stormpath / stormpath-sdk-angularjs Goto Github PK
View Code? Open in Web Editor NEWUser Management for AngularJS (1.x) applications
Home Page: http://docs.stormpath.com/angularjs/sdk/
License: Apache License 2.0
User Management for AngularJS (1.x) applications
Home Page: http://docs.stormpath.com/angularjs/sdk/
License: Apache License 2.0
Are there any plans branches to support new router https://angular.github.io/router/?
Implement the new JSON error format according to the spec.
We have this blanket interceptor that always sets the withCredentials
option to true:
https://github.com/stormpath/stormpath-sdk-angularjs/blob/master/src/module.js#L198
This creates a problem if the Angular application needs to talk to another API on another domain, and that API does not require credentials (and as such, does not add the Access-Control-Allow-Credentials
header to OPTIONS responses).
The intention of this interceptor is to ensure that we send our authentication cookies to the backend server that is running our SDK on the sever. But we need a better solution that doesn't set this option all the time, only when needed.
Is there any way to run supertests test in authenticated endpoints like this one?
'use strict';
var should = require('should');
var app = require('../../app');
var request = require('supertest');
describe('GET /api/things', function() {
it('should respond with JSON array', function(done) {
request(app)
.get('/api/things')
.expect(200)
.expect('Content-Type', /json/)
.end(function(err, res) {
if (err) return done(err);
res.body.should.be.instanceof(Array);
done();
});
});
});
In order to comply with the framework spec, we need to change the logout request from making a GET to a POST request.
This endpoint should respond to POST requests only. Responding to GET requests is problematic because the browser's Omnibar can make arbitrary GET requests to this endpoint, and Robert can troll you with superlogout-dot-com.
Part of #105.
STORMPATH_CONFIG.FORM_CONTENT_TYPE='application/json'
is ignored - our server is still getting form urlencoded, this was not broken a couple of revisions ago, so it's been introduced recently.
Hey @robertjd ,
I am looking at the SDK and wonder if $scope
is really necessary anymore. Why not write this.whatever = function(somethingCool){};
inside a controller, or better yet in a factory and calling it in the controller? Would you consider that? I was thinking about this after refactoring some of my code and thought it would be something worth mentioning for the Stormpath SDK. If it is a completely outrageous idea, my apologies.
Not all clients have a cookie store, for example the Iconic framework. At the moment this library assumes that authentication is being handled by cookies.
This library should support the ability to pass the access token in the Authorization header, but the details about where the token is stored should be abstracted behind a generic interface. If using mobile, the filesystem api should be used (or some other secure storage api where the data is scoped to the application) for storing the access token and refresh token. For example, I Ionic promotes the use of the SecureStorage plugin for Apache Cordova
We would also need to implement some client-side code that can exchange a refresh token for a new access token, if the access token expires.
Essentially, we need a client-side Oauth2 implementation that depends on a generic interface for reading and writing tokens in a secure fashion.
If it's detected that a login request is going to be posted to a different domain (via ENDPOINT_PREFIX configuration), we should instead use the /oauth/token
endpoint, instead of the /login
endpoint, and manage the storage of the tokens as described above.
Figure out a better way to structure the CSS for the built-in templates. Right now CSS have to be defined with <style>
tags together with the forms and cannot be shared among other forms.
Also, the forms are styled using bootstrap, which isn't documented. I would recommend adding all of our own independent styling instead.
Would love to be have the angular sdk on NPM (to install via Browserify or other browser npm package manager). Thoughts?
The request that sp-logout makes should be sent with an accept: json
header. When sent as accept: text/html
an unnecessary redirect is made to /
.
In the example project, if an authenticated user goes to /register, the registration view is shown. The user should be redirected to to the post-login-state in that case.
We will use the default endpoint of /login
to accept data for social login. It will accept a providerData
field, which is an object that contains a providerId
field and a accessToken
or accessCode
field.
We will also need to provide an endpoint which exposes the clientId
for the provider's JavaSscript library.
This requires cooperation with our framework integrations. That work is currently being defined (for express) in this issue:
stormpath/express-stormpath#112
At the moment this library has a social workaround, which overloads the /oauth/token
endpoint that is supported by the Stormpath Express SDK. We will be removing that workaround as part of this task.
Hello,
I followed the instructions to run the dashboard-app example, but unfortunately, I get the following error in the console when viewing the Register page:
TypeError: undefined is not a function
at Object.definition.$get (<anonymous>:324:30)
at Object.invoke (angular.js:4203)
at angular.js:4021
at getService (angular.js:4162)
at Object.invoke (angular.js:4194)
at extend.instance (angular.js:8493)
at angular.js:7739
at forEach (angular.js:331)
at nodeLinkFn (angular.js:7738)
at angular.js:7998angular.js:11655 (anonymous function)
The page loads, but it is clearly broken and will not register a user.
Any ideas or help to get this app running would be appreciated!
Regards, Rob
if-user hides content when the user is not logged in using the display property. Since the content is included, the controllers associated with it are initialized and data requests during initialization receive 401 responses because the content is for authenticated users.
e.g. if the nav bar displays a notifications count to logged in users and the count is retrieved in a dedicated controller
To avoid these unnecessary requests, if-user should behave like ng-if and not include the content at all when the user is not logged in
At the moment we only support UI Router for a routing mechanism, we want to support ngRoute as well
This isn't a big deal, but you should probably denote that somewhere. Since you are using:
.directive('ifUser',['$user','$rootScope',function($user,$rootScope){
return {
link: function(scope,element){
$rootScope.$watch('user',function(user){
if(user && user.href){
element.show();
}else{
element.hide();
}
});
}
};
}])
Specifically the element.show()
is a JQuery function. If you don't have JQuery present you'll have a bad time.
On logout, the view changes independently of the session ending. One way to see this in action is to put a breakpoint in AuthService.prototype.endSession
on the call to $rootScope.$broadcast(STORMPATH_CONFIG.SESSION_END_EVENT)
. Then login, go to a view other than what's set for defaultPostLoginState
and then logout.
I assume that the view changes to loginState
on logout but since the session is still active, it instead forwards to defaultPostLoginState
. Eventually the session ends (move on from the breakpoint) and the login page is displayed. This behavior causes a flash of the defaultPostLoginState on logout.
A side-effect of this flash is that the user can get logged back in during logout. In my case, the main
state controller makes server requests and these revive the access/refresh tokens. Probably the requests start before the tokens have been cleared and complete after the logout request. This causes the user to be silently logged back in even though he is taken to the login page. This may be fixed by stormpath/express-stormpath#127
For requests that are made by this library, add the X-Stormpath-Agent
header, where the value is stormpath-sdk-angularjs/<version>
. Do not add this header if the request is going to a domain that is different from the current document, because we do not want to cause a cross-domain security exception for the application that is using this library.
Implement the registration view model according to the spec.
It would be nice if we could customize the logout URIs.
I have an angular app with the run and config defined:
app.config(function($stateProvider, $urlRouterProvider){
$stateProvider
.state('main', {
url: "/",
templateUrl: "templates/main.html",
controller: 'MainCtrl'
})
.state('register', {
url: "/register",
templateUrl: "templates/register.html",
})
.state('login', {
url: "/login",
templateUrl: "templates/login.html",
})
.state('profile', {
url: '/profile',
controller: 'ProfileCtrl',
templateUrl: 'templates/profile.html',
sp: {
authenticate: true
}
});
$urlRouterProvider.otherwise("/");
});
app.run(function($stormpath){
$stormpath.uiRouter({
loginState: 'login',
defaultPostLoginState: 'main'
});
});
The ProfileCtrl is empty:
app.controller('ProfileCtrl', function($scope){
});
Then I navigate to the profile view after login using
<li if-user ng-class="{active: isActive('/profile')}">
<a ng-href="/profile">Profile</a>
</li>
This redirects me to http://localhost:3000/profile#/
but the profile template does not show up (instead my 'main' template stays showed). I am using node.js for the server side. Why is the profile view not rendering? I can provide the server code if necessary. All I really have there is the app.use(stormpath.init({})
.
The label for the username field specifies for=spEmail but the input field's id is spUsername
Implement the login view model according to the spec.
I'd like to know how to change the message of the reset passwork mail, or maybe just translate it to another idiom?
While building your Angular application with this module, you may encounter this error:
Error: [$rootScope:infdig] 10 $digest() iterations reached. Aborting!
Watchers fired in the last 5 iterations: []
This happens when your default view (main
if you are following our Angular Guide) is using the waitForUser
option. The cause is this upstream bug: angular-ui/ui-router#600
Workaround:
Instead of this:
$urlRouterProvider
.otherwise('/');
Use this:
$urlRouterProvider.otherwise( function($injector, $location) {
var $state = $injector.get("$state");
$state.go("main"); //redirect to a 404 page
});
If you are using our Angular Guide to create a project from scratch, that code will go into client/app.js
Right now it's posting a JSON object, but it should be posting a for application/x-www-form-urlencoded
- this is required to be compatible with our Java SDK
With the introduction of Social Login, we've added the dependency of a /spa-config
end-point. This is consumed directly from the $socialLogin
service. Instead, we should move this into it's own service that can be used by other parts as well, e.g. a password policy service.
Yeah, so you have
module.exports = 'ui.router';
in dist/stormpath-sdk-angularjs.js
. Surely that should be
module.exports = 'stormpath';
I created a pull-request for this as a temporary fix: #15
The use-case i had was that the API is on a different URL, so i needed a way to change the base-url for all endpoints.
Hello,
I am using this module on front end and "express-stormpath": "^2.0.14", in backend. I want to apply group filter on state.
sp: {
authorize: {
group: 'admins'
}
}
but it's give me an angular error. "TypeError: Cannot read property 'filter' of undefined.".
Please help me.
Thanks in advance :)
Using the latest version via bower, login results in XHR errors. But when using the files from the example app, everything works nicely.
Need to investigate this further as I haven't verified this behaviour myself yet.
When logged in with a user not in any group.
Using ifUserInGroup
like this:
<li if-user-in-group="'admins'">...</li>
I get this in the console:
TypeError: this.groups.filter is not a function
at User.inGroup (stormpath-sdk-angularjs.js:2002)
at User.groupTest (stormpath-sdk-angularjs.js:2022)
at evalElement (stormpath-sdk-angularjs.js:611)
...
My bower.json
:
{
"name": "app",
"dependencies": {
"angular": "~1.4.5",
"angular-ui-router": "ui-router#~0.2.15",
"bootstrap": "~3.3.5",
"font-awesome": "~4.4.0",
"stormpath-sdk-angularjs": "~0.7.0"
}
}
Hello @robertjd
Sign Out,
I am using sp-logout for logout. Let say i am on user dashboard page then i click logout. But it remain on same page but all auth navbar hide and login register option display.
Please help me.
Thanks in advance :)
Hey team,
When can we expect implementation for social login?
Jagdeep
This might be a problem. Today, when using our express-angular sample application, the Google log-in dialog was blatantly asking me for "Offline Access", and not outlining the scopes it wanted.
However, as with most google login issues, I only saw it two or three times (revoking the app access in-between each attempt). I can no longer reproduce.
Has anyone else seen this issue?
This makes me concerned that GoogleUser.grantOfflineAccess() is the wrong API to be using, because we definitely do not want offline access as our default scope request. By default we should only ask for email.
I'm using the registration form directive with the default template. The documentation says if the verification workflow is disabled and I set auto-login to true it should log them in after registration. I'm positive the workflow is disabled and it is still displaying the notice about checking their email for the verification link.
Here's my directive:
Here's the message I get after a successful registration:
Your account has been created. Please check your email for a verification link.
The documentation says it should make a call to $auth.authenticate but I don't see any such event happening. Is this broken or am I doing something wrong?
I think that the tutorial needs to be updated to the newest version of Angular-Fullstack. There are options in version 3 that are not in version 2. For example, you now have to choose between Mongo or SQL for a database, when before you could just not select anything. Also, now you have to select the testing suite that you will use, which wasn't there before. So, I think this probably should be updated. Thoughts?
Separate each directives and service into their own files if possible. Maybe create some folders too, e.g. directives/
and services/
.
I have the API on a different URL than the angular application. Cookies don't work very well with different host names between the FE and the API. Would be nice if i had the option of sending the token in an auth-header instead of a cookie.
the readme should state "npm install --dev", or the packages.json should include the packages in "dependencies".
Also, "npm install --dev" didn't install the dependencies correctly, I had to install them one by one.
If the sp-login-form is submitted without a username/password, the displayed error message is
'Missing username or password in post body'
'in post body' should be dropped.
Hi,
Is there a way to prevent users to go the the login page or signup page when already logged in?
Maybe this is my node/angular/js noobie showing, but I have altered the STORMPATH_CONFIG, since i run two separate apps ('frontend' (angularjs) and 'backend' (node json api))
(Warning: CoffeeScript)
angular.module('app.controllers', [
'stormpath'
])
.config( (STORMPATH_CONFIG) ->
STORMPATH_CONFIG.AUTHENTICATION_ENDPOINT = 'http://localhost:9000/oauth/token'
STORMPATH_CONFIG.CURRENT_USER_URI = 'http://localhost:9000/api/users/current'
)
...
When I do this, the two set-cookie's from /oauth/token are not sent back to /api/users/current. Not certain if there is something else I need to adjust on my node backend script or not. Hoping someone might know what is going on. I will post code, as requested.
Following the guide here:
http://docs.stormpath.com/angularjs/guide/configure_angular.html
After performing the step: Add Stormpath to the Angular Application,
the client tests (grunt test:client) fail with the error:
PhantomJS 1.9.8 (Mac OS X 0.0.0) Controller: MainCtrl should attach a list of things to the scope FAILED
Error: [$injector:modulerr] Failed to instantiate module dashboardApp due to:
Error: [$injector:modulerr] Failed to instantiate module stormpath.templates due to:
Error: [$injector:nomod] Module 'stormpath.templates' is not available! You either misspelled the module name or forgot to load it. If registering a module ensure that you specify the dependencies as the second argument.
http://errors.angularjs.org/1.4.0/$injector/nomod?p0=stormpath.templates
I tried explicitly adding
'client/bower_components/stormpath-sdk-angularjs/dist/stormpath-sdk-angularjs.js',
'client/bower_components/stormpath-sdk-angularjs/dist/stormpath-sdk-angularjs.tpls.js',
to files in karma.conf.js but then I get the error:
PhantomJS 1.9.8 (Mac OS X 0.0.0) Controller: MainCtrl should attach a list of things to the scope FAILED
TypeError: 'undefined' is not a function (evaluating 'encoder.encode.bind(encoder)')
at FormEncoderService (/Users/aaron/Development/test-1/client/bower_components/stormpath-sdk-angularjs/dist/stormpath-sdk-angularjs.js:1095)
at formEncoderServiceFactory (/Users/aaron/Development/test-1/client/bower_components/stormpath-sdk-angularjs/dist/stormpath-sdk-angularjs.js:1196)
Social Login is supported by the API itself, but not the SDK. The only change I required in this SDK to support Facebook login was to send down a different grant_type to the server (using the stormpath express SDK which then needed to handle the new grant_type).
I'm slightly unsure if the node sdk needs to be modified to support this, but this issue can be tracked here
The service boilerplate is there, but we need to finish it and use express-stormpath to handle the OAuth callback.
After building per README, stormpath-sdk-angular.js is 404 Not found.
stormpath-sdk-express is installed by npm within node_modules.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.