Mobile App Login restriction

Go to solution
chadp
Mega Contributor

‎04-26-2018 01:28 AM

Hi All, 

 

I find it hard to believe there is now way to restrict access by role to the native mobile app .  I have tried using Business Rule below but am getting mixed results.. 

We want ONLY ITIL users to use the mobile app at this time  and want to restrict access to users with 'user' role. 

//Disables login for users without an ITIL role
(function executeRule(current, previous /*null when async*/) {
	var user = current.user;	
	if(gs.getUser().getUserByID(user).hasRole('user')  && gs.isMobile()){
		current.setAbortAction(true);
	}	
})(current, previous);

Please help I've spent too many hours combing the forums on something that should be an inherent feature of the app 

 

 

Labels:
Preview file
33 KB
0 Helpfuls
  • 3,891 Views
1 ACCEPTED SOLUTION

Go to solution
Sagar Patro
Kilo Guru
In response to chadp

‎04-27-2018 03:02 AM

I think you never changed the code

gr_roles.addQuery("role" , "2831a114c611228501d4ea6c309d626d");//Sys id of the role...admin here

put the sys_id of USER role here.

If you do that, any user which does not have USER role will not be allowed to login on the mobile.

View solution in original post

16 REPLIES 16

Go to solution
Sagar Patro
Kilo Guru

‎04-26-2018 02:06 AM

In the above script, where you trying with "user" role or is it a mistake because of which you are getting mixed results?

 

0 Helpfuls

Go to solution
chadp
Mega Contributor
In response to Sagar Patro

‎04-26-2018 02:11 AM

Yes I want to restrict users with the Role 'user'  

 

We have Customer users (whom are assigned the Role 'user')  

 

ans we have ITIL internal analysts (whom are assigned 'itil' role .

 

we want to restrict all no itil users

0 Helpfuls

Go to solution
Sagar Patro
Kilo Guru
In response to chadp

‎04-26-2018 03:59 AM

Go it. I am not sure if a business rule is the right thing to achieve this.

AbortAction would stop the current business rule to run but everything else would work fine. So, that would not be my preference.

I would recommend you to look into 

Installation Exits --> Login

gs.include("PrototypeServer");

var Login = Class.create();
Login.prototype = {
	initialize : function() {
	},

        process : function() {
          // the request is passed in as a global
          var userName = request.getParameter("user_name");
          var userPassword = request.getParameter("user_password");

          var user = GlideUser;
          var authed = user.authenticate(userName, userPassword);
          if (authed) 
             return user.getUser(userName);
			
          this.loginFailed();

          return "login.failed";
        },

        loginFailed : function() {
		  if (GlideController.exists("glide.ldap.error.connection")) {
			  var ldapConnError = GlideController.getGlobal("glide.ldap.error.connection");
			  if ( GlideStringUtil.notNil(ldapConnError) )
			      GlideSession.get().addErrorMessage(ldapConnError);
		  } else {
              var message = GlideSysMessage.format("login_invalid");
              GlideSession.get().addErrorMessage(message);
		  }
	
       }

}

 

You can make the changes here and it should work.

Mark it Correct and helpful if it was 🙂

Go to solution
chadp
Mega Contributor

‎04-26-2018 11:50 PM

Thanks Sagar for the help, 

 

However, my adjustment to code don't seem to take. 

 

I added the exception for Mobile users to only have itil with authMobile variable. 

 

Please advise why it still wont work and what I need to adjust to fix it? I'm not well versed in installation exits and product security so details are appreciated!

gs.include("PrototypeServer");

var LoginCustom = Class.create();
LoginCustom.prototype = {
	initialize : function() {
	},
	
	process : function() {
		// the request is passed in as a global
		var userName = request.getParameter("user_name");
		var userPassword = request.getParameter("user_password");
		
		var user = GlideUser;
		var authed = user.authenticate(userName, userPassword);
		var authMobile = gs.getUser().getUserByID(user).hasRole('itil')  && gs.isMobile();
		if (authed)
			return user.getUser(userName);
		else if(!authMobile)
			return user.getUser(userName);
		this.loginFailed();
		
		return "login.failed";
	},
	
	loginFailed : function() {
		if (GlideController.exists("glide.ldap.error.connection")) {
			var ldapConnError = GlideController.getGlobal("glide.ldap.error.connection");
			if ( GlideStringUtil.notNil(ldapConnError) )
				GlideSession.get().addErrorMessage(ldapConnError);
		} else {
			var message = GlideSysMessage.format("login_invalid");
			GlideSession.get().addErrorMessage(message);
		}
		
	}
	
}
;

 

 

0 Helpfuls