Jump to content

Shared Login Plugin


Cody

Recommended Posts

  • 2 weeks later...

Ok, just did some testing and yes, for anyone that is using this plugin I highly recommend that you use https when redirecting to the shared login page; you risk other beings able to login as anyone they like as long as they get their hash.

 

Re-reading the docs for the plugin the examples do show them using https, which is good. I just think more attention should be bought towards it like with an attention icon or something.

Link to comment
Share on other sites

  • 2 weeks later...
  • 1 year later...

Hello, I'm new to this forum and I need your help.

I have install the plugin into blesta and also the plugin to my wordpress. I have put the correct Shared Login Blesta URL according these instruction:  also the shared key in both blesta and wordpress plugin. The time in both systems are the same but the link seems not working. It shows me a blank page. Can anyone explain me why this happend? I have to say that I don't use Https because I have not istalled an SSL yet. I will do that later. Is that the reason I receive a blank page? 

Also, I assume that shared login plugin, creates the user in blesta if the user does not exist, right?

Thank you!

Link to comment
Share on other sites

Hello, I'm new to this forum and I need your help.

I have install the plugin into blesta and also the plugin to my wordpress. I have put the correct Shared Login Blesta URL according these instruction:  also the shared key in both blesta and wordpress plugin. The time in both systems are the same but the link seems not working. It shows me a blank page. Can anyone explain me why this happend? I have to say that I don't use Https because I have not istalled an SSL yet. I will do that later. Is that the reason I receive a blank page? 

Also, I assume that shared login plugin, creates the user in blesta if the user does not exist, right?

Thank you!

 

You would need to ask the wordpress developer sorry.

Link to comment
Share on other sites

You would need to ask the wordpress developer sorry.

Than you for your fast response!

I have install the wordpress by myself. There is not a wordpress developer for my website. I just trying to do it by myself. 

So, you think that there is a problem in the wordpress code?That mean from blesta side everything is allright?

Also, the shared login plugin, creates the user in blesta if the user does not exist?

Thank you!

Link to comment
Share on other sites

Than you for your fast response!

I have install the wordpress by myself. There is not a wordpress developer for my website. I just trying to do it by myself. 

So, you think that there is a problem in the wordpress code?That mean from blesta side everything is allright?

Also, the shared login plugin, creates the user in blesta if the user does not exist?

Thank you!

Ok! I fix it! I really don't know how, because I made a lot of changes, but it works now!Thank you!

Link to comment
Share on other sites

Another question, if I delete a user from my wordpress, do I have to go to blesta also to delete the user, or it can be deleted automatically?

I have create two virtual clients in blesta, only for practice but I cannot delete them. Is any way to delete them?The have a invoice, that's why the system does not allow me to delete them. How can I delete the invoices?

Thank you!

Link to comment
Share on other sites

Blesta doesn't provide an option to delete invoices (unless it's a Draft), or clients that have invoices/services/etc. as you've noticed. If you're only intending to test Blesta, that would be best done in an alternate Blesta installation dedicated to testing rather than mixing test/live data in a single installation. Laws in many countries prohibit the deletion of important data like invoices. If you really want to delete invoices anyway, you could manually do it via the database, or write a plugin for Blesta that will delete them.

 

Also, the Shared Login plugin will not create a client in Blesta if one does not exist. It will only log them in. Deleting a user in Wordpress will not automatically delete an associated user in Blesta. Additional functionality would be required to accomplish this behavior.

Link to comment
Share on other sites

  • 1 year later...

Hi, this is a question/feature request.  If the Shared Login plugin fails to validate the token, the page remains blank at 

/plugin/shared_login/?t=1501259438&u=john%40customer.com&r=https%3A%2F%2Fexample.com%2Fclient%2Fplugin%2Fmyplugin%2Fclient_main%2F&h=4d49c89098eba2f70adccf4f1b8bffe4616263b09c06abd4470c24b820ddd656

I intentionally broke the token to see the behavior.  Instead of staying at a blank page, it would be good if the plugin could just redirect to the given the redirect-url parameter.

I made it work by updating plugins/shared_login/controllers/main.php 

in index() method before "return false;" I added the redirect;

====

       if ($hash == $this->Companies->systemHash($time . $username . $uri, $key->value, 'sha256')
            && $time >= strtotime('-30 min')) {
            return $this->processSharedLogin($username, $uri);
        }

        $this->redirect($uri);

       return false;
====

 

Alternatively maybe there could be an admin setting that defines what URL should be redirected to if there is an error.

Link to comment
Share on other sites

Does that occur for an expired token?

Typically, failures to validate a legitimate token are assumed to be due to malicious intent on behalf of the requestor (e.g. brute force attack) and no accommodations are made in that case. If legitimate requests can receive a blank page, then yes, we'd like to redirect/cause an error.

Link to comment
Share on other sites

  • 4 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...