gutterboy Posted September 29, 2014 Report Posted September 29, 2014 Regarding this plugin........ is there anyway to control if cookies are set or not when they are logged in? Quote
gutterboy Posted October 8, 2014 Report Posted October 8, 2014 Also, I assume when redirecting the user to Blesta to be logged in with this it's recommend to use https seeing as we are passing the hash in the URL? Quote
gutterboy Posted October 8, 2014 Report Posted October 8, 2014 Ok, just did some testing and yes, for anyone that is using this plugin I highly recommend that you use https when redirecting to the shared login page; you risk other beings able to login as anyone they like as long as they get their hash. Re-reading the docs for the plugin the examples do show them using https, which is good. I just think more attention should be bought towards it like with an attention icon or something. Quote
Cody Posted October 8, 2014 Author Report Posted October 8, 2014 Yes, definitely always use https whenever at all possible. gutterboy 1 Quote
Brashquido Posted October 18, 2014 Report Posted October 18, 2014 Anyone aware of a Blesta shared login module for Drupal. Quote
Michael Posted October 18, 2014 Report Posted October 18, 2014 Anyone aware of a Blesta shared login module for Drupal. Nope but someone has asked for a developer to do one for themselves: http://www.blesta.com/forums/index.php?/topic/2607-100-bounty-for-blesta-drupal-integration/ Quote
smarg Posted November 25, 2015 Report Posted November 25, 2015 Hello, I'm new to this forum and I need your help. I have install the plugin into blesta and also the plugin to my wordpress. I have put the correct Shared Login Blesta URL according these instruction: also the shared key in both blesta and wordpress plugin. The time in both systems are the same but the link seems not working. It shows me a blank page. Can anyone explain me why this happend? I have to say that I don't use Https because I have not istalled an SSL yet. I will do that later. Is that the reason I receive a blank page? Also, I assume that shared login plugin, creates the user in blesta if the user does not exist, right? Thank you! Quote
Michael Posted November 25, 2015 Report Posted November 25, 2015 Hello, I'm new to this forum and I need your help. I have install the plugin into blesta and also the plugin to my wordpress. I have put the correct Shared Login Blesta URL according these instruction: also the shared key in both blesta and wordpress plugin. The time in both systems are the same but the link seems not working. It shows me a blank page. Can anyone explain me why this happend? I have to say that I don't use Https because I have not istalled an SSL yet. I will do that later. Is that the reason I receive a blank page? Also, I assume that shared login plugin, creates the user in blesta if the user does not exist, right? Thank you! You would need to ask the wordpress developer sorry. Quote
smarg Posted November 25, 2015 Report Posted November 25, 2015 You would need to ask the wordpress developer sorry. Than you for your fast response! I have install the wordpress by myself. There is not a wordpress developer for my website. I just trying to do it by myself. So, you think that there is a problem in the wordpress code?That mean from blesta side everything is allright? Also, the shared login plugin, creates the user in blesta if the user does not exist? Thank you! Quote
smarg Posted November 25, 2015 Report Posted November 25, 2015 Than you for your fast response! I have install the wordpress by myself. There is not a wordpress developer for my website. I just trying to do it by myself. So, you think that there is a problem in the wordpress code?That mean from blesta side everything is allright? Also, the shared login plugin, creates the user in blesta if the user does not exist? Thank you! Ok! I fix it! I really don't know how, because I made a lot of changes, but it works now!Thank you! Quote
smarg Posted November 25, 2015 Report Posted November 25, 2015 Another question, if I delete a user from my wordpress, do I have to go to blesta also to delete the user, or it can be deleted automatically? I have create two virtual clients in blesta, only for practice but I cannot delete them. Is any way to delete them?The have a invoice, that's why the system does not allow me to delete them. How can I delete the invoices? Thank you! jobplease 1 Quote
Tyson Posted November 25, 2015 Report Posted November 25, 2015 Blesta doesn't provide an option to delete invoices (unless it's a Draft), or clients that have invoices/services/etc. as you've noticed. If you're only intending to test Blesta, that would be best done in an alternate Blesta installation dedicated to testing rather than mixing test/live data in a single installation. Laws in many countries prohibit the deletion of important data like invoices. If you really want to delete invoices anyway, you could manually do it via the database, or write a plugin for Blesta that will delete them. Also, the Shared Login plugin will not create a client in Blesta if one does not exist. It will only log them in. Deleting a user in Wordpress will not automatically delete an associated user in Blesta. Additional functionality would be required to accomplish this behavior. Michael 1 Quote
Amit Posted July 28, 2017 Report Posted July 28, 2017 Hi, this is a question/feature request. If the Shared Login plugin fails to validate the token, the page remains blank at /plugin/shared_login/?t=1501259438&u=john%40customer.com&r=https%3A%2F%2Fexample.com%2Fclient%2Fplugin%2Fmyplugin%2Fclient_main%2F&h=4d49c89098eba2f70adccf4f1b8bffe4616263b09c06abd4470c24b820ddd656 I intentionally broke the token to see the behavior. Instead of staying at a blank page, it would be good if the plugin could just redirect to the given the redirect-url parameter. I made it work by updating plugins/shared_login/controllers/main.php in index() method before "return false;" I added the redirect; ==== if ($hash == $this->Companies->systemHash($time . $username . $uri, $key->value, 'sha256') && $time >= strtotime('-30 min')) { return $this->processSharedLogin($username, $uri); } $this->redirect($uri); return false; ==== Alternatively maybe there could be an admin setting that defines what URL should be redirected to if there is an error. activa and mrrsm 1 1 Quote
Tyson Posted August 4, 2017 Report Posted August 4, 2017 Does that occur for an expired token? Typically, failures to validate a legitimate token are assumed to be due to malicious intent on behalf of the requestor (e.g. brute force attack) and no accommodations are made in that case. If legitimate requests can receive a blank page, then yes, we'd like to redirect/cause an error. Quote
John Posted December 23, 2017 Report Posted December 23, 2017 Hi Cody, Is there any chance this plugin can be expanded to authenticate staff users as well? Quote
activa Posted December 24, 2017 Report Posted December 24, 2017 15 hours ago, John said: Hi Cody, Is there any chance this plugin can be expanded to authenticate staff users as well? Cody no longer exist in blesta!!! Quote
Tyson Posted December 26, 2017 Report Posted December 26, 2017 It could be updated to authenticate staff, but only those with two-factor authentication disabled. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.