Developers
 
Library Developer Home Web Appearance Customising Reports APIs Primitives OpenAPI eLink O3 DataRead Realtime SSE Levels Online Services xyz.online.fielpine.com Zone Stock Levels
Worked Examples Customer Signup Detailed Guides Login Pages Tips & Tricks Database Override POS UI Cheatsheet

Custom Login Pages

You can create your own login pages for the following situations to replace the Fieldpine default versions. As login pages are generally available to all without being logged in, this allows you to customise branding. You cannot override the security controls required by Fieldpine, only how you collect details.

  • The login page for a Fieldpine One account, such as Example Store
  • Login pages used by self hosted Store Servers. ie The pages seen by staff, customers, suppliers when they connect to any public facing pages you may have opened to the internet
  • Internal login pages for you LAN/Intranet

As always, Fieldpine is not concerned with your selection of frameworks, CSS or HTML, you may use whatever you wish. We are only interested in the flow of data over APIs

This page is not yet complete and is still being written and expanded

Simple Version

In the simplest form, you need to collect a username and password. This is then submitted to the authorisation url

Collect Username and Password ---» Submit to login URL ---» Redirect to homepage 
var send = {
	Name: myForm.UserName.value,
	PassPlain: myForm.Password.value,
	Realm: 'site'
};

document.getElementById("status").innerHTML = " Checking";

fetch("/login", { body: JSON.stringify(send), method: 'POST', headers: { 'Content-Type': 'application/json' }})
.then( function (resp) { return resp.json(); })
.then(function (dx) {
    var d = dx.data;
    if (d.valid !== 1) {
        document.getElementById("status").innerHTML = " Login Failed";
        var o = document.getElementById("ln");
        if (o) o.focus();
        return;
    }

    document.location = d.HomePage;
});

Notes

  • Obviously, this exchange should all happen over HTTPS secured connections.
  • The "realm" given in the JSON helps the server understand which area you are broadly trying to authenticate against. In this case "site" means general access to Fieldpine application.
  • The URL "/login" is an endpoint defined in the firewall. The firewall remaps that URL to the actual internal endpoint. We recommend that you call it something less common to protect against bulk scanning robots. For example "/bobslogin" rather than simply "/login"
  • Login Processes do not automatically redirect to a homepage. You must explicitly redirect using Javascript. This is by design to allow login pages to save return details to SessionStorage or other places. It also verifies Javascript is enabled.
  • This simple version is intended to be simple for documentation purposes. You should expand this to include protection against various attack methods

Handling 2FA

When 2FA is required for an account the flow changes to require the 2FA before you can login

Collect Username and Password ---» Submit to login URL ---» Please collect/submit 2FA ---» Submit to login URL ---» Redirect to homepage
Or (rare, special cases)
Collect Username, Password and 2FA ---» Submit to login URL ---» Redirect to homepage

Notes

  • Depending on server side options, you might receive a "please collect 2FA" even though the initial user/password are invalid.

Sending Encrypted Passwords

TBS

Login NONCE and Replay Attacks

TBS