Nanoflow signin issue - anonymous user prevents access to page.

0
I am using the “Nanoflow Commons” module and calling the “SignIn” Java action to do a custom sign-in of an anonymous user.  This works; however, as soon as I switched to prod security mode and set up entity role security, my landing page that has a DataGrid on it causes an error.  I know the error means the Anonymous user does not have access to an entity (Which it shouldn’t), but I was expecting that access would be checked at the point the “Show Page” action was triggered. Is there no way to indicate that User is now logged in and the role may be different?
asked
3 answers
3

Hi James,

whats the issue that you are running into with the nanoflow action?  There are two options for creating a custom login action. The first option is to use a nanoflow and the client api (the nanoflow commons javascript action is using this) which just needs the username and password and handles everything for you. The other option is to use the runtime api but requires you to create a custom request handler that creates the new session, initiates the login api, and returns a response that will set the cookies for the new session. To call the request handler you would still use a nanoflow with a javascript action. 

The reason the runtime api method is more complicated is because Mendix handles the session with the XASSESSIONID cookie and when you create the new session server side you have to somehow get the new cookie value to the users client. Browser policies prevent cookies being set by a server unless they are in a response.

 

I would take a look at the autologin module. The idea behind that module is a user is going from anonymous to a named user without having to enter their credentials twice. In the microflow when you create the autologin token you can do a check with the verify password java action in community commons or their is a java action in the autologin module that does this too. if that returns true then you can proceed with having the user login. 

https://appstore.home.mendix.com/link/app/107925/Magnus-Consulting/AutoLogin

 

Edit:

Here is a working example with all the different options for signing in. I was able to use the autologin module to do the login in a microflow. 

https://drive.google.com/file/d/11f2XdKT4B0_S1J4Q7gTS4nMbjV0L23Jv/view?usp=sharing

answered
2

Did you create seperate landing pages for anonymous and regular users? My assumption is that you did not and hence the security errors. Try setting up two different landing pages with different entities on them and make sure that the anonymous user has access to all the entities on that landing page.

Regards,

Ronald

answered
0

I found a way to break the flow of user roles inheritance using the ‘executeMicroflowAsUser’ Java action from the “Community Commons” module on the store (or you can roll your own Java action).  Essentially, the “StartLogin” custom microflow I created runs under all roles, but after successful login, ends with “executeMicroflowAsUser(  $currentUser/Name,  false  )”.  That prevents the anonymous role being inherited into my “OnLoginSuccessful” MF.

As was mentioned in comments, you can use JavaScript actions to call a MF; however, you CANNOT call that Nanoflow from another Microflow (good to keep in mind).

Edit: Turns out a better solution (for CUSTOM logins) is to use the “SignIn” JavaScript action from the Nanoflow Commons module and allow all roles, then make sure the first MF called has the anonymous user deselected. This route does not require the aforementioned Java action. Please see Austin’s answer, which is more “proper” from a client-side perspective.

answered