admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2022-02-10 00:12:46 +00:00
parent bf4d90e7e7
commit 05f1ef176b
5 changed files with 78 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/8.0/ayanova/docs/ay-start-common-controls.md
View File

@@ -84,7 +84,7 @@ The Date control is used to display and choose dates without time. Dates are dis
AyaNova has two versions of the Date control available: the default is a "Material" theme date picker that will display and work the same on any device and the alternative is to use your browsers default system date picker.
Which one is used is controlled in [User settings](home-user-settings.md#user-browsers-standard-date-time-input-controls) "User browser standard date time input" setting.
Which one is used is controlled in [User settings](home-user-settings.md#use-browsers-standard-date-time-input-controls) "User browser standard date time input" setting.
#### Default "Material" date picker:
@@ -122,7 +122,7 @@ The Date and time control is used to display and choose dates and times as a pai
AyaNova has two versions of the Date and Time control available: the default is a "Material" theme date and time picker that will display and work the same on any device and the alternative is to use your browsers default system date and time pickers.
Which one is used is controlled in [User settings](home-user-settings.md#user-browsers-standard-date-time-input-controls) "User browser standard date time input" setting.
Which one is used is controlled in [User settings](home-user-settings.md#use-browsers-standard-date-time-input-controls) "User browser standard date time input" setting.
#### Default "Material" date and time picker:
@@ -290,7 +290,7 @@ AyaNova will accept input and display times in 12 hour clock AM/PM mode or 24 ho
AyaNova has two versions of the Time control available: the default is a "Material" theme time picker that will display and work the same on any device and the alternative is to use your browsers default time picker.
Which one used is controlled in [User settings](home-user-settings.md#user-browsers-standard-date-time-input-controls) "User browser standard date time input" setting.
Which one used is controlled in [User settings](home-user-settings.md#use-browsers-standard-date-time-input-controls) "User browser standard date time input" setting.
#### Default "Material" time picker:

28
docs/8.0/ayanova/docs/home-password.md
View File

@@ -2,28 +2,40 @@
This form is used to set the password of the currently logged in user.
## Authorization Roles required
This form is available to all users regardless of role.
## How to access change password
Change password is accessed from the [User settings](home-user-settings.md#set-login-password) Set login password menu option.
## How to use this form
Enter your login credentials and choice of new password and click save to make the change.
You can click on the eye icon to conceal your entry from onlookers.
## What is a secure password?
### What is a secure password?
### Long, not complicated
#### Long, not complicated
Current security industry best practices around passwords focus entirely on length and not complexity.
Current 2022 security industry best practices around passwords focus entirely on length and not complexity and AyaNova supports this by allowing any length of password and not requiring any special characters.
For the highest security ensure your password is as long as you can comfortably remember without writing it down. We recommend using a lengthy but easily remembered phrase as a password, for example a song lyric or a line from a poem that is 32 characters or more of words is currently very difficult to hack by brute force methods.
For the highest security ensure your password is as long as you can comfortably remember without writing it down.
We recommend using a lengthy but easily remembered phrase as a password, for example a song lyric or a line from a poem that is 32 characters or more of words is currently *extremely* difficult to hack by brute force methods.
There is no security advantage in modern practice to using mixed case, unusual symbols or numbers in your password.
It is far more secure to have a lengthy password of plain text than it is to have a shorter one with a mix of numbers and characters.
It is more secure to have a lengthy password of plain text than it is to have a shorter one with a mix of numbers and characters.
For example: this password `somewhereovertherainbowskiesareblue` is far more secure than this password `Ab3#@%5` and easier to remember without writing it down.
### Impersonal
#### Impersonal
Make sure you have nothing personal in your password such as a relative or pet's name or relative's date of birth etc.
## Password manager
### Password manager
Many people prefer to use a password manager utility and AyaNova supports this by allowing copy and paste in the password field, clearly identifying it as a password field in the HTML markup and including an "eye" icon that you can use to reveal or conceal the password as you enter it.
Many people prefer to use a password manager utility and AyaNova supports working with password managers by allowing copy and paste in the password field, clearly identifying it as a password type HTML field in the page markup so the password manager can autotype the values and including an "eye" icon that you can use to reveal or conceal the password as you enter it.

25
docs/8.0/ayanova/docs/home-tfa.md
View File

@@ -1,15 +1,26 @@
# Two-factor authentication
AyaNova supports Two-Factor authentication ("TFA") as an additional security measure for any User account. The first "factor" in TFA is the user name and password as normal, the second "factor" is a 6 digit passcode that changes every 30 seconds and is unique for every AyaNova User.
AyaNova supports Two-Factor authentication ("TFA") as an additional security measure for any User account. The first "factor" in TFA is the user name and password as normal, the second "factor" is a 6 digit one-time passcode that changes every 30 seconds and is unique for every AyaNova User.
Passcodes are generated in a 3rd party TFA App running on a device that you "link" to your AyaNova account.
Passcodes are generated in a 3rd party TFA App running on a device that you "link" to your AyaNova account. Typically this means a TFA app running on an Android or Apple iOS device.
Enabling TFA means that even if a login name and password were to be accidentally exposed a malicious user would still not be able to login unless they had that User's device with their TFA authentication app available. We strongly recommend all users enable TFA, including and specifically the SuperUser account.
Enabling TFA means that even if a login name and password were to be accidentally exposed a malicious user would still not be able to login unless they had that User's device with their TFA authentication app available.
If AyaNova can be accessed outside a private network, we **strongly** recommend all users enable TFA, in particular the SuperUser account and any User accounts with Business Administration roles.
## Authorization Roles required
This form is available to all users regardless of role.
## How to access Two factor authentication
TFA settings are accessed from the [User settings](home-user-settings.md#two-factor-authentication) two factor authentication menu item.
## Enabling TFA
Two-Factor Authentication is enabled from the "Two Factor Authentication" menu option in the form `Home -> User Settings` menu.
Due to the nature of TFA it is not possible for an Administrator to set this up on behalf of a User, it must be done logged in _as_ the User account with their device containing their TFA authentication App in hand.
Due to the nature of TFA it is not possible for an Administrator to set this up on behalf of a User, it must be done logged in _as_ the User account with their device containing their TFA authentication App at hand.
## Disabling TFA
@@ -21,7 +32,9 @@ A User with rights to edit other User accounts can disable TFA for any User from
There are many Two-Factor Authentication apps freely available for all device types. Here are some that have been tested with AyaNova specfically:
- [DUO](https://duo.com/product/multi-factor-authentication-mfa/duo-mobile-app)
- [Google Authenticator for IOS](https://apps.apple.com/us/app/google-authenticator/id388497605)
- [Google Authenticator for iOS](https://apps.apple.com/us/app/google-authenticator/id388497605)
- [Google Authenticator for Android](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2)
- [Microsoft Authenticator (IOS / Android)](https://www.microsoft.com/en-us/account/authenticator)
- [Microsoft Authenticator (iOS / Android)](https://www.microsoft.com/en-us/account/authenticator)
- [Authy](https://authy.com/)
These apps are all legitimate and widely used, however there are known cases of other malicious TFA applications so be careful and do some research if using one not on the list above.

46
docs/8.0/ayanova/docs/home-user-settings.md
View File

@@ -4,7 +4,19 @@ This form controls various settings for the currently logged in User and is avai
Administrators can also modify these settings on behalf of a User in the [User administration form](adm-users.md).
## Dark mode
## Authorization Roles required
This form is available to all users regardless of role.
## How to access user settings
User settings are accessed in the following ways:
- From the `Home` navigation pane `User settings` item
## Edit form
#### Dark mode
![dark mode](img/home-user-settings-darkmode.png)
![dark mode](img/home-user-settings-lightmode.png)
@@ -13,17 +25,17 @@ This setting is a toggle that switches between the standard light and alternativ
This is a local device setting only (not saved to the server) to allow for different themes when working with different devices in different settings.
## Translation
#### Translation
This setting is _required_ and controls which [translation](adm-translations.md) of AyaNova is used to display program text to the current logged in user.
The default value is "en" for English.
If you change the language setting here you must logout and back in for the changes to take effect.
## User email address
#### User email address
Optional setting for both reference purposes and also to save typing by being the default email address set in any new [Notification subscriptions](home-notify-subscriptions.md) created by this user.
## Map URL template
#### Map URL template
This setting controls which internet mapping provider to use for viewing addressible objects online on a map.
@@ -35,7 +47,7 @@ Several online mapping providers are provided for selection in the drop down box
You can also enter any url you wish in this field for specific needs not covered by the defaults.
### Map url format
##### Map url format
AyaNova expects one or two url's per provider separated with the following special sequence of characters: `<|>` to separate urls if there are two.
@@ -50,7 +62,7 @@ AyaNova will substitute the following tokens in the URL template before attempti
Use the preset examples as a reference if making your own custom url.
## Currency code
#### Currency code
AyaNova is a single-currency program, it assumes all currency values entered are for the same currency and values entered are stored at the server as Decimal numbers so this setting will affect how values are displayed and accepted for entry only, it has no relation to actual currency values or exchange etc.
@@ -58,22 +70,36 @@ The Currency Code controls how currency values are displayed and accepted for in
Some other common currency codes are: "EUR" - Euro, "GBP" - Great British Pound, "CAD" - Canadian dollar, "AUD" - Australian dollar.
## 12 hour clock
#### 12 hour clock
This _optional_ setting controls whether times are displayed and selected in 12 hour (AM/PM) format or 24 hour format. If not set it will be determined from the browser default language setting.
## Use browsers standard date time input controls
#### Use browsers standard date time input controls
This _optional_ setting switches between using the fixed "Material" theme date and time picker controls or the browser's native input controls.
This particular setting is _not_ stored at the server but is kept with the browser itself allowing Users to choose browser by browser the most appropriate input controls for their needs as each browser brand and platform vary widely in their support for date and time inputs.
## Override browser Language code
#### Override browser Language code
Optional settings to override the Language code used by the web browser by default. This should not need to be set in most cases.
See [Localization override](ay-start-localization.md) for details.
## Override browser Time Zone
#### Override browser Time Zone
Optional settings to override the Time zone from the devices default setting used by the web browser by default. This should not need to be set in most cases.
See [Localization override](ay-start-localization.md) for details.
### Menu options
In addition to the [common edit form menu options](ay-start-edit-forms.md#common-edit-form-menu-options) the User settings edit form also has these options:
#### Set login password
Opens the [change password form](home-password.md) to allow the user to change their own password.
#### Two Factor Authentication
Opens the [Two factor authentication form](home-tfa.md) to allow the user to set up two factor authentication for the strongest possible login security.
We strongly recommend the use of two factor authentication if AyaNova will be accessible from the internet, particularly for any higher security roles such as the SuperUser or Business Administration roles.

1
docs/8.0/ayanova/mkdocs.yml
View File

@@ -43,7 +43,6 @@ nav:
- 'Reminders': 'home-reminders.md'
- 'Reviews': 'home-reviews.md'
- 'User settings': 'home-user-settings.md'
- 'Translation': 'home-translation.md'
- 'Set password': 'home-password.md'
- 'Two factor authentication': 'home-tfa.md'
- 'Notification subscriptions': 'home-notify-subscriptions.md'