GithubHelp home page GithubHelp logo

fingerprint's Introduction

##Fingerprint

Fingerprint allows you to create a fingerprint of the hidden inputs for a given form, ensuring that users do not change the values of the hidden inputs prior to submitting the form.

##Usage

Fingerprint works with Symphony section events. Custom events that do not invoke the frontend delegate EventPreSaveFilter will not work and be ignored.

  1. Enable the extension.
  2. Set a long and random secret under Preferences.

If the fingerprint upon form submission fails to match the fingerprint created at page creation, the filter messages array will be populated and cause the event to fail.

<filter name="fingerprint" status="failed">Fingerprint does not match.</filter>

Note: hidden input values must be generated via XSLT. Hidden inputs added or changed with JavaScript will cause the event to fail.

Example Use Cases

Fingerprint allows you to do the following things without worrying about users altering values and tampering with a form:

  1. Calculate shopping cart prices/totals via XSLT and pass them as a hidden input to the payment processor.
  2. Use in conjunction with the Members extension to ensure users do not change their role or attempt to edit another entry.
  3. Use in conjunction with the Stripe extension to ensure information sent to Stripe is not altered by the user.

fingerprint's People

Contributors

lewiswharf avatar nils-werner avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

davidezavattero colinbrogan

fingerprint's Issues

Make it works with section event?

I've tried to get it works with "section event" without succes. There is a way to make it possible?

I'm not sure to have understand the part: "Fingerprint works with Symphony section events. Custom events that do not invoke the frontend delegate EventPreSaveFilter will not work and be ignored."

How to calculate a values from XSLT

I'm assuming that the value of the hidden inputs are suppose to be sha1 encoded strings using the random private key set in symph preferences? If so, how does one generate these values with XSLT? I was thinking there would be some xpath functions for SHA1, or maybe some xslt utility that does it for you, but I find no such thing. This is a really interesting extension, but I'm clueless about how to get this thing to work.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.