Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Roadmap 0.0.3 #4

Open
3 of 17 tasks
neokoenig opened this issue Jun 20, 2018 · 8 comments
Open
3 of 17 tasks

Roadmap 0.0.3 #4

neokoenig opened this issue Jun 20, 2018 · 8 comments

Comments

@neokoenig
Copy link
Contributor

neokoenig commented Jun 20, 2018
edited
Loading

To Do:

  • Ensure password isn't in top 100000 hacked password lists
  • Add Travis CI Support
  • Travis: Unit tests require DB; DB migrate can't access custom servername from CLI, so need to fix that first.
  • Protected 'superadmin' flag on accounts which can't be assumed etc

Maybe:

  • Add LDAP example?
  • Add some sort of Brute force attack mitigation
  • If login required to auth'd page, add an appropriate redirect after login
  • Possibly change AES encryption on cookie to be JWT?
  • Add OAuth/Twitter/Facebook, if time allows
  • 2FA Maybe (!)
  • Add JSON based API using Basic Auth/API Key
  • Add JWT Authentication (Will still technically use sessions as we can't mix and match in a single app, but would be an example of API Authentication)
  • Localisation / i8N?
  • Add http headers as per https://github.com/ddspringle/framework-one-secure-auth/blob/master/MyApplication.cfc#L94
@chapmandu
Copy link

I recently implemented this as a service for pwned password check

https://github.com/JayIsPainting/CFML_HIBP

@neokoenig
Copy link
Contributor Author

Cool. Might make a good plugin? Either that or I'll implement it directly. I'm warying of building in too many 3rd party dependencies though. My original idea was based on https://github.com/ddspringle/framework-one-secure-auth which just has a txt file(!) cached as an array for lookup.

@chapmandu
Copy link

It would be perfect as a plugin. I like HIBP as it's up to date, and I don't have to commit a huge txt file to my repo and keep it up to date.. but yeah, I get not wanting too many 3rd party services.

@neokoenig
Copy link
Contributor Author

I might add it in as an application level switch or something

@malpaso
Copy link

malpaso commented Jun 24, 2018

Would definitely like to see signup/login via Auth0 (JWT). Great app btw!

@MvdO79
Copy link

MvdO79 commented Jun 24, 2018

Thanks again for this app! Further checking it out, posting errors if I see them, and tomorrow translate to Dutch.

@openbizgit
Copy link

@malpaso Please have a look at this example ColdFusion AuthO : https://github.com/namitan/cf_auth0_sample

@neokoenig
Copy link
Contributor Author

Thanks @malpaso @openbizgit - I think what I might do is try and put most of the Auth0 functionality into a plugin, but then include the appropriate Authentication model/methods in the example app, so people can then chose how/if they want to use it. Thanks for the example - always useful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@neokoenig @malpaso @chapmandu @openbizgit @MvdO79