i’ve a simple question for you, can i generate a Random string using the Expression block of the Workflow ?
a brief explanation of what i want to achieve :
i have a website, and i want to log user sending them an email with a link, so i want that user to receive a link to some route in my webapp that then generate a cookie to keep the session…
eg. i’m on example.com → i insert my email and submit it → i receive an email with a link to something like example.com/login/[RandomString]?=myEmail
so my app can take the random string and the email of the user and ( if is an email that i know)
give a cookie to it.
Can i use some kind of “function” in the expression block to generate that string ? or i have to run a server script ?
No, but yes.
There isn’t a random string function, but there is a random number function.
If you can use numbers as that secret (for login) use that.
Alternatively, you could convert that number to a hex number (
format("%x", thatNumber")) which would give you some characters in there.
If that doesn’t work, you can use random.org or some other thing to generate those values.
I’m either misunderstanding your use-case or you’re overthinking it.
You want to generate a login link when a user provides a password to your website – why are you offloading this work to Corteza? Are you trying to log users into Corteza?
i know i’m probably overthinking it but this is the scenario, is a bit complex to explain :
we are a mobility sharing company, and i’m building a simple webapp to manage the batteries (electric vehicles) life cicle.
i’ve to “secure” this app in order to let only certain user to enter, but since we will give this to an external service i don’t like to overwhelm a 3rd party with passwords.
So my tough is that:
i can “save” the emails of the actual operators in my db
they can simply navigate in their browser to my page, insert the email that i’ve already know and receive an email with a link, by clicking that link they will get a cookie with the privileges they need to perform the operations.
In that way they don’t need a password but the site is still somehow “secured” since i will send the email only to the “known user”.
I can use numbers too, is the same since i’m building it from the ground.
so the new Question is, how can i generate a number ?
and to anser to your Question about why corteza, since the CRM of users is in Corteza ( at the moment, we are in development) i’m trying to understand the full potential of it
as simple as using random(), silly question
Sounds fairly reasonable to me. By the way, here is the expression function reference.
Thanks for the support, by the way you where right, i was overthinking, i resolve it creating a JWT and attaching it to the URL ( so will be like example.com/auth/[JWT].
with that i get an almost random string ( at least unguessable), and all i have to do in my webapp is checking the signature of the JWT to be sure is what i generated.