gutterboy Posted September 29, 2014 Report Share Posted September 29, 2014 Regarding this plugin........ is there anyway to control if cookies are set or not when they are logged in? Quote Link to comment Share on other sites More sharing options...
gutterboy Posted October 8, 2014 Report Share Posted October 8, 2014 Also, I assume when redirecting the user to Blesta to be logged in with this it's recommend to use https seeing as we are passing the hash in the URL? Quote Link to comment Share on other sites More sharing options...
gutterboy Posted October 8, 2014 Report Share Posted October 8, 2014 Ok, just did some testing and yes, for anyone that is using this plugin I highly recommend that you use https when redirecting to the shared login page; you risk other beings able to login as anyone they like as long as they get their hash. Re-reading the docs for the plugin the examples do show them using https, which is good. I just think more attention should be bought towards it like with an attention icon or something. Quote Link to comment Share on other sites More sharing options...
Cody Posted October 8, 2014 Author Report Share Posted October 8, 2014 Yes, definitely always use https whenever at all possible. gutterboy 1 Quote Link to comment Share on other sites More sharing options...
Brashquido Posted October 18, 2014 Report Share Posted October 18, 2014 Anyone aware of a Blesta shared login module for Drupal. Quote Link to comment Share on other sites More sharing options...
Michael Posted October 18, 2014 Report Share Posted October 18, 2014 Anyone aware of a Blesta shared login module for Drupal. Nope but someone has asked for a developer to do one for themselves: http://www.blesta.com/forums/index.php?/topic/2607-100-bounty-for-blesta-drupal-integration/ Quote Link to comment Share on other sites More sharing options...
smarg Posted November 25, 2015 Report Share Posted November 25, 2015 Hello, I'm new to this forum and I need your help. I have install the plugin into blesta and also the plugin to my wordpress. I have put the correct Shared Login Blesta URL according these instruction: also the shared key in both blesta and wordpress plugin. The time in both systems are the same but the link seems not working. It shows me a blank page. Can anyone explain me why this happend? I have to say that I don't use Https because I have not istalled an SSL yet. I will do that later. Is that the reason I receive a blank page? Also, I assume that shared login plugin, creates the user in blesta if the user does not exist, right? Thank you! Quote Link to comment Share on other sites More sharing options...
Michael Posted November 25, 2015 Report Share Posted November 25, 2015 Hello, I'm new to this forum and I need your help. I have install the plugin into blesta and also the plugin to my wordpress. I have put the correct Shared Login Blesta URL according these instruction: also the shared key in both blesta and wordpress plugin. The time in both systems are the same but the link seems not working. It shows me a blank page. Can anyone explain me why this happend? I have to say that I don't use Https because I have not istalled an SSL yet. I will do that later. Is that the reason I receive a blank page? Also, I assume that shared login plugin, creates the user in blesta if the user does not exist, right? Thank you! You would need to ask the wordpress developer sorry. Quote Link to comment Share on other sites More sharing options...
smarg Posted November 25, 2015 Report Share Posted November 25, 2015 You would need to ask the wordpress developer sorry. Than you for your fast response! I have install the wordpress by myself. There is not a wordpress developer for my website. I just trying to do it by myself. So, you think that there is a problem in the wordpress code?That mean from blesta side everything is allright? Also, the shared login plugin, creates the user in blesta if the user does not exist? Thank you! Quote Link to comment Share on other sites More sharing options...
smarg Posted November 25, 2015 Report Share Posted November 25, 2015 Than you for your fast response! I have install the wordpress by myself. There is not a wordpress developer for my website. I just trying to do it by myself. So, you think that there is a problem in the wordpress code?That mean from blesta side everything is allright? Also, the shared login plugin, creates the user in blesta if the user does not exist? Thank you! Ok! I fix it! I really don't know how, because I made a lot of changes, but it works now!Thank you! Quote Link to comment Share on other sites More sharing options...
smarg Posted November 25, 2015 Report Share Posted November 25, 2015 Another question, if I delete a user from my wordpress, do I have to go to blesta also to delete the user, or it can be deleted automatically? I have create two virtual clients in blesta, only for practice but I cannot delete them. Is any way to delete them?The have a invoice, that's why the system does not allow me to delete them. How can I delete the invoices? Thank you! jobplease 1 Quote Link to comment Share on other sites More sharing options...
Tyson Posted November 25, 2015 Report Share Posted November 25, 2015 Blesta doesn't provide an option to delete invoices (unless it's a Draft), or clients that have invoices/services/etc. as you've noticed. If you're only intending to test Blesta, that would be best done in an alternate Blesta installation dedicated to testing rather than mixing test/live data in a single installation. Laws in many countries prohibit the deletion of important data like invoices. If you really want to delete invoices anyway, you could manually do it via the database, or write a plugin for Blesta that will delete them. Also, the Shared Login plugin will not create a client in Blesta if one does not exist. It will only log them in. Deleting a user in Wordpress will not automatically delete an associated user in Blesta. Additional functionality would be required to accomplish this behavior. Michael 1 Quote Link to comment Share on other sites More sharing options...
Amit Posted July 28, 2017 Report Share Posted July 28, 2017 Hi, this is a question/feature request. If the Shared Login plugin fails to validate the token, the page remains blank at /plugin/shared_login/?t=1501259438&u=john%40customer.com&r=https%3A%2F%2Fexample.com%2Fclient%2Fplugin%2Fmyplugin%2Fclient_main%2F&h=4d49c89098eba2f70adccf4f1b8bffe4616263b09c06abd4470c24b820ddd656 I intentionally broke the token to see the behavior. Instead of staying at a blank page, it would be good if the plugin could just redirect to the given the redirect-url parameter. I made it work by updating plugins/shared_login/controllers/main.php in index() method before "return false;" I added the redirect; ==== if ($hash == $this->Companies->systemHash($time . $username . $uri, $key->value, 'sha256') && $time >= strtotime('-30 min')) { return $this->processSharedLogin($username, $uri); } $this->redirect($uri); return false; ==== Alternatively maybe there could be an admin setting that defines what URL should be redirected to if there is an error. activa and mrrsm 1 1 Quote Link to comment Share on other sites More sharing options...
Tyson Posted August 4, 2017 Report Share Posted August 4, 2017 Does that occur for an expired token? Typically, failures to validate a legitimate token are assumed to be due to malicious intent on behalf of the requestor (e.g. brute force attack) and no accommodations are made in that case. If legitimate requests can receive a blank page, then yes, we'd like to redirect/cause an error. Quote Link to comment Share on other sites More sharing options...
John Posted December 23, 2017 Report Share Posted December 23, 2017 Hi Cody, Is there any chance this plugin can be expanded to authenticate staff users as well? Quote Link to comment Share on other sites More sharing options...
activa Posted December 24, 2017 Report Share Posted December 24, 2017 15 hours ago, John said: Hi Cody, Is there any chance this plugin can be expanded to authenticate staff users as well? Cody no longer exist in blesta!!! Quote Link to comment Share on other sites More sharing options...
Tyson Posted December 26, 2017 Report Share Posted December 26, 2017 It could be updated to authenticate staff, but only those with two-factor authentication disabled. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.