Skip to content
  • 0 Votes
    1 Posts
    362 Views
    K
    Hi all, still continuing on my OAuth2 plugin implementation, I've a problem I can't actually solve and need you valuable advises. I've this fragment in my plugin OAuth.getStrategy = function (strategies, callback) { winston.verbose('[maxonID] --> OAuth.getStrategy'); if (configOk) { passportOAuth = require('passport-oauth2'); passportOAuth.Strategy.prototype.userProfile = function (accessToken, done) { if (!accessToken) { done(new Error('Missing token, cannot call the userinfo endpoint without it.')); } this._oauth2.useAuthorizationHeaderforGET(true); this._oauth2.get(constants.userRoute, accessToken, function (err, body, res) { if (err) { console.error(err); return done(new Error('Failed to get user info. Exception was previously logged.')); } if (res.statusCode < 200 || res.statusCode > 299) { return done(new Error('Unexpected response from userInfo. [' + res.statusCode + '] [' + body + ']')); } OAuth.validateEntitlement(accessToken, constants.allowedEntitlement, function (err, accessAllowed) { if (err) { return done(err); } if (!accessAllowed) { // Need to find a way to gracefully notify the user and point back to login page return done(new Error('Forum access is not granted. Please contact your representative.')); } try { var json = JSON.parse(body); OAuth.parseUserReturn(json, function (err, profile) { ... and I'd like to return the user to the forum login page and notify him about the issue, something like when the password is wrong. Is there a smart way to make it happen from such a plugin without rising an error? Thanks a lot for your valuable insights, R.
  • 1 Votes
    13 Posts
    2k Views
    Varun Ganesh DV
    @julia mhmmmm ... Optional thing required to enable email confirmation is required to login.. I think it may help to prevent fake email users. Genuine email with verification only the option to access the forum then automatically they Register and verify the email. Now they just typing random words followed by @gmail.com and automatically it logged in without verifying email.. If they put random email also it should not redirect to logged in state from Registration page. Whether they again put that email, password it should not log in, and it should give an error email confirmation is required to login please click the verification link sent to your email.. something like that..