{"login": "manager","password": "l3tm3in"}

{"login": "OpsAdminLimited","password": "OpsAdminLimited"}


LICENSE / ONBOARDING

TODO: auth route if not licensed at all (not merely expired, but non-existent) then only manager account can login, no one else
	(because there could be other users somehow but no license)

todo: notify/hello route should no longer return false for trial true for not but instead:
	Return a license state enumeration value
		0 = No license at all of any kind
		1 = trial license key
		2 = purchased license key
	Note: this has nothing to do with whether there is an active license or not, merely that it's of a type
	this is so client can display appropriate UI

todo: Trial request data needs a home in the db and not be erased when data erased so that it can be re-requested without refilling out the form
	Regto name
	email address
	Country
	City
	etc we had before maybe






TODO: restrict server so randos can't login since the client now has all the logins helpfully pre-loaded on it
	not sure how to do that and still support phone via cellular network or other people's wifi from logging in
	Firewall settings I guess of some kind or maybe require a manual edit to the password, like add a 1 to the end of all of them or something?


todo: OPS notification created for failed jobs
	also maybe direct immediate email bypassing generator?
	Add backup fail to this will stub out for now

todo: (BREAK THIS OUT INTO LATER/NOW/CASES) there are several outstanding AUTHENTICATION related cases in rockfish for RAVEN
	e.g. https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1924
	https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1835
	https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1998 <---this is an important case for consideration
	https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3367 <--time limited accounts for support or temporary access?
	https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/2059 <--- time restricted accounts so user can only login during business hours (still to be considered)
	2fa stuff, some logging and lockout stuff
	Go through the auth related cases and notes in client side and implement or close
	todo: 2fa? (if not in first release, is there something needed to support it in future dbwise?)
	todo: Auth Backdoor reset password feature
		how to code it here, pretty easy to do:
		https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3250
todo: Look into 2fa
	https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3395
todo: look into how to use an SSL certificate with the RAVEN server directly when not behind nginx
	https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?view=aspnetcore-3.1
	- this should be supported by default out of the box working with Let's encrypt ideally
	- is it now considered ok to host .net core web api directly internet facing?
todo: onboarding and default manager account password
	- Need to come up with a safety plan for this so people don't leave it at default
	- Maybe the very first thing required of a user is to change the password before any tasks can be performed
	- Server stays in safety lock until they set a password?
	- Or maybe a random password is generated on seeding and somehow provided to user through console or something?
	- Maybe an empty db if no other users can be set password only so no one has made a hidden backdoor user account before ops changes it?
	- maybe tied to license if licensed so they bring some info they have from rockfish / their license purchase or something?
	- don't want it to be onerous too much and have some very inexperienced users so...
	- see what other programs do, like our forum software

todo: API docs, make separate page for datalists and remove from api-response-format.md doc but put a reference link to it there.


TODO: When go to full beta trial for people to look at need it to handle simultaneous logins somehow
	maybe they get their own trial instance or something

	
MAYBE
todo: tag refcount
	Move this into a procedure, it's apparently quite slow now that I can see the metrics

todo: add backup master time out setting
	environment variable
	
todo: add switch somewhere to "automatic backup" so can turn off in event of externally done backup
		this will take backup processing out of the generator loop
		but keep the backup ui so even if external, can download the backup files

