API - POST option in /Branding endpoint

[chef 3745]

It would be cool to add a POST option to the Branding endpoint in the API. Currently we can access all the data, but even after an attempt to trace the 'save' button in the settings menu, I was unable to find where to hack my way into the Branding.xml file to change options.

 

Mostly it would be great to make the disclaimer dynamic. Obviously keeping it text only but allow for dynamic changes to it through the API.

 

I hope that request makes sense.

 

An example would be the ability to warn users of login attempt counts. Also deterrents could be customized based on visitors ips by accessing the disclaimer and utilizing reverse lookups from proxy applications.

 

Just a thought.

[Luke 37058]

If you want to update, can't you just use the same api that the settings screen is using?

[rechigo 293]

Isn't that endpoiny just /System/Configuration/branding?

 

It accepts customCss and loginDisclaimer in the json body

 

Sent from my SM-G973U using Tapatalk

[chef 3745]

If you want to update, can't you just use the same api that the settings screen is using?

Excellent I just found it. I didn't realize we could call 'namedConfiguration' like that.

 

That adds a whole world of things to the toolbox.

 

I see it in JavaScript, I'll need to see how to do it in C#.

[chef 3745]

Would I use the IConfigurationManager GetConfiguration("branding") ?

[chef 3745]

Isn't that endpoiny just /System/Configuration/branding?

 

It accepts customCss and loginDisclaimer in the json body

 

Sent from my SM-G973U using Tapatalk

 

that will get branding, but there isn't a way to save it back unless you use:

ApiClient.getNamedConfiguration("branding").then(function(config) {

});

ApiClient.updateNamedConfiguration("branding", CONFIG_OBJECT).then(function() {
                        
})

But how do you get the same thing in the C# code?

 

Would I use the IConfigurationManager GetConfiguration("branding") ?

[chef 3745]

Sorry last question... promise.

 

Is the "key" in the ConfigurationManager.SaveConfiguration() function "branding"? Like this:

                var branding = ConfigurationManager.GetConfiguration<BrandingOptions>("branding");
                branding.LoginDisclaimer =
                    "Hello This is my branding text that changed.";
                ConfigurationManager.SaveConfiguration("branding", config); //Probably should just test this to see if it's right...

[chef 3745]

 

Sorry last question... promise.

 

Is the "key" in the ConfigurationManager.SaveConfiguration() function "branding"? Like this:

                var branding = ConfigurationManager.GetConfiguration<BrandingOptions>("branding");
                branding.LoginDisclaimer =
                    "Hello This is my branding text that changed.";
                ConfigurationManager.SaveConfiguration("branding", config); //Probably should just test this to see if it's right...

 

 

NO, this is not correct you must send Branding options back through the SaveConfiguration.

var branding = ConfigurationManager.GetConfiguration<BrandingOptions>("branding");
                branding.LoginDisclaimer =
                    "Hello This is my branding text that changed.";
                ConfigurationManager.SaveConfiguration("branding", branding); 

[chef 3745]

 

NO, this is not correct you must send Branding options back through the SaveConfiguration.

var branding = ConfigurationManager.GetConfiguration<BrandingOptions>("branding");
                branding.LoginDisclaimer =
                    "Hello This is my branding text that changed.";
                ConfigurationManager.SaveConfiguration("branding", branding); 

 

 

This updates the branding in the configuration! Perfect!

Now,  I must figure out how to request the page to display the new disclaimer.

 

Perhaps Sending websocket messages to user Sessions? but technically there is no user session at that point.

[chef 3745]

This is the code I'm working on. 

 

Currently I have found:

 

1.  ConfigurationManager BrandingOptions

2. I've been able to update and change the branding options

               var branding = ConfigurationManager.GetConfiguration<BrandingOptions>("branding");

                branding.LoginDisclaimer =
                    $"{(config.ConnectionAttemptsBeforeBan > 3 ? config.ConnectionAttemptsBeforeBan : 3) - connection.LoginAttempts} login attempt(s) attempts left.";
                ConfigurationManager.SaveConfiguration("branding", branding);
               

However, this might not be the best way to go about what I'd like to do.

 

If I change the Branding options, then every user viewing the login screen would see the same thing. This won't work for me, because the Message I have is for individual users.

 

Note: The Message being the number of login attempts left before they can no longer try, or are stuck in a cool down period.

 

 

Even better! I thought about using the SessionManager,  and send a websocket message to Devices.

 

Looks like this is totally possible through the API. That's amazing actually!

 SessionManager.SendMessageToUserDeviceAndAdminSessions(connection.deviceId, "DisclaimerEdit",
                    $"You have {config.ConnectionAttemptsBeforeBan - connection.LoginAttempts} left.", CancellationToken.None);

This is cool. But it would involve the login page recognizing my websocket message and changing the discalimer innerText element (Extra javascript written into the login page.js... meh).

 

 

So I may continue with the experiment, and get it working. 

Edited March 26, 2020 by chef

[chef 3745]

Finally, after reading this post on Stackoverflow:

https://ux.stackexchange.com/questions/25621/how-do-i-best-tell-a-user-that-his-her-account-will-be-locked-if-they-enter-the

 

I have decided that it is a bad idea to say anything on the login page about what is happening behind the scenes with regards to faulty login attempts.

 

It's just asking for DDOS attacks on each of the user accounts.