pdoauth's People
pdoauth's Issues
give application-specific data about user for applications
- the user id shown for the same user is different for different applications
- the user id shown for a user to an application should not change over time
- the email address shown for the same user should be different for different applications
- there should be a database table mapping email addresses provided for applications and the email address given by the user such that major MTAs could use it for mail routing
- for each application there is a list of assurances used by that applications
- the applications receive intersection(user's assurances, application's assurances)
- the applications do not receive credential data from the user
- the applications do not receive the hash of the user
- the applications do not receive anything beyond mapped email address, mapped user id and filtered list of assurance names
use anchor
For each of the hash entry fields it should be possible to use anchor to get the hash.
integrationtests for multiple browsers and versions
see BrowserSetup for a first stab at the needed infrastructure.
for chrome, you have to change ~/.pki/nssdb for different keysets.
logout on the UI
the UI should use the logout functionality in #21
the UI should have a record/update hash functionality
to use #6
adding credential on the UI
the UIshould use the credential addon functionality in #27
version and change log in documentation
The generated documentation should contain the version and the changelog obtained from git.
logout functionality
/logout should log the user out
credential removal from the UI
the UI should use the credential removal functionality of #28
twitter authentication
It should be possible to register and login for twitter.
We should make sure that Tompika can easily use our system, and learns how consultation should be done.
password reset email or reset answer should contain the identifier for the password we change
mixed user content
When served on https (as it should be), jquery does not load because it comes from a plain http uri.
The default make target should download the needed external components to ./static, and the static html should reference it from there.
assurancetool should list assurances either by email or by assurance name
--list-by-email listst the asurances for the user with the given email address
--list-by-assurance listst the users for the given assurance
--list-assurers is a shortcut for --list-by-assurance assurance.
--list-by-hash lists the assurances for the user with the given hash
facebook based registration/authentication
registration and authentication should be possible using facebook
credential management
When the user is not logged in, there are possibilities for each of the login methods
- to login
- to register
When the user is logged in
- the login possibilities are hidden
- one logout possibility is shown depents on #21 #30
- a deregistration possibility is shown depends on #26 #31
- registration possibilities became "add credential for " . depends on #27 #32
- for each registered credentials - minus the one actually used - there is a clear possibility. depends on #28 #33
When a user tries to register/add a credential already existing for another user, it is offered to login as the other user and (deregister/clear the credential)/register the credential as the other user.
deregistration in the UI
the UI should use the deregistration functionality in #26
ssl certificate
It should be possible to generate an ssl certificate for authentication purposes.
See also #8
password reset
should be possible to get a password reset email with a password reset link
ssl authentication
1.) It should be possible to record an ssl certificate fingerprint as a credential
2.) It should be possible to login using a certificate with the recorded fingerprint
See also #9
new user story
I am a new user trying to authenticate to one of the applications served by PDOauth.
I click the "login" button there, get redirected to pdoauth. When it turns out that I am not yet registered, I register, and the login process continues until I am able to login to the served application.
Integration test should confirm this behaviour.
error branches in javascript
Some error cases are not nicely handled in javascript.
proxy email
the email verification email should be resendable
making an install guide
deregistration
it should be possible to unregister
screenshots should be included in the documentation
Maybe an annotation could be created which names the screenshot file.
The screenshot function would take the filename from it.
The xslt could be modified to obtain the screenshot path from the annotation, and insert the picture.
interfaces are missing from documentation
the name of the annotation have changed...
logging
Logging policy should be defined, and logging should be implemented according to that.
csrf cookie collision
Sometimes there are multiple csrf cookies with different paths.
csrf cookie domain is set to the fqdn from BASE_URL
csrf cookie path is set to /
test heisenbug
There is a heisenbug in the testing. It finds assurances for users who should not have one.
It is most probably related to collision of email addresses when testing model objects.
the user can figure out the email check uri from credential output
The whole main div is copied into the messages div if an error occurs
Például, ha kijelentkezel, amikor nem is vagy belépve
document architecture
Using Archimate, so that a html document can be created and automated analysis of the architecture and its correlation with source code can be done.
ssl login and logout
- there is a SSL_LOGIN_BASE_URL config option containing the base url of the site with the optional_no_ca config
- there is a BASE_URL config option containing the plain ssl (no cert asked) base url
- there is a SSL_LOGOUT_URL config option pointing to a location which is set up with SSLVerifyClient require and SSLVerifyDepth 0 within SSL_LOGIN_BASE_URL
- there is a START_URL config option which contains the starting point useable for unregistered and/or not logged in user
- the unauthorized handler redirects to START_URL?next={request.url}
- the ssl login button on the UI redirects to the same url with BASE_URL changed to SSL_LOGIN_BASE_URL and hits ssl_login
- the logout button hits BASE_URL/logout, and leaves the user at START_URL
the text of the email verification and password reset emails should be configureable
And html...
Wordpress Oauth plugin/settings to use PDOauth
There should be a WordPress plugin which is able to use PDOauth.
To ensure that our implementation is standards compliand, it would be good if we could see that it works with an existing plugin.
hash collision resolving
1.) When an assurer wants to add an assurance for a user with hash and without email, and there are multiple users with that hash, then an error is signaled.
2.) When an assurance added with hash and email, and there is another user with the same hash, the hash from the other user is deleted.
3.) When a hash is registered which is already used by another user:
a) the user is notified about the fact
b) if the other user have non-automatic assurances (i.e. not emailverification), then the hash is not registered
assurance added by hash
when adding an assurance, hash should be sufficient to identify target user
do not give out email address to the applications until the email is not verified
google+ authentication
It should be possible to register and login using google+
clear credential
a user can clear its own credentials
the credential used for login cannot be cleared
documentation site
A documentation site should be set up (maybe github.io), where the generated documentation gets refreshed in the travis build.
firefox tracking protection makes facebook login/registration unuseable
Unit test class names in the documentation
The unit test class names should be converted from camelcase to plain sentences.
magyarázatok a demo felületen
password policy
There should be a password policy set, and enforced accross the application.
more tests
There are areas which are not tested deep enough. More tests - especially input validation ones - are welcome.
adding credential
a logged in user can add credentials
record hash
It should be possible for an already registered user to record/chage the hash
the user should be able to blacklist applications
- the user should be able to view the list of applications
- the application list should include for each application whether the user have ever logged in to it
- the user should be able to disable each application for herself
- if the application is disabled for the user, then if it asks for user info it will receive a message denoting it, and no user information
- if the application is disabled for the user, then the email address previously shown to the application for the user will be routed to /dev/null
- the user can discontinue disabling an application
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.