chef 3746 Posted March 26, 2020 Share Posted March 26, 2020 It would be cool to add a POST option to the Branding endpoint in the API. Currently we can access all the data, but even after an attempt to trace the 'save' button in the settings menu, I was unable to find where to hack my way into the Branding.xml file to change options. Mostly it would be great to make the disclaimer dynamic. Obviously keeping it text only but allow for dynamic changes to it through the API. I hope that request makes sense. An example would be the ability to warn users of login attempt counts. Also deterrents could be customized based on visitors ips by accessing the disclaimer and utilizing reverse lookups from proxy applications. Just a thought. Link to comment Share on other sites More sharing options...
Luke 37112 Posted March 26, 2020 Share Posted March 26, 2020 If you want to update, can't you just use the same api that the settings screen is using? Link to comment Share on other sites More sharing options...
rechigo 293 Posted March 26, 2020 Share Posted March 26, 2020 Isn't that endpoiny just /System/Configuration/branding? It accepts customCss and loginDisclaimer in the json body Sent from my SM-G973U using Tapatalk 1 Link to comment Share on other sites More sharing options...
chef 3746 Posted March 26, 2020 Author Share Posted March 26, 2020 If you want to update, can't you just use the same api that the settings screen is using? Excellent I just found it. I didn't realize we could call 'namedConfiguration' like that. That adds a whole world of things to the toolbox. I see it in JavaScript, I'll need to see how to do it in C#. Link to comment Share on other sites More sharing options...
chef 3746 Posted March 26, 2020 Author Share Posted March 26, 2020 Would I use the IConfigurationManager GetConfiguration("branding") ? Link to comment Share on other sites More sharing options...
chef 3746 Posted March 26, 2020 Author Share Posted March 26, 2020 Isn't that endpoiny just /System/Configuration/branding? It accepts customCss and loginDisclaimer in the json body Sent from my SM-G973U using Tapatalk that will get branding, but there isn't a way to save it back unless you use: ApiClient.getNamedConfiguration("branding").then(function(config) { }); ApiClient.updateNamedConfiguration("branding", CONFIG_OBJECT).then(function() { }) But how do you get the same thing in the C# code? Would I use the IConfigurationManager GetConfiguration("branding") ? Link to comment Share on other sites More sharing options...
chef 3746 Posted March 26, 2020 Author Share Posted March 26, 2020 Sorry last question... promise. Is the "key" in the ConfigurationManager.SaveConfiguration() function "branding"? Like this: var branding = ConfigurationManager.GetConfiguration<BrandingOptions>("branding"); branding.LoginDisclaimer = "Hello This is my branding text that changed."; ConfigurationManager.SaveConfiguration("branding", config); //Probably should just test this to see if it's right... Link to comment Share on other sites More sharing options...
chef 3746 Posted March 26, 2020 Author Share Posted March 26, 2020 Sorry last question... promise. Is the "key" in the ConfigurationManager.SaveConfiguration() function "branding"? Like this: var branding = ConfigurationManager.GetConfiguration<BrandingOptions>("branding"); branding.LoginDisclaimer = "Hello This is my branding text that changed."; ConfigurationManager.SaveConfiguration("branding", config); //Probably should just test this to see if it's right... NO, this is not correct you must send Branding options back through the SaveConfiguration. var branding = ConfigurationManager.GetConfiguration<BrandingOptions>("branding"); branding.LoginDisclaimer = "Hello This is my branding text that changed."; ConfigurationManager.SaveConfiguration("branding", branding); Link to comment Share on other sites More sharing options...
chef 3746 Posted March 26, 2020 Author Share Posted March 26, 2020 NO, this is not correct you must send Branding options back through the SaveConfiguration. var branding = ConfigurationManager.GetConfiguration<BrandingOptions>("branding"); branding.LoginDisclaimer = "Hello This is my branding text that changed."; ConfigurationManager.SaveConfiguration("branding", branding); This updates the branding in the configuration! Perfect! Now, I must figure out how to request the page to display the new disclaimer. Perhaps Sending websocket messages to user Sessions? but technically there is no user session at that point. Link to comment Share on other sites More sharing options...
chef 3746 Posted March 26, 2020 Author Share Posted March 26, 2020 (edited) This is the code I'm working on. Currently I have found: 1. ConfigurationManager BrandingOptions 2. I've been able to update and change the branding options var branding = ConfigurationManager.GetConfiguration<BrandingOptions>("branding"); branding.LoginDisclaimer = $"{(config.ConnectionAttemptsBeforeBan > 3 ? config.ConnectionAttemptsBeforeBan : 3) - connection.LoginAttempts} login attempt(s) attempts left."; ConfigurationManager.SaveConfiguration("branding", branding); However, this might not be the best way to go about what I'd like to do. If I change the Branding options, then every user viewing the login screen would see the same thing. This won't work for me, because the Message I have is for individual users. Note: The Message being the number of login attempts left before they can no longer try, or are stuck in a cool down period. Even better! I thought about using the SessionManager, and send a websocket message to Devices. Looks like this is totally possible through the API. That's amazing actually! SessionManager.SendMessageToUserDeviceAndAdminSessions(connection.deviceId, "DisclaimerEdit", $"You have {config.ConnectionAttemptsBeforeBan - connection.LoginAttempts} left.", CancellationToken.None); This is cool. But it would involve the login page recognizing my websocket message and changing the discalimer innerText element (Extra javascript written into the login page.js... meh). So I may continue with the experiment, and get it working. Edited March 26, 2020 by chef Link to comment Share on other sites More sharing options...
chef 3746 Posted March 27, 2020 Author Share Posted March 27, 2020 Finally, after reading this post on Stackoverflow: https://ux.stackexchange.com/questions/25621/how-do-i-best-tell-a-user-that-his-her-account-will-be-locked-if-they-enter-the I have decided that it is a bad idea to say anything on the login page about what is happening behind the scenes with regards to faulty login attempts. It's just asking for DDOS attacks on each of the user accounts. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now