imaginsystems.it/uni/)
The problem is that I couldn't find anywhere the code to automate this login. Does someone have this code??
Thanks
So you're wanting to send the username & password with the request from your App to your PHP script?
I believe you can use this format for sending that kind of login information with the URL:
http://username:password#www.imaginsystems.it/uni/

Android Facebook app integration with GAE

I'm thinking about how to solve the next problem:
An Android App which I want to connect to facebook, and to a Server backend(Srv).
Server backend(Srv) which I want to connect to facebook.
The server will run a task that will Get all the Friends of the user(on fb), and the user Statuses(on Fb), and store them on it.
Base assumptions:
I use android as a Mobile device
Server is GAE
Entity key in GAE is the user’s FB-id
User Entity contains:
User fb_id
User verified list(FB_ID String)=> friends of the user that have the app) // maybe use HT?
User statuses list(Status text, date, url)=> whatever I can get from a Status of a user in facebook..
Main questions:
Is the Data representation thought out? can it be better?
How do I handle a situation where two users which are connected to one another add the app at the same time- how can I avoid overlapping?
Should the device Authenticate itself, also with the GAE server?
How to Authenticate GAE with FB
Algorithm:
Android side:
User login and get access token from FB
Posting to my server(Srv) FB Token & myUserFBId // Should I use REST protocol or HTTP
POST?
Server side:
A Servlet handles the POST
{
Query FB ->for the user's friends ids(into friendList = arrayList<FBItem))
foreach FBItem item in friendList
{
//check which FB-ids are in my DB
friendEntity = getKey(item.fb_id)
if(friendEntity != null)
{
// friend exists
verifiedFriendsList.add(item.fb_id) //verifiedFriendsList is ArrayList<String>
friendEntity.getVerifiedFriendList().add(myUserFBId)
}
}
Query FB ->for the user's statuses(into statuses = arrayList<StatusItem))
add new FBEntity(myUserFBId, verifiedFriendsList, statuses) to DB }
Thanks
I have not done anything like this but I think you will need to
Ask user to authenticate your application to use FB- Read about OAuth Api of Facebook
Once your app is authenticated with sufficient permissions you can get users data as per your requirements .
Once you get the data you can process it.
Oauth on FB is what you are searching for..
I'll give you my 4 cents:
The questions that should lead you in developing the DS are: (A) On the
server side, How does the data persist? to a File? to a Database? (B) How much of that data is required to perform the calculations you want done, and how do plan to access it (for example, for an O(n) run, I wouldn't use a HashTable) (C) How does the persist / de-persist work? with an ORM? custom queries?
About concurrency, you'll have to explain what's bugging you. People sign in to SO simultaneously all the time.
3/4. Not an android developer, can't help.

Authenticate User via Facebook Connect Android

Currently on our website we enable users to login/register with their Facebook credentials using graph api. We are creating a mobile app and we want to support login with Facebook as well. I know about the Facebook Android SDK and how to retrieve the access token, my question is:
Once I have the facebook access token, how can I authenticate the user with our backend system.
One idea is to pass the access_token to my backend server and query for the user's facebook id (I don't want to pass the facebook id because someone can just spoof the request). Now using the facebook id I can then associate it with our user id and log the user in.
Would this method work, or there's another solution
The approach I described above works for well. Here's the summary:
Facebook connect through the iPhone app
Retrieve the fb access token on the phone
Send the fb access token to your Rails server
The controller that you are using will check for the fb param and query the user information
Sample of how the controller might look like
if params[:fb_access_token]
#graph = Koala::Facebook::GraphAPI.new(params[:fb_access_token])
#me = #graph.get_object("me")
if profile = Profile.find_by_facebook_uid(#me["id"])
user = profile.user
render :text => user.access_token
else
render :text => "unregistered", :status => 401 and return
end
else

Categories

Resources