This commit is contained in:
@@ -184,12 +184,37 @@ todo: GetWorkorderSerial/name from leaf nodes
|
|||||||
traverse up the tree and fetch the serial number
|
traverse up the tree and fetch the serial number
|
||||||
once coded fixup in purchaseorderbiz::getasync MIGRATE_OUTSTANDING bit
|
once coded fixup in purchaseorderbiz::getasync MIGRATE_OUTSTANDING bit
|
||||||
|
|
||||||
|
todo: research practicality of supporting SMS from server for things like notification and authentication 2fa
|
||||||
|
is it a service, a device, a library??
|
||||||
|
|
||||||
|
|
||||||
todo: 2fa is going to be an absolute must have pretty soon, look into what's involved again
|
todo: 2fa is going to be an absolute must have pretty soon, look into what's involved again
|
||||||
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3395
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3395
|
||||||
|
|
||||||
|
Process:
|
||||||
|
SIGN UP
|
||||||
|
(copied a bit from digital ocean)
|
||||||
|
User settings has a SECURITY section where control 2fa stuff
|
||||||
|
user enables at which point a secret key for 2fa is generated and stored in the User account
|
||||||
|
user is redirected to a client form with the qr code displayed for teh secret
|
||||||
|
User gets QR code then displayed to sign up with auth software
|
||||||
|
User has to enter a valid code to save or enable 2fa fully otherwise it's not enabled if they cancel out
|
||||||
|
until the correct code is entered it will not be enabled yet
|
||||||
|
If user moves out of 2fa area without validating then it generates a new secret next time they go In
|
||||||
|
|
||||||
|
DISABLE
|
||||||
|
user goes to user settings->Security and click on disable 2fa button which is only enabled to click when the account has 2fa already enabled
|
||||||
|
this removes the 2fa secret from their account and sets 2fa off.
|
||||||
|
LOGIN
|
||||||
|
User logs in as normal, server checks if they have 2fa enabled
|
||||||
|
if no 2fa enabled then send back token as normal
|
||||||
|
if 2fa then send back response like "2faenabled:true"
|
||||||
|
also some kind of temporary one time short lived token (maybe the one already implemented for downloads but shorter) to show which user it is as they cannot use a token for the next step
|
||||||
|
client sees it's a 2fa and redirects to a page (or login page has a "dialog") to enter 2fa 6 digit code
|
||||||
|
temp token and 2fa 6 digit code is sent to a /verify route
|
||||||
|
if they match / pass then the normal token is sent back and login proceeds as normal
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
todo: tag search in picklist, does it support more than one tag? I forget
|
todo: tag search in picklist, does it support more than one tag? I forget
|
||||||
no, no it doesn't. Hmmm... fuck
|
no, no it doesn't. Hmmm... fuck
|
||||||
|
|||||||
Reference in New Issue
Block a user