Config - dfryan/dreamfactory GitHub Wiki

CORS Access

Cross Origin Resource Sharing (CORS) permits browsers to make AJAX requests cross-domain.

To Enable CORS Access in your DreamFactory instance:

1. Click Config in the navigation menu.
2. Under the CORS Access section, click the New Host button.
3. In the Host name field you can enter the wildcard * to allow access from all hosts. The Hostname or IP address can also be entered.
4. If you want to restrict which HTTP Verbs can be used by the remote server, check the appropriate boxes.

For more information on CORS support, read HTTP access control (CORS) on the Mozilla Developer Network.

Guest Users

There may be some functionality in your app that you want to make available to everyone. In this case, we have a configuration specifically for that purpose, it is called Guest Users. Again, in the Config module of the Admin Console, there is a place to allow guest access, and to assign the "guests" a specific restrictive access role. Once enabled, you will see that when accessing your DreamFactory instance, you are not immediately met with a login prompt, but the Sign In button, and optionally a Create Account button). These buttons allow returning users to gain access with their assigned, restricted access role.

Open Registration Open Registration allows users to sign up to be DreamFactory users, and to access your app and services. A developer will still be able to identify all of the DreamFactory users, and to control their access via roles.

To enable Open Registration:

1. A system administrator logs into DreamFactory, and goes to the Admin Console by clicking the gear icon in the upper tool-bar.
2. Select the Config module from the left-side navigation menu.
3. Check the Allow open registration" checkbox.

Once selected, the admin will see the option to assign every new user who comes in through the registration process a default role. You will want to limit what the users can do at first, and then possibly upgrade them later to a different role that allows greater access.

After these steps, refresh the Launchpad view and you will see a new Create Account button. Click this button to display an Account Signup page.

By default, when Open Registration is enabled, email validation for registration is disabled. This means that the user who wants to sign up gives their email address, other information, and password all at one time without any kind of verification. This is useful when you don't really care if the email/username is a valid email or not. In most cases, especially where the email address is used for other contact purposes, you will want to validate the email address given. To do this, go back to the Open Registration configuration and see the "Select an email service..." section. Select an email service from the drop down list.

Note that a default email service comes with your DreamFactory instance, but you may wish to add or change its configuration to meet your needs. See our documentation for Services options. The system comes with a default email template internally. Custom email templates can be created using the custom email templates under the Admin Console, Config module.

With this configuration, initially no password is required. Once registered, an email is sent, if following our template guidelines, with a confirmation code and a link to a confirmation page where that code will be entered along with the desired password for the account.

Password Reset

Password resets are performed using a security question-and-answer setup that can be set via a user's profile (see the user icon on the LaunchPad bar once logged in). If you would like a more secure way to handle password resets, you can enable email confirmation by selecting an email service, and optionally a template.

To initiate a password reset in the sign-in dialog box, type in your email address and click the Forgot Password button

Like registration, an email is sent with a link, and a confirmation code. Enter the code, and a new password to reset the existing password.

As with many websites today, sometimes it is easier if someone else handles the user confirmation and password maintenance, like the most popular social or enterprise websites. For these cases, DreamFactory can be configured to allow access via an OAuth service. This is currently tied to Open Registration being activated. Once provisioned, your allowed OAuth services will show up on the login screen. For more information on OAuth provisioning, see this blog.