Ignore:
Timestamp:
Oct 6, 2017, 11:37:18 AM (5 years ago)
Author:
Nicklas Nordborg
Message:

References #2097: Implement support for device verification

The major part of device verification should now be implemented. If the web application has a stored token it is submitted with the login information (LoginRequest.setDeviceToken()). The SessionControl.login() method will check if the device is known or not.

If not, a DeviceNotVerifiedException is thrown and the user is taken to the verify_device.jsp page. The code should be sent by email but is currently only display on that page (to be fixed!). If the verification code is correct, information about the device is stored in the database so that the user can be allowed access immediately the next time.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/core/common-queries.xml

    r7312 r7408  
    39323932    </description>
    39333933  </query>
     3934 
     3935  <query id="GET_USER_DEVICE" type="HQL">
     3936    <sql>
     3937      SELECT dev
     3938      FROM UserDeviceData dev
     3939      WHERE dev.user = :userId
     3940      AND dev.client = :clientId
     3941      AND dev.token = :token
     3942    </sql>
     3943    <description>
     3944      HQL query that selects a device for a given user and client
     3945      with a given device token.
     3946    </description>
     3947  </query>
    39343948
    39353949</predefined-queries>
Note: See TracChangeset for help on using the changeset viewer.