Luke 37064 Posted September 7, 2012 Share Posted September 7, 2012 I just added LastLoginDate and LastActivityDate, although FYI, they are not implemented yet and will just return dummy data for now. But the properties are there for you to consume. LastActivityDate is based on any kind of api call made on behalf of the user. Also, fyi, this is a good resource to format the times nicely, if you want to display something like "Last seen 3 hours ago". http://stackoverflow.com/questions/11/c ... ative-time Link to comment Share on other sites More sharing options...
Luke 37064 Posted September 7, 2012 Author Share Posted September 7, 2012 I have added user authentication via the following: - DTOUser has a HasPassword property - If true you must authenticate the user when they sign in - Make a POST request to /api/userauthentication - userId and password both need to be supplied via form POST data. You can't put them on the query string - You will get an AuthenticationResult back. Currently Success will always come back true. Eric and I will implement the password validation together. But this should be enough for UI devs to begin consuming it. Note: Skip authentication if EnableUserProfiles=false At the moment, there is nothing that prevents a UI developer from skipping authentication entirely. I'm wiling to take security as far as we want to take it, with things like auth tokens and the like. Right now I'm trying to be cognizant of the fact that we're just a media player hosted directly on a user's computer. But please feel free to provide feedback. See ApiClient for sample usage. Link to comment Share on other sites More sharing options...
ebr 14913 Posted September 7, 2012 Share Posted September 7, 2012 I don't think we have to be too concerned with security from the developer perspective. We are more concerned with presenting the right options than securing anything. I know PC will be tied to this as well, but that isn't a huge concern. Link to comment Share on other sites More sharing options...
Luke 37064 Posted September 7, 2012 Author Share Posted September 7, 2012 One change I will introduce to the server today - I want the UI's to always make the call to authenticate regardless of HasPassword or EnableUserProfiles. This is just from a tracking perspective so that we know the login took place and to keep things consistent. If HasPassword=false, or EnableUserProfiles=false, simply omit password from the form POST. Link to comment Share on other sites More sharing options...
Luke 37064 Posted September 7, 2012 Author Share Posted September 7, 2012 Ok, I've pushed the changes to the server. Please make the call to authenticate regardless of EnableUserProfiles or HasPassword. LastLoginDate and LastActivityDate will now be updated while the server is running. Since we don't have a DB yet, the changes are not actually saved anywhere but you should see the values get updated throughout each server session. Link to comment Share on other sites More sharing options...
sethkaymart 0 Posted June 30, 2014 Share Posted June 30, 2014 I was surprised at how much information is available without any authentication. /System/Info shows a lot about the host computer. I'm in favor of any added security for API users, even if it's just a randomly-generated key. Are there any current settings that can limit anonymous access? Link to comment Share on other sites More sharing options...
Luke 37064 Posted June 30, 2014 Author Share Posted June 30, 2014 we have stronger authentication on our roadmap. not to worry. 1 Link to comment Share on other sites More sharing options...
sethkaymart 0 Posted July 1, 2014 Share Posted July 1, 2014 Great news. Just donated. Keep up the good work. Link to comment Share on other sites More sharing options...
Luke 37064 Posted July 1, 2014 Author Share Posted July 1, 2014 Great news. Just donated. Keep up the good work. Thanks, that is much appreciated. As long as we have (team) community members like yourself, we'll keep it coming. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now