admin/raven-client
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2021-03-11 18:06:38 +00:00
parent 6e924b5bc9
commit d1d2dd4814
1 changed files with 27 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
ayanova/devdocs/todo.txt
View File

@@ -184,12 +184,37 @@ todo: GetWorkorderSerial/name from leaf nodes
traverse up the tree and fetch the serial number
once coded fixup in purchaseorderbiz::getasync MIGRATE_OUTSTANDING bit
todo: research practicality of supporting SMS from server for things like notification and authentication 2fa
is it a service, a device, a library??
todo: 2fa is going to be an absolute must have pretty soon, look into what's involved again
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3395
Process:
SIGN UP
(copied a bit from digital ocean)
User settings has a SECURITY section where control 2fa stuff
user enables at which point a secret key for 2fa is generated and stored in the User account
user is redirected to a client form with the qr code displayed for teh secret
User gets QR code then displayed to sign up with auth software
User has to enter a valid code to save or enable 2fa fully otherwise it's not enabled if they cancel out
until the correct code is entered it will not be enabled yet
If user moves out of 2fa area without validating then it generates a new secret next time they go In
DISABLE
user goes to user settings->Security and click on disable 2fa button which is only enabled to click when the account has 2fa already enabled
this removes the 2fa secret from their account and sets 2fa off.
LOGIN
User logs in as normal, server checks if they have 2fa enabled
if no 2fa enabled then send back token as normal
if 2fa then send back response like "2faenabled:true"
also some kind of temporary one time short lived token (maybe the one already implemented for downloads but shorter) to show which user it is as they cannot use a token for the next step
client sees it's a 2fa and redirects to a page (or login page has a "dialog") to enter 2fa 6 digit code
temp token and 2fa 6 digit code is sent to a /verify route
if they match / pass then the normal token is sent back and login proceeds as normal
todo: tag search in picklist, does it support more than one tag? I forget
no, no it doesn't. Hmmm... fuck