colinskow / ng-superlogin Goto Github PK

In the request of refresh or logoutOthers for example there is no "ETag" but WWW-Authenticate:Bearer realm="Users"
validateUsername works.

Also, if i activate require_valid_user in couchdb, i get the www-authentication-popup within my ionic-app on the device.

I have implemented both Google and Facebook oAuth following the superlogin-demo app but after I get a successful auth, the popup does not close. Any ideas what I'm missing here?

Hi, SuperLogin allows authentication with only email and password (so, without a username), however ng-superlogin apparently requires username and password to be set in the credentials, because the login's first line is:

if(!credentials.username || !credentials.password) {

Do you have any plan short-term to allow only email+password accounts?

Thanks for your answer!

Hi,

I am using superlogin and ng-superlogin and it's really great.

However I have a trouble to internationalize my app, in order to present the error messages to the user. They seem to be hard-coded in English in ng-superlogin (and in superlogin on the server side), so what is your recommendation to make an internationalized presentation of them?

Many thanks!

On the following https://github.com/colinskow/ng-superlogin/blob/master/src/ng-superlogin.js#L63
it looks like 'sl:login' will trigger if there is a session in localStorage, without knowing if the session is valid or not.

checkExpired(); might be trigger few lines later (if configured) which may or may not trigger a 'sl:logout'.

It seems a bit risky and may create some weird behavior UI wise depending of the implementation.

Also, nothing guaranty at that time that the session is still valid on the server side.
Calling an special endpoint (see colinskow/superlogin#53) could help.

Hi,

I am planning to try out Superlogin for my React based application. However, the client library is only available in Angular flavor. I was wondering if you would be interested in providing a pure JS version.

Thanks and regards,
Sukant

In the server side the superlogin.removeUser() worked OK. However, I want offer to users the option to delete their account directly from the App. This is why I need this implemented in NG-Superlogin

Looking on both repositories (SuperLogin and NG-Superlogin) I couldn't found a source code that make a reference to this API, any thoughts?

Thanks!

is there a version or a way to implement it on angular 2 apps?

Hello,

When I try to logout the server answers :

I have a session in the localStorage.
{"issued":1449071790342,"expires":1449762990342,"provider":"local","ip":"::ffff:127.0.0.1","token":"_","password":"_","user_id":"**_","roles":["roles","admin"],"userDBs":{"appglobal":"https://__:__@__.cloudant.com/GLOBALNAME","__":"https://_**********:*****_@_.cloudant.com/DBNAME"},"serverTimeDiff":-1673}

Did I missed something ?

            logOut : function(){
                console.log("superlogin logOut");
                var deferred = $q.defer();
       superlogin.logout("Bye !")
                        .then(function(res){
                            console.log("logout",res);
                        })
                        .catch(function(e){
                            console.error(e);
                        });

app-1 POST /auth/login 200 4185.147 ms - 659
app-1 OPTIONS /auth/logout 200 0.836 ms - 4
app-1 { error: 'unauthorized', status: 401 }

Currently I allow a user to setup another account level db that is shared with several users. After I call my route and the code executes in superlogin on the server I need to get the updated list of user db's. Currently the only way to get the updated list is to logout and log back in. Are there any other calls to force the session info to update?

I noticed that the superloginInterceptor was firing every time I changed state using ui-router.

Does this have to be used with every http request? Is there a way to restrict it to fire only when superlogin calls are made?

Hi @colinskow , I've very interested by your library to integrate it in my ionic app however I'm a bit lost on how to do it.. I'd like to use Linkedin authentication and Firebase but with this library I can't really reproduce what you've done in https://github.com/colinskow/superlogin-demo
A bit more help would be great , thanks

Hi there,

Thanks for working on this repository - It really is a huge timesaver.

I'm not sure if there's a bug or if I'm doing this incorrectly, but when I call superlogin.logout() I get a 401 error that says "unauthorized".

Before the function call, I can successfully get a logged-in response from superlogin.getSession(). After the function call, if I call superlogin.getSession() again, I get "null" - so the user is actually getting logged out.

As well, if I call superlogin.logoutAll(), everything works fine without any errors.

Any thoughts?

Thanks for your help!

Info: Running nodeJS express superlogin server backend with Cloudant for CouchDB, and Angular Cordova app on the front-end.

OK ... This one could drive your users nuts!

validateUsername()/validateEmail() as used within superlogin-demo will always return false when your superlogin Server is down or the client computer is offline. This will mean they will keep trying new usernames but never find one that is not used :( . Nice one for April 1st ;)

Ahh but you say ... How would they ever get to display the web site if the server is down? Pretty rare yeah? Well in my case, I'm coding an Ionic/Angular mobile app client so the client code is already on the device - not loaded from the superlogin server so now it would then be quite a common occurrence - especially for mobile devices that are frequently dropping offline.

Solution? ... Well Angular Messages does not really provide a clean solution for this. Personally I'd prefer if their $asyncValidators could return a message key - not just true/false - then (sensibly) a single server call could deliver multiple validation message types which is what we need in this case. Maybe ... one ... day

Hack? Here's the solution I came up with for superlogin-demo:

I added this check into validateUsername() and validateEmail()

    // login server or internet offline?
    if(err.status === 404 || err.status === -1) {
        ctrl.$setValidity('offline', false);
        return $q.when(true);
    }

... and add the offline messages in the signup form ...

 <div ng-message="checkUsername">Username is already in use.</div>
 <div ng-message="offline">Cannot check Username. Try again later.</div>
...
 <div ng-message="checkEmail">Email is already in use.</div>
 <div ng-message="offline">Cannot check Email. Try again later.</div>

Final versions of ... validateUsername() and validateEmail()

       validateUsername: function(username) {
          return $http.get(superloginSession.getConfig().baseUrl + 'validate-username/' + encodeURIComponent(username))
            .then(function() {
              return $q.when(true);
            }, function(err) {
              // login server or internet offline?
              if(err.status === 404 || err.status === -1) {
                ctrl.$setValidity('offline', false);
                return $q.when(true);
              }
              if(err.status === 409) {
                return $q.reject(false);
              }
              return $q.reject(err.data);
            });
        },
        validateEmail: function(email) {
          return $http.get(superloginSession.getConfig().baseUrl + 'validate-email/' + encodeURIComponent(email))
            .then(function () {
              return $q.when(true);
            }, function (err) {
              // login server or internet offline?
              if(err.status === 404 || err.status === -1) {
                ctrl.$setValidity('offline', false);
                return $q.when(true);
              }
              if(err.status === 409) {
                return $q.reject(false);
              }
              return $q.reject(err.data);
            });
        }

Hi,

[ I have read the other issues relating similar cases, however this one is slightly different and I can't find a solution. ]

On any state change, the superloginInterceptor' service.request method is called, causing checkRefresh to be called as well, then $http.post(.../refresh). And if the session has expired on the server, a 401/Not authorized response is received.

Then, 2 different things can happen depending on the superlogin config:

a) if some endpoints are defined, the session is destroyed (due to service.responseError calling checkEndpoint, in turn calling superloginSession.deleteSession)

b) if no endpoints are defined, then the problem is avoided, however another one raises in other parts of the application: for instance the logout calls fail because the request is not prepared with the proper authorization (because the Bearer header has not been set in service.request).

Setting noDefaultEndpoint does not help, because in any case, the actual superlogin server endpoint is relevant (rather than the one serving the Angular html pages)

I would like to avoid to have the user logged out when he navigates on pages that do not require authentication, so how can I do this? I suggest that the ideal would be that superloginInterceptor 'request' should not call checkRefresh at any time, but only when hitting the configured endpoints.

Hi I am new to angularjs and needed your help in setting up ng-superlogin. I installed as mentioned in Readme file.

Is there a step-by-step guide or blog which i can follow to set it up for my app. Please let me know. Thanks.

I searched on internet and could not find step-by-step guide for angularJS or Ionic. Please help.

Trying to test using a remote hosted superlogin endpoint and localhost hosted app, getting the standard CORS issues.

Not sure if you built cors into superlogin or not, so not sure if this is normal. I fixed it in the server by adding the CORS headers.

I am trying to catch the 'sl:login' event broadcasted by the superlogin $get method (the one fired right after _session = JSON.parse(...) ).

I would like to call $rootScope.$on in order to listen to this event from within my own service. But since this service is dependent from superlogin, its provider will be called necessarily after the superlogin one, so I believe there is no way to catch the 'sl:login' event. Am I right?

The way I worked this around is to call superlogin.authenticate() from my service factory, and everything is working fine: this way I can get the credentials stored from a previous application usage, if any.

But then, maybe the mentioned $broadcast call is of no use for no-one (I am not an Angular factory/provider exper, so I may be wrong). Hope this helps anyway.