I'm working on a security exercise. I created a role in my app, and some test users, and gave one of the users the appropriate role, and then restricted a screen to use only by users with that specific role. Configure Authentication is set to Internal Only.
I get prompted with a Login window that asks for email address. I can login myself using my email address. I cannot login my test users with email address, only with username. (They all have very simple passwords, so I'm pretty sure that I'm typing them correctly.) I'd like to know why this is happening. Has anyone else seen this?
Also, why does the default login screen ask for an email address when it accepts username? Is there a setting for this that I overlooked?
I figured out the problem. It's a bug in the default Login screen.
There is an input widget called UserNameInput, variable UserName. The label for that widget say "Email Address".
The label should say "Username". This is an OutSystems bug. You can recreate it very easily by creating a new Traditional Web App and looking at the login screen that it provides.
Hi Adina,
You can ask the email to the user, do a query to the User entity to get the user with the given email and use the username attribute as input from the Login action.
You can see how to do it still by step in the solution of this post.
Hope it helps.
Regards,
João
Hello Adina.
Can it be that more than one user share the same email? It happens a lot with dummy data... Some users don't even have email! That's why username is the safest option. It exists and is unique.
Regarding what the screen asks, you can edit that to fit your use case.
You can access the users portal of your environment to check the user details. when you created the users the username was set different than the email address. You can edit the user and update the username property value to the email address like below -
Hope this helps.
Thanks,
Unnati
I am not sure that you understand my issue, let me try again.
I have a user: name is Movie Admin, username is movie_aa, email is admin@mailinator.com .
If I provide admin@mailinator.com as the email address along with the correct password, login fails. If I provide movie_aa along with the correct password, login succeeds.
Why would this happen? Is the real issue here that the default login screen asks for email address but should really be asking for username?
I suspect that I will need to debug into the Users application to figure this out, but I was hoping someone else might have encountered this.
That happens because the login action requires a username and not an email address. My suggestion goes towards checking in the database the user with the given Email and use its Username as the input for the login action.
The default screen has the label email address but indeed it will be used as the username. You can change the label to username or apply the aforementioned logic.