The lib_UserManager enables your projects to include user management and authentication in your apps. This library will handle :
- user login with user/password using a salted password security
- user login using OpenID (Google, Azure & linkedin)
When using user/password, the library will use the lib_usermanager_fullsync database to store userids and salted/hashed password
| symbol | Usage |
|---|---|
| lib_UserManager.adminPassword.secret | LDAP admin account password |
| lib_UserManager.adminUser | LDAP admin account user |
| lib_UserManager.ldapBasePath | LDAP Search Root Path |
| lib_UserManager.ldapDomainName | LDAP DOMAIN Name |
| lib_UserManager.ldapServer | LDAP server address:port |
| lib_UserManager.smtp.server | SMTP server address |
| lib_UserManager.smtp.port | SMTP server port |
| lib_UserManager.smtp.sauthtype | SMTP server authentication type |
| lib_UserManager.smtp.sender | SMTP sender mail address |
| lib_UserManager.smtp.user | SMTP server user account |
| lib_UserManager.smtp.password.secret | SMTP server password |
References
CouchDb_schema
see documentation
lib_FullSyncGrp
see readme
lib_OAuth
see readme
Connectors
Transactions
GetView
Variables
name comment _use_ddoc
Sequences
AddUser : Adds an user to the Internal Convertigo User database
Adds an user to the Internal Convertigo User database
Variables
name comment The user id as a valid email address Email content Email logo to be added Email subject The inital password. (User will be able to change it afterwards) Email where to send the reset password link to The user id as a valid email address CheckSecureToken : The `CheckSecureToken` sequence verifies the validity of a JWT by checking its structure, expiration, and signature
The
CheckSecureTokensequence verifies the validity of a JWT by checking its structure, expiration, and signature. It extracts the payload, validates the password hash, and manages associated JWT tokens for the user. Additionally, it refreshes the JWT token.Variables
name comment ConfirmAccount : Confirms a user account if a passwordResetKey was provided, or sends an email to the user with a passwordResetKey and allow him to confirm account
Confirms a user account if a passwordResetKey was provided, or sends an email to the user with a passwordResetKey and allow him to confirm account. It should be called by CreateAccount sequence.
Variables
name comment Email where to send the reset password link to Email logo to be added Email subject The lang to be used in the email. It can be fr or en Password reset key (Optional) The Target application name to be used into the email template CreateAccount : Creates a user account and sends validation email, to active this account
Creates a user account and sends validation email, to active this account
Variables
name comment Email logo to be added Email subject The language to be used into the email. Can be fr or en. The inital password. (User will be able to change it afterwards) target Application Name The user id as a valid email address DeleteUser : Deletes an user from the internal Convertigo database
Deletes an user from the internal Convertigo database
Variables
name comment The user ID as (The users email address) ForgotPassword : Has to be called with email fields not empty to send an email reset link to the user, or with a newPassword an passwordResetKey not empty to excplicitly reset a password
Has to be called with email fields not empty to send an email reset link to the user, or with a newPassword an passwordResetKey not empty to excplicitly reset a password
Variables
name comment Email where to send the reset password link to Email content Email logo to be added Email subject New password to be set Password reset key Email where to send the reset password link to ForgotPasswordWithBrand : Has to be called with email fields not empty to send an email reset link to the user, or with a newPassword an passwordResetKey not empty to excplicitly reset a password
Has to be called with email fields not empty to send an email reset link to the user, or with a newPassword an passwordResetKey not empty to excplicitly reset a password
Variables
name comment Email where to send the reset password link to Email logo to be added Email subject The lang to be used in the email. It can be fr or en New password to be set Password reset key The Target application name to be used into the email template GenerateSecureToken : The `GenerateSecureToken` sequence creates a JWT token with a specified expiration and includes a password hash in the payload
The
GenerateSecureTokensequence creates a JWT token with a specified expiration and includes a password hash in the payload. It encodes the token using HMAC SHA256 and appends it to the user's document, managing JWT tokens for secure user authentication.Variables
name comment GetUAllserAttributes : Gets a given attribute from an user account
Gets a given attribute from an user account
Variables
name comment The attribute name The user where we have to get the attribute from GetUserAttribute : Gets a given attribute from an user account
Gets a given attribute from an user account
Variables
name comment The attribute name The user where we have to get the attribute from GetUserByAttributeNameAndValue : Gets an user by attribute name and value
Gets an user by attribute name and value
Variables
name comment HashAndSalt : Utility sequence to Hash and Salt passwords
Utility sequence to Hash and Salt passwords
Variables
name comment ListUsers : Lists users from the internal Convertigo User database
Lists users from the internal Convertigo User database
ModifyPassword : Modify a password for a given user
Modify a password for a given user
Variables
name comment New password to be set User email to set the new password on RemoveDraftedAccounts : Remove any drafts accounts not confirmed by email
Remove any drafts accounts not confirmed by email. Has to be scheduled.
Variables
name comment Perform effectively deletions operations if true Any account aged more than this number of hours, will be deleted. SetUserAttribute : Sets a given attribute on an user account if the account doesn't exists, an account will be created with a fake radom password
Sets a given attribute on an user account if the account doesn't exists, an account will be created with a fake radom password
Variables
name comment The attribute name The user where we have to set the attribute on The attribute value SignIn : Performs a user sign in for a given user with its id (email) and password
Performs a user sign in for a given user with its id (email) and password
Variables
name comment The user's password Stay logged in for an extended period, even after closing the browser The userID (user's email) SignInAD : Sign in using an ActiveDirectory account
Sign in using an ActiveDirectory account. Will also return the list of groups the user belongs to
Variables
name comment The Active Directory admin account password. If not provided or invalid, the group membership information will not be provided. A valid ActiveDirectory Admin Account with read privileges used to search for the user attributes. If this is not provided, the group membership information will not be returned. The active directory user user to sign in. May be a valid domain account ex: 'DOMAIN\user' or the user's email ex: 'user@domain.com' or just the users full name ex: 'John doe' The Active Directory server ldap url as ldap(s)://server:port. Mandatory. The users password The active directory user user to sign in. May be a valid domain account ex: 'DOMAIN\user' or the user's email ex: 'user@domain.com' or just the users full name ex: 'John doe' SignInADBulk : Sign in using an ActiveDirectory account
Sign in using an ActiveDirectory account. Will also return the list of groups the user belongs to
Variables
name comment The Active Directory admin account password. If not provided or invalid, the group membership information will not be provided. A valid ActiveDirectory Admin Account with read privileges used to search for the user attributes. If this is not provided, the group membership information will not be returned. The active directory user user to sign in. May be a valid domain account ex: 'DOMAIN\user' or the user's email ex: 'user@domain.com' or just the users full name ex: 'John doe' The Active Directory server ldap url as ldap(s)://server:port. Mandatory. The users password The active directory user user to sign in. May be a valid domain account ex: 'DOMAIN\user' or the user's email ex: 'user@domain.com' or just the users full name ex: 'John doe' SignOut : The `SignOut` sequence logs out the authenticated user by removing their associated JWT token from the user's document and clearing the authenticated user session
The
SignOutsequence logs out the authenticated user by removing their associated JWT token from the user's document and clearing the authenticated user session.Variables
name comment
