Integrating User Authentication in Your Qodly Applications



Tips

In this week’s blog, we will focus on the crucial topic of authentication. To illustrate our discussion, we will use the example of an application designed for writing annual performance reviews for employees. This application enables users to securely access their accounts by authenticating with their email and password.

Performance Review Application

Authentication Overview

Authentication is a cornerstone of any web application, ensuring that only authorized users can access sensitive information or perform specific actions. In our example, the login process is simple yet effective, demonstrating how 4D Qodly Pro handles authentication securely and efficiently.

The Login Process

The login form is located on the “login” page and consists of:

  • Two input fields: linked to the datasources email and password.
  • A “Sign in” button: triggers the authentication process.

 

This is a login page for a "Performance Review" system. The design is split into two sections: * Left Side (Red Background) Displays the Performance Review title with an icon of a building and a person. * Right Side (White Background) Contains a "Welcome!" message. Two input fields for Email and Password, with the password field having an eye icon to toggle visibility. A "Forgot your password?" link. A red "Sign in" button for user authentication.

In Qodly Studio, other prebuilt form templates for login functionality are available in the dedicated templates section. These templates can be customized to suit your application’s specific requirements.

Function: authentify()

When the user clicks on the “Sign in” button, the function “ds.authentify()” is called with the email and password as parameters.

The OnClick function in this UI is set up to authenticate a user when they click a button. Here’s how it works: 1. Event Trigger * The function is executed onClick of the button. 2. Function Call * Calls an exposed function named ds.authentify, which likely handles authentication. 3. Parameters Passed * email (Text) → Taken from the page input. * password (Text) → Also taken from the page input. * pageName (set to "app") → Likely specifies which page or context the authentication is for. 4. Result Handling * The function returns a result (Text), which could be used to verify if authentication was successful.

The user’s information, such as email and password, is stored in the database within the “Employee” table. In the “authentify()” function, a simple database query is performed to verify the information.

Here is a code to illustrate this process:

exposed Function authentify($email : Text; $password : Text) : Text
 $employee:=This.Employee.query("Email = :1"; $email).first()
 If ($employee#Null)
  If (Verify password hash($password; $employee.Password))
   Session.setPrivileges("user")
   Web Form.setMessage("Authentication successful")
  Else
   Web Form.setError("Authentication failed")
  End if
 Else
  Web Form.setError("Authentication failed")
 End if

Managing User Privileges

Before authenticating a user, it’s vital to restrict access to sensitive data and functions. This security is ensured by privilege management.

First, we have a privilege labeled “none,” which possesses all rights to the data source (ds), ensuring comprehensive access to the database. Notably, this privilege is not assigned to any user, thus maintaining a secure environment. When rights are granted to one privilege, they are automatically revoked from all others, effectively securing the system.

This screenshot shows a privilege management interface where a set of permissions are assigned to a data source (ds). Read: Allowed Create: Allowed Update: Allowed Delete: Allowed Execute: Allowed

Then, we added a privilege called “authentify”. The permission “promote” is assigned to the function “ds.authentify()”. This means that whenever this function is called, the “authentify” privilege is automatically applied.

Then, we ensure that the required permissions for authentication are added to the relevant dataclass or functions in use. For our example, we assign “Read” and “Execute” permissions to the “Employee” dataclass.

Assigned permissions to ds.authentify Read: Enabled Create: Disabled Update: Disabled Delete: Disabled Execute: Disabled Promote: Enabled Assigned permissions to Employee Read: Enabled Create: Disabled Update: Disabled Delete: Disabled Execute: Enabled Promote: Disabled

Finally, we activate the “Force login” option. This option allows you to control the number of opened web sessions that require 4D Client licenses. You can also logout the user at any moment to decrement the number of retained licenses.

This multi-layered privilege system helps prevent unauthorized access and ensures secure operation of the application.

To learn more, check out our blog post: Force Login Becomes Default for all REST Auth.

Adding a Logout feature

To enhance user experience and security, it’s important to provide a logout option. In our example:

  • A Logout button is placed in the upper-right corner of the “Main” page.
  • The “logout” action is added to this button in the “On Click” event.

 

Assigned permissions to ds.authentify Read: Enabled Create: Disabled Update: Disabled Delete: Disabled Execute: Disabled Promote: Enabled Assigned permissions to Employee Read: Enabled Create: Disabled Update: Disabled Delete: Disabled Execute: Enabled Promote: Disabled

This allows users to securely end their session, clearing any active privileges and protecting sensitive data.

Next Steps

Authentication and privilege management are fundamental to building secure web applications. To further explore the capabilities of authentication and privilege management, consult the following resources:

 

We encourage you to try implementing these concepts in your own applications. Have questions or insights? Join the discussion in the forum or share your feedback in the comments below. Stay tuned for the next article in our series!

Discuss

Tags , , , , , ,

Vanessa Talbot
• Product Owner •Vanessa Talbot joined 4D Program team in June, 2014. As a Product Owner, she is in charge of writing the user stories then translating it to functional specifications. Her role is also to make sure that the feature implementation delivered is meeting the customer need.Since her arrival, she has worked to define key features in 4D. She has worked on most of preemptive multi-threading new features and also on a very complex subject: the new architecture for engined application. Vanessa has a degree from Telecom Saint-Etienne. She began her career at the Criminal Research Institute as a developer for the audiovisual department. She has also worked in media and medical fields as expert in technical support, production as well as documenting new features.