Custom-security-rules

mark · May 4, 2021, 10:48pm

Looking to use both the registration and email validation together.
Looking at Securing your apps | Fliplet Developers Documentation

The sample code looks as if it will adapt however it is 20 years since I coded would the changes work, plus I want to include Onboarding, Login, Registration, Email Validation - can you clarify what the other screen names would be?

var loginScreen = 123;
var hasSession = session && session.entries && session.entries.dataSource;
var isAllowed = hasSession && session.entries.dataSource.data[‘verifiedAt’] == null;

if (server && page.id !== loginScreen && !isAllowed) {
error = true;
navigate = { action: ‘screen’, page: loginScreen, transition: ‘slide.left’ };
}

Deb · May 5, 2021, 3:27pm

Hi mark,

You will need something like this:

Please put the page Id’s of all the pages you want excluded at the top. If a user is not logged and they try to access any other page then they will be take to the loginPage below.

var onboardingPage = 123456;
var loginPage = 123456;
var registrationPage = 123456;
var emailValidation = 123456;

var isAllowed =
  (session && session.entries && session.entries.dataSource) ||
  (page.id === onboardingPage ||
    page.id === loginPage || 
    page.id === registrationPage ||
    page.id === emailValidation);

if (server && page.id !== loginPage && !isAllowed) {
  error = true;
  navigate = { action: 'screen', page: loginPage, transition: 'slide.left' };
}

mark · May 7, 2021, 4:53pm

Hi Deb

Just to clarify what we need to do.

You have two components, Registration and email validation. Currently they do not work together.

Email validation puts a datetime stamp in the user table in ‘ verifiedAt’.

Hence the query about the custom code – so it checks both registration and that verifiedAt has something in it.

Going to the page below it give the code sample. Which suggests session.entries.dataSource.data[‘foo’] !== ‘bar’; - modified would check the email validation.

https://developers.fliplet.com/App-security.html

mark · May 9, 2021, 8:53am

Hi
I should have also said that in the code you show I can’t see how it also checks the email validation. But I haven’t coded for a very long time so may be mistaken.

Deb · May 11, 2021, 9:44am

Hi Mark,

Thank you for the clarification. In this case I suggest the following. This will check if your verifiedAt is not null and if it is then it will take you to the login page.

var loginPage = 123456;
var registrationPage = 123456;
var emailValidation = 123456;

var isAllowed =
  (session && session.entries && session.entries.dataSource) || hasSession && session.entries.dataSource.data[‘verifiedAt’] != null ||
  (page.id === onboardingPage ||
    page.id === loginPage || 
    page.id === registrationPage ||
    page.id === emailValidation);

if (server && page.id !== loginPage && !isAllowed) {
  error = true;
  navigate = { action: 'screen', page: loginPage, transition: 'slide.left' };
}

Topic		Replies	Views
What is the best way to write a custom security rule Get Help	1	158	October 19, 2023
My app is is for internal and external users. How do I set a security rule for both Single Sign On and a data source login? Get Help sso , login , security-rules	1	707	April 19, 2021
On user login/logout Code Library	0	319	July 1, 2022
Take users to different screens based on form data Get Help form	1	395	April 4, 2022
Admin specific Security Rules Get Help	2	499	May 26, 2021

Custom-security-rules

Related topics