The lib_UserManager enables your projects to include user management and authentication in your apps. This library will handle :
- user login with user/password using a salted password security
- user login using OpenID (Google, Azure & linkedin)
- remember me feature
When using user/password, the library will use the lib_usermanager_fullsync database to store userids and salted/hashed password
| symbol | Usage |
|---|---|
| lib_UserManager.adminPassword.secret | LDAP admin account password |
| lib_UserManager.adminUser | LDAP admin account user |
| lib_UserManager.ldapBasePath | LDAP Search Root Path |
| lib_UserManager.ldapDomainName | LDAP DOMAIN Name |
| lib_UserManager.ldapServer | LDAP server address:port |
| lib_UserManager.smtp.server | SMTP server address |
| lib_UserManager.smtp.port | SMTP server port |
| lib_UserManager.smtp.sauthtype | SMTP server authentication type |
| lib_UserManager.smtp.sender | SMTP sender mail address |
| lib_UserManager.smtp.user | SMTP server user account |
| lib_UserManager.smtp.password.secret | SMTP server password |
| lib_UserManager.tokenValidityDays | Remember me token validity in days (30 by default) |
For more technical informations : documentation
- Installation
- Sequences
- AddUser
- CheckSecureToken
- ConfirmAccount
- CreateAccount
- DeleteUser
- ForgotPassword
- ForgotPasswordWithBrand
- GenerateSecureToken
- GetUAllserAttributes
- GetUserAttribute
- GetUserByAttributeNameAndValue
- HashAndSalt
- ListUsers
- ModifyPassword
- RemoveDraftedAccounts
- SetUserAttribute
- SignIn
- SignInAD
- SignInADBulk
- SignInAdPostGroups
- SignOut
-
In your Convertigo Studio use
File->Import->Convertigo->Convertigo Projectand hit theNextbutton -
In the dialog
Project remote URLfield, paste the text below:Usage Click the copy button To contribute lib_UserManager=https://github.com/convertigo/c8oprj-lib-user-manager.git:branch=8.0.XTo simply use lib_UserManager=https://github.com/convertigo/c8oprj-lib-user-manager/archive/8.0.X.zip -
Click the
Finishbutton. This will automatically import the lib_UserManager project
Adds an user to the Internal Convertigo User database
variables
| name | comment |
|---|---|
| askForPasswordReset | The user id as a valid email address |
| emailBody | Email content |
| emailLogo | Email logo to be added |
| emailSubject | Email subject |
| password | The inital password. (User will be able to change it afterwards) |
| targetApplicationName | Email where to send the reset password link to |
| user | The user id as a valid email address |
The CheckSecureToken sequence verifies the validity of a JWT by checking its structure, expiration, and signature. It extracts the payload, validates the password hash, and manages associated JWT tokens for the user. Additionally, it refreshes the JWT token.
variables
| name | comment |
|---|---|
| token |
Confirms a user account if a passwordResetKey was provided, or sends an email to the user with a passwordResetKey and allow him to confirm account. It should be called by CreateAccount sequence.
variables
| name | comment |
|---|---|
| Email where to send the reset password link to | |
| emailLogo | Email logo to be added |
| emailSubject | Email subject |
| lang | The lang to be used in the email. It can be fr or en |
| passwordResetKey | Password reset key (Optional) |
| targetApplicationName | The Target application name to be used into the email template |
Creates a user account and sends validation email, to active this account
variables
| name | comment |
|---|---|
| emailLogo | Email logo to be added |
| emailSubject | Email subject |
| lang | The language to be used into the email. Can be fr or en. |
| password | The inital password. (User will be able to change it afterwards) |
| targetApplicationName | target Application Name |
| user | The user id as a valid email address |
Deletes an user from the internal Convertigo database
variables
| name | comment |
|---|---|
| user | The user ID as (The users email address) |
Has to be called with email fields not empty to send an email reset link to the user, or with a newPassword an passwordResetKey not empty to excplicitly reset a password
variables
| name | comment |
|---|---|
| Email where to send the reset password link to | |
| emailBody | Email content |
| emailLogo | Email logo to be added |
| emailSubject | Email subject |
| newPassword | New password to be set |
| passwordResetKey | Password reset key |
| targetApplicationName | Email where to send the reset password link to |
Has to be called with email fields not empty to send an email reset link to the user, or with a newPassword an passwordResetKey not empty to excplicitly reset a password
variables
| name | comment |
|---|---|
| Email where to send the reset password link to | |
| emailLogo | Email logo to be added |
| emailSubject | Email subject |
| lang | The lang to be used in the email. It can be fr or en |
| newPassword | New password to be set |
| passwordResetKey | Password reset key |
| targetApplicationName | The Target application name to be used into the email template |
The GenerateSecureToken sequence creates a JWT token with a specified expiration and includes a password hash in the payload. It encodes the token using HMAC SHA256 and appends it to the user's document, managing JWT tokens for secure user authentication.
variables
| name | comment |
|---|---|
| passwordHash | |
| tokenExpiration | |
| userName |
Gets a given attribute from an user account
variables
| name | comment |
|---|---|
| attribute | The attribute name |
| user | The user where we have to get the attribute from |
Gets a given attribute from an user account
variables
| name | comment |
|---|---|
| attribute | The attribute name |
| user | The user where we have to get the attribute from |
Gets an user by attribute name and value
variables
| name | comment |
|---|---|
| attrName | |
| attrValue |
Utility sequence to Hash and Salt passwords
variables
| name | comment |
|---|---|
| hash | |
| password | |
| salt |
Lists users from the internal Convertigo User database
Modify a password for a given user
variables
| name | comment |
|---|---|
| password | New password to be set |
| user | User email to set the new password on |
Remove any drafts accounts not confirmed by email. Has to be scheduled.
variables
| name | comment |
|---|---|
| doDelete | Perform effectively deletions operations if true |
| hours | Any account aged more than this number of hours, will be deleted. |
Sets a given attribute on an user account if the account doesn't exists, an account will be created with a fake radom password
variables
| name | comment |
|---|---|
| attribute | The attribute name |
| user | The user where we have to set the attribute on |
| value | The attribute value |
Performs a user sign in for a given user with its id (email) and password
variables
| name | comment |
|---|---|
| password | The user's password |
| rememberMe | Stay logged in for an extended period, even after closing the browser |
| user | The userID (user's email) |
Sign in using an ActiveDirectory account. Will also return the list of groups the user belongs to
variables
| name | comment |
|---|---|
| adminPassword | The Active Directory admin account password. If not provided or invalid, the group membership information will not be provided. |
| adminUser | A valid ActiveDirectory Admin Account with read privileges used to search for the user attributes. If this is not provided, the group membership information will not be returned. |
| domainNameUser | |
| ldapBasePath | The active directory user user to sign in. May be a valid domain account ex: 'DOMAIN\user' or the user's email ex: 'user@domain.com' or just the users full name ex: 'John doe' |
| ldapServer | The Active Directory server ldap url as ldap(s)://server:port. Mandatory. |
| password | The users password |
| user | The active directory user user to sign in. May be a valid domain account ex: 'DOMAIN\user' or the user's email ex: 'user@domain.com' or just the users full name ex: 'John doe' |
Sign in using an ActiveDirectory account. Will also return the list of groups the user belongs to
variables
| name | comment |
|---|---|
| adminPassword | The Active Directory admin account password. If not provided or invalid, the group membership information will not be provided. |
| adminUser | A valid ActiveDirectory Admin Account with read privileges used to search for the user attributes. If this is not provided, the group membership information will not be returned. |
| domainNameUser | |
| ldapBasePath | The active directory user user to sign in. May be a valid domain account ex: 'DOMAIN\user' or the user's email ex: 'user@domain.com' or just the users full name ex: 'John doe' |
| ldapServer | The Active Directory server ldap url as ldap(s)://server:port. Mandatory. |
| password | The users password |
| user | The active directory user user to sign in. May be a valid domain account ex: 'DOMAIN\user' or the user's email ex: 'user@domain.com' or just the users full name ex: 'John doe' |
The SignOut sequence logs out the authenticated user by removing their associated JWT token from the user's document and clearing the authenticated user session.
variables
| name | comment |
|---|---|
| token |