109 lines
5.1 KiB
Plaintext
109 lines
5.1 KiB
Plaintext
{"login": "manager","password": "l3tm3in"}
|
|
|
|
{"login": "OpsAdminLimited","password": "OpsAdminLimited"}
|
|
|
|
|
|
LICENSE / ONBOARDING
|
|
|
|
TODO: auth route if not licensed at all (not merely expired, but non-existent) then only manager account can login, no one else
|
|
(because there could be other users somehow but no license)
|
|
|
|
todo: notify/hello route should no longer return false for trial true for not but instead:
|
|
Return a license state enumeration value
|
|
0 = No license at all of any kind
|
|
1 = trial license key
|
|
2 = purchased license key
|
|
Note: this has nothing to do with whether there is an active license or not, merely that it's of a type
|
|
this is so client can display appropriate UI
|
|
|
|
todo: Trial request data needs a home in the db and not be erased when data erased so that it can be re-requested without refilling out the form
|
|
Regto name
|
|
email address
|
|
Country
|
|
City
|
|
etc we had before maybe
|
|
|
|
|
|
|
|
todo: Rockfish
|
|
NOTE: this comes *from* RAVEN, not directly from client to Rockfish
|
|
trial request route
|
|
Post contact information and dbid
|
|
if previously exists then checks if email changing
|
|
or if not previously exists
|
|
Validates email independently
|
|
They need to click on a link to verify their email address
|
|
|
|
|
|
todo: rockfish - Email verification route NOTE: used by RAVEN, not directly from client to Rockfish
|
|
validates email already in customer trial account
|
|
triggers notification to *US* at our email address(s) that a new trial has validated email address ready for approval / rejection
|
|
|
|
todo: rockfish UI list of trial requests open and their state
|
|
email verified or not
|
|
We click a button to accept or reject and can enter additional note for either
|
|
Rockfish sends a reply to user either saying they are accepted or rejected with note inserted
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TODO: restrict server so randos can't login since the client now has all the logins helpfully pre-loaded on it
|
|
not sure how to do that and still support phone via cellular network or other people's wifi from logging in
|
|
Firewall settings I guess of some kind or maybe require a manual edit to the password, like add a 1 to the end of all of them or something?
|
|
|
|
|
|
todo: OPS notification created for failed jobs
|
|
also maybe direct immediate email bypassing generator?
|
|
Add backup fail to this will stub out for now
|
|
|
|
todo: (BREAK THIS OUT INTO LATER/NOW/CASES) there are several outstanding AUTHENTICATION related cases in rockfish for RAVEN
|
|
e.g. https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1924
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1835
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1998 <---this is an important case for consideration
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3367 <--time limited accounts for support or temporary access?
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/2059 <--- time restricted accounts so user can only login during business hours (still to be considered)
|
|
2fa stuff, some logging and lockout stuff
|
|
Go through the auth related cases and notes in client side and implement or close
|
|
todo: 2fa? (if not in first release, is there something needed to support it in future dbwise?)
|
|
todo: Auth Backdoor reset password feature
|
|
how to code it here, pretty easy to do:
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3250
|
|
todo: Look into 2fa
|
|
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3395
|
|
todo: look into how to use an SSL certificate with the RAVEN server directly when not behind nginx
|
|
https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?view=aspnetcore-3.1
|
|
- this should be supported by default out of the box working with Let's encrypt ideally
|
|
- is it now considered ok to host .net core web api directly internet facing?
|
|
todo: onboarding and default manager account password
|
|
- Need to come up with a safety plan for this so people don't leave it at default
|
|
- Maybe the very first thing required of a user is to change the password before any tasks can be performed
|
|
- Server stays in safety lock until they set a password?
|
|
- Or maybe a random password is generated on seeding and somehow provided to user through console or something?
|
|
- Maybe an empty db if no other users can be set password only so no one has made a hidden backdoor user account before ops changes it?
|
|
- maybe tied to license if licensed so they bring some info they have from rockfish / their license purchase or something?
|
|
- don't want it to be onerous too much and have some very inexperienced users so...
|
|
- see what other programs do, like our forum software
|
|
|
|
todo: API docs, make separate page for datalists and remove from api-response-format.md doc but put a reference link to it there.
|
|
|
|
|
|
TODO: When go to full beta trial for people to look at need it to handle simultaneous logins somehow
|
|
maybe they get their own trial instance or something
|
|
|
|
|
|
MAYBE
|
|
todo: tag refcount
|
|
Move this into a procedure, it's apparently quite slow now that I can see the metrics
|
|
|
|
todo: add backup master time out setting
|
|
environment variable
|
|
|
|
todo: add switch somewhere to "automatic backup" so can turn off in event of externally done backup
|
|
this will take backup processing out of the generator loop
|
|
but keep the backup ui so even if external, can download the backup files
|
|
|