How to properly use user registration in ServiceStack -

-

i new servicestack , having problems understanding user registration stuff. our goal to:

  1. allow user create new account
  2. verify if user name and/or email in use
  3. automatically log user in after registering
  4. return jwt token response

i using registerservice located here of our user registration logic.

the problem seems after user registers other user can register same user name and/or email , updates previous users data. have noticed when restart api line:

registrationvalidator?.validateandthrow(request, registernewuser ? applyto.post : applyto.put);

will throw error if user name or email exists. however, explained once new user registers, user right after them can use exact same info , updates user before it. not desired result.

why validation seem work if restart api, not while running?

as step through code have noticed this.getsession() seems return new session set null when api first started, once user logs in or registers getsessions() returns recent user session.

i apologize in advance if come off know nothing, said new servicestack , have pretty spent past couple of days @ work trying figure out. have scoured many forums including servicstacks customer forums , here. advice appreciated!

the problem seems after user registers other user can register same user name and/or email , updates previous users data.

only current user can update user registration info after they're registered. can return being unauthenticated user out calling /auth/logout clear session or if using service client:

client.post(new authenticate { provider = "logout" });

why validation seem work if restart api, not while running?

because user authenticated , you're using default in memory cache client sessions saved to , restarting app domain clears user sessions authenticated unauthenticated.

there's few different options achieve desired outcome:

register authenticate user

  1. use register service create new account. registration service throw if username or email in use.

  2. on successful registration, call authenticate service (/auth/credentials) authenticate user using new credentials. if jwt authprovider registered , it's called using https or jwt auth provider configured requiresecureconnection=false return jwt token , refresh token.

if authenticate usetokencookie=true authenticated usersession converted jwt token , returned in ss-tok cookie.

register user autologin convert session token

auto login register service, calling register service autologin=true authenticate user after registering them in same request, registerresponse dto register service returns doesn't contain jwt token, instead can call /session-to-token convert current authenticated user session jwt token returned in ss-tok cookie sent subsequent requests make authenticated requests.

register user autologin latest version

i've added support returning jwt token , refresh token in autologin register requests in this commit can register user with:

var response = client.post(new register {     //...     autologin = true });

and you'll able access jwt tokens in:

response.bearertoken   //jwt token response.refreshtoken  //jwt refreshtoken

this change available v4.5.15 that's available on myget.


Comments

Post a Comment

Popular posts from this blog

ios - MKAnnotationView layer is not of expected type: MKLayer -

-
Image
so code works fine logger riddled message. there way rid of or suppress it? postannotation.swift class postannotation: mkpointannotation { //mark: properties let post: post //mark: initialization init(post: post) { self.post = post super.init() self.coordinate = cllocationcoordinate2d(latitude: post.latitude, longitude: post.longitude) self.title = post.title self.subtitle = post.timestring() } } adding annotation let annotation = postannotation(post: post) self.map.addannotation(annotation) func mapview func mapview(_ mapview: mkmapview, viewfor annotation: mkannotation) -> mkannotationview? { if annotation mkuserlocation { return nil } var annotationview = mapview.dequeuereusableannotationview(withidentifier: "pin") as? mkpinannotationview if annotationview == nil { annotationview = mkpinannotationview(annotation: annotation, reuseidentifier: "pin")
Read more

ZeroMQ on Windows, with Qt Creator -

-
i have installed zmq link given below on windows 7. http://zeromq.org/distro:microsoft-windows 1) have c++ project in qt-creator , i'm using zmq c++ binding (zhelpers.hpp etc). 2) have added .lib installed zmq folder qtcreator 3) while compiling, compiler looks _imp__zmq_verion, in .dll files present in .lib have __imp_zmq_version. 4) causing undefined reference zmq_version. anyone else faced problem , has solution ?
Read more

unity3d - Unity SceneManager.LoadScene quits application -

-
i have 2 different scenes 1 named 'main' , other 'game' both added scenes in load. when use scenemanager.loadscene("game"); works no problem when tried return main scene code if (input.getkeydown (keycode.escape)) { scenemanager.loadscene("main"); } strangely game quits. thanks. sorry interruption. somewhere on other script found code. if (input.getkeydown (keycode.escape)) { application.quit (); } that's bad, know...
Read more