Member Login, Contour security & how do I stop a field getting recorded?
I have a simple Contour login form from which I'm capturing "Email" and "Password".
I have created a custom workflowtype to do the login. It's all working except that, after logging in the user, the entries show the actual password, so I need to stop it from doing that.
I've tried;
// Clear from record var storage = new RecordStorage(); record.GetRecordField("Password").Values.Clear(); storage.UpdateRecord(record, e.Form); storage.Dispose();
But it seems to have no effect. I've also tried using
storage.DeleteRecord(record).
I don't have an approved state for this form, because it's just a login form. An approved state is not necessary.
I've noticed that after a signing (and setting a redirect) I get a URL mysite.local/?recordid=f05974e8-0044-4761-a796-6a8745457752. I could write a control to deal with it upon redirect, perhaps just deleting the record... but that smells.
//we then invoke the recordservice which handles all record states //and make the service delete the record.
Umbraco.Forms.Core.Services.RecordService rs = new RecordService(record);
rs.Delete();
rs.Dispose();
Which gives me;
Umbraco Exception (DataLayer): SQL helper exception in ExecuteNonQuery
Can you run SQL profiler to see the SQL statement that is getting sent to SQL Server. You should be able to run the query and see the SQL error from there.
Following (after) your login workflow you can add this workflow, it deletes the record and you can optionally choose "Retain the delete workflow when deleting".
You may find that the delete works better on the approved action, after the form is recorded fully, so try automatically approving the form, and then move at least the delete workflow to the Approved action.
This is my delete workflow and feel free to change the Namespace to suit your project...
using System; using System.Collections.Generic; using System.Linq; using System.Text; using umbraco.BusinessLogic; using umbraco.cms.businesslogic.web; using umbraco.cms.businesslogic.property; using umbraco.cms.businesslogic.propertytype; using Umbraco.Forms.Data; using Umbraco.Forms.Core; using Umbraco.Forms.Core.Enums; using Umbraco.Forms.Core.Services; using Umbraco.Forms.Data.Storage; using umbraco.DataLayer;
namespace RDL.Contour.WorkFlows { public class DeleteRecord : WorkflowType {
public DeleteRecord() { this.Id = new Guid("93bee308-dbc0-41ee-80ec-aeef83914330"); this.Name = "Delete record"; this.Description = "Delete Record."; }
[Umbraco.Forms.Core.Attributes.Setting("Delete", description = "Retain the delete workflow when deleting", control = "Umbraco.Forms.Core.FieldSetting.Checkbox")] public string Delete { get; set; }
public override WorkflowExecutionStatus Execute(Record record, RecordEventArgs e) {
if (Delete == true.ToString()) { Umbraco.Forms.Data.Storage.RecordStorage storage = new Umbraco.Forms.Data.Storage.RecordStorage(); Umbraco.Forms.Core.Record targetRecord = record; Umbraco.Forms.Core.Form targetForm = new FormStorage().GetFormFromRecordId(record.Id); Umbraco.Forms.Core.Services.RecordService rs = new Umbraco.Forms.Core.Services.RecordService(targetRecord);
Thanks for the great reply! We decided to go ahead down a different route. We're just exploring contour right now, but we couldn't make it do what we needed in time. We're definately going to come back to it and have another play and your post will be very useful.
Man, why is this stuff not wrapped up in a nice single method? Should not really have to go poking around in the DB in this case in my opinion, feels wrong and has always got us in trouble with Umbraco in the past.
Will take a look, when a form is connected to a data source you have the option to disable contour data storage so should be easy to also enable this for code first forms :)
@Peter, of course there is no need to hit the DB to delete the record, but I've previously had a need to take the delete workflow out of play, so supplied quick demo to wrap that up in one workflow nicely...
Also using codefirst you can do pretty much anything you want to, eg you could simply redirect out of the submit method (avoiding all data storage), but have noted Bear has created a workflow to login, so assume codefirst isn't an option here ;)
I was not grumbling at you or your code, more fact we had to get that low down and dirty, surprised the API does not allow for it but looks like Tim is all over it.
Member Login, Contour security & how do I stop a field getting recorded?
I have a simple Contour login form from which I'm capturing "Email" and "Password".
I have created a custom workflowtype to do the login. It's all working except that, after logging in the user, the entries show the actual password, so I need to stop it from doing that.
I've tried;
But it seems to have no effect. I've also tried using
I don't have an approved state for this form, because it's just a login form. An approved state is not necessary.
I've noticed that after a signing (and setting a redirect) I get a URL mysite.local/?recordid=f05974e8-0044-4761-a796-6a8745457752. I could write a control to deal with it upon redirect, perhaps just deleting the record... but that smells.
I've found the following code up on;
https://github.com/umbraco/UmbracoContourDocs/blob/master/Developer/Extending-Contour/Adding-a-Workflowtype.md
//we then invoke the recordservice which handles all record states //and make the service delete the record. Umbraco.Forms.Core.Services.RecordService rs = new RecordService(record); rs.Delete(); rs.Dispose();Which gives me;
Umbraco Exception (DataLayer): SQL helper exception in ExecuteNonQuery
Can you run SQL profiler to see the SQL statement that is getting sent to SQL Server. You should be able to run the query and see the SQL error from there.
Sorry I can't help wih Contour
I might be able to later on. However, I just need to crack on. I've written some code that deletes the record after the redirect, its far from ideal.
Hi Bear
Following (after) your login workflow you can add this workflow, it deletes the record and you can optionally choose "Retain the delete workflow when deleting".
You may find that the delete works better on the approved action, after the form is recorded fully, so try automatically approving the form, and then move at least the delete workflow to the Approved action.
This is my delete workflow and feel free to change the Namespace to suit your project...
Hope this helps!
Cheers
Josh
Hey Josh,
Thanks for the great reply! We decided to go ahead down a different route. We're just exploring contour right now, but we couldn't make it do what we needed in time. We're definately going to come back to it and have another play and your post will be very useful.
Thanks again.
Man, why is this stuff not wrapped up in a nice single method? Should not really have to go poking around in the DB in this case in my opinion, feels wrong and has always got us in trouble with Umbraco in the past.
Feature request coming up I think...
Comment author was deleted
Will take a look, when a form is connected to a data source you have the option to disable contour data storage so should be easy to also enable this for code first forms :)
@Peter, of course there is no need to hit the DB to delete the record, but I've previously had a need to take the delete workflow out of play, so supplied quick demo to wrap that up in one workflow nicely...
Also using codefirst you can do pretty much anything you want to, eg you could simply redirect out of the submit method (avoiding all data storage), but have noted Bear has created a workflow to login, so assume codefirst isn't an option here ;)
Hi Josh,
I was not grumbling at you or your code, more fact we had to get that low down and dirty, surprised the API does not allow for it but looks like Tim is all over it.
Pete
is working on a reply...