How to secure all views to require login

4 posts, 0 answers
  1. Jean-Marc
    Jean-Marc avatar
    17 posts
    Member since:
    May 2016

    Posted 03 Mar Link to this post

    I have created an app using the Views functionality, including the authentication view.

    Prior to being logged in I can access some of my custom views and functionality without having to log in.

    I have tried to achieve this using this code:

    provider.Users.currentUser().then(function(res) {
            console.log("Logged in " + JSON.stringify(res));
            if (res.result == null || res.result == undefined) {
                app.notify.error("Please log in to continue");
                return app.mobileApp.navigate('components/authenticationView/view.html');
            }
        });

     

    But for some reason I can still access the view one time without logging in.

    How can I properly secure all views so that the user is redirected to the login view?

  2. Martin
    Admin
    Martin avatar
    102 posts

    Posted 08 Mar Link to this post

    Hi Jean-Marc,

    The approach you have used is correct - in the view "beforeShow" event you may check if there is a logged-in user and if not, redirect to the authentication view. In the code sample provided the return statement stops the execution of the:
    app.mobileApp.navigate('components/authenticationView/view.html');

    Please remove the "return"  and test again if it works for you.

    Additionally to further secure that the app data cannot be accessed by an unauthorized user, you may set access permissions on your backend data. If you are using Telerik backend data, here is how to do it.

    Let me know if this has worked for you.

    Regards,
    Martin
    Telerik by Progress
     

    Visit the Telerik Verified Plugins Marketplace and get the custom Cordova plugin you need, already tweaked to work seamlessly with AppBuilder.

     
  3. Jean-Marc
    Jean-Marc avatar
    17 posts
    Member since:
    May 2016

    Posted 08 Mar in reply to Martin Link to this post

    Hi Martin,

    Thanks I was able to execute the check using beforeShow.

    However the rest of the code for this view is still being executed (e.g. call to remote service).

    First I had that code triggered on deviceready and have tried moving it to onShow, but it still gets executed even if the user gets redirected to the login view...

    How can I achieve something like the following pseudocode using the right events or another approach?

    if(user is logged in)
    execute code;
    else
    redirect to login view;
  4. Anton Dobrev
    Admin
    Anton Dobrev avatar
    604 posts

    Posted 13 Mar Link to this post

    @Jean-Marc

    You can try to encapsulate the logic to depend strictly on the outcome of the currentUser check. Because this is async code you need to wait till its result is obtained and do not call any other code in parallel.

    provider.Users.currentUser(function(data) {
        if (data.result) {
            console.log("Logged in " + JSON.stringify(res));
            // the user is logged in
            // make AJAX call and other view-specific logic
        } else {
            // no logged in user
            return;
        }
    }, function(err) {
        alert(err.message + " Please log in.");
    });
     
     
    // no other code before awaiting the result from the currentUser

    I hope this helps.

    Regards,
    Anton Dobrev
    Telerik by Progress
     

    Visit the Telerik Verified Plugins Marketplace and get the custom Cordova plugin you need, already tweaked to work seamlessly with AppBuilder.

     
Back to Top