The login script uses the Security API to authenticate users:
try {
// Encrypt password before calling logon service
var passwordEncrypted = encryptPassword(fields.password.value);
// Call login service passing the username and encrypted password
system.securityManager.logon("ebSecurityLoginService", [
["securityLogin", fields.username.value],
["securityLogin", passwordEncrypted]
]);
// If successful, take the user to the profile page
form.gotoForm("ebSecurityLoginProfile");
}
catch(e) {
event.owner.addErrorMessage("There was a problem with your username or password");
}
Passwords stored in the database are encrypted using Verj EncryptionServices API, therefore we encrypt the password supplied by the user and the lookup is done on the encrypted value.
The username and encrypted password are passed into the logon method of the Verj securityManager. Also in the method, we specify the logon service we would like to call, in this case ebSecurityLoginService. This is a Verj System Service created for authenticating users.
The script shared/logonService/logonServiceLogic allows you to define what lookups to perform, for example Active Directory, or in this case just a simple database table.
Passing in a parameter source also allows us to define separate business logic for different applications as this parameter can be checked in the script:
fields.PARAM1_SOURCE.value == "securityLogin"
By doing this, you can have multiple applications using the same login service, each with their own authentication/authorisation set-up.
To return an authenticated user the logon service response needs to set a USERID field, this could simply be the username supplied by the user logging in. In addition it is possible to set user roles and credentials.
// Database lookup using username and encrypted password
resources.securityLoginUsers.fetch();
// If a match is found
// Set the UserID value - this indicates the login is successful
fields.USERID.value = fields.username.value;
// Set Custom Role
tables.CUSTOMROLE.insertRow();
tables.CUSTOMROLE.ROLEID.value = "admin";
tables.CUSTOMROLE.updateTable();
// Set Credentials
tables.CREDENTIAL.insertRow();
tables.CREDENTIAL.ID.value = "lastname";
tables.CREDENTIAL.VALUE.value = fields.lastname.value;
tables.CREDENTIAL.updateTable();
Roles and credentials are added into tables as the user can have more than one of each.
When the logon service returns to the calling script, we send them to their profile page. On the before form script profileBeforeForm we can get information stored in the session:
// Get user details from the credentials stored in the security manager
fields.lastname.value = system.securityManager.getCredential("lastname")
// Check user has role
if(system.securityManager.hasRole("admin")){
// Show admin menu
}
else{
// Hide admin menu
}
If the lookup fails, you can return an error mesage back to the user by setting an error code and description:
fields.USERID.value = null;
fields.ERRORCODE.value = "1";
fields.ERRORDESCRIPTION.value = "Username and password mismatch";
All of this information persists for the duration of the user's session or until the user logs out by invoking the logoff method:
system.securityManager.logoff();