Skip to Content Skip to Menu

CB login authentication token

  • activha
  • activha
  • OFFLINE
  • Posts: 2279
  • Thanks: 113
  • Karma: 13
1 year 1 month ago #333465 by activha
Replied by activha on topic CB login authentication token
I have a last question on this autoaction. The decrypt is made by 

No triggers
User : code
Code :
Code:
global $_CB_framework; $decryptedValue = (int) (new \Joomla\CMS\Encrypt\Aes($_CB_framework->getCfg('secret') . ':a2xdt7zx'))->decryptString('[get_token]'); if ($decryptedValue === null || $decryptedValue === 0) {     return 1444; } else {     return $decryptedValue; }
Conditions : active subscriptions for plans A & B
Action : PHP include (JPATH_ROOT.'/myfolder/file.php');
Output : return
Reference : var1

This works fine to display file.php and get the user data on an external website.

But when displaying the same file.php on our own website, it seems that the correct user is not retrieved.

To cope with this, I'd like to pass the user_id got by the autoaction in my code. However, if I access [var1_id] this is the id of the user visiting the page, not the user of the autoaction.

How can I get the user retrieved by the autoaction  and pass it to my code ? 
II remember that you have a way to send the autoaction data now but cannot retrieve the doc

Thanks for this final answer on this subject I hope ;-)

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 68605
  • Thanks: 9108
  • Karma: 1434
1 year 1 month ago #333471 by krileon
Replied by krileon on topic CB login authentication token
So if there's no [get_token] you want to return the current viewing user? Check if there's a token then return the viewing user using the below API.

CBuser API
Code:
return CBuser::getMyUserDataInstance()->getInt( 'id', 0 );

MyUser API
Code:
return \CBLib\Application\Application::MyUser()->getUserId();

Either of these will work. CBuser API call has the benefit of giving the full user object to work with if you need access to more than just their user id in your custom user code.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • activha
  • activha
  • OFFLINE
  • Posts: 2279
  • Thanks: 113
  • Karma: 13
1 year 1 month ago #333474 by activha
Replied by activha on topic CB login authentication token
No I don't want the current viewing user but the user from whom the code was triggered in order to display its data.

It seems to work fine outside on other domains where the iframe is displayed , but when it's displayed on our own, it seems that the token is not correctly decrypted and this is either the viewing user or the main super admin user which is used

That's why I was searching a solution to keep the initial user id associated with the token

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 68605
  • Thanks: 9108
  • Karma: 1434
1 year 1 month ago #333477 by krileon
Replied by krileon on topic CB login authentication token
It shouldn't matter what domain you're on. Make sure &token is set correctly when testing on your own domain. The token is the user id. It decodes to it. Sorry, there's nothing more I can suggest. This is far outside our support scope.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • activha
  • activha
  • OFFLINE
  • Posts: 2279
  • Thanks: 113
  • Karma: 13
1 year 1 month ago #333520 by activha
Replied by activha on topic CB login authentication token
Well the token is very well decrypted on all external domains but not on ours.

Anyway, is there an ability to restrict the autoaction to our own domain ? I cannot remember what value is needed for this ?

This would allow me to have a code for external domains with a token and another one with user ids on our domain.

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 68605
  • Thanks: 9108
  • Karma: 1434
1 year 1 month ago #333521 by krileon
Replied by krileon on topic CB login authentication token
External access should be entirely handled by your origin policy for your site. CB Auto Actions cannot do that for you. The only hacky workaround would be checking the referrer, but that's easily spoofed so do not do that.

Maybe try a different encryption method instead of using Joomla's API. I didn't create that API so I've no idea if it has some sort of same origin check.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum

Facebook Twitter LinkedIn