-
Notifications
You must be signed in to change notification settings - Fork 362
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] feat: add authentication #97
[WIP] feat: add authentication #97
Conversation
This is great. I've had this planned for quite some time but never got to it because of the scope. Two items to note:
As for UI, I have no objections as long as it maintains simplicity and is consistent with the theme.
We support expire (deletion of the password) but not deletion of the entire record so that secret URLs can still show expired state. Then to add:
So far it looks great. I'll take another look at the code again as this progresses. |
We will also need a configuration option to make authentication required or optional per #84 . I can add this also after the fact if needed. |
@pglombardo Ok, there you have a little update:
Here you have the password list for a user And there you have the list of views for a particular password NB: The last screenshot is exactly the same for Functionality ScopeI think making this work with the API is out of the scope of this PR, this functionnality is already big enough in my opinion. Next StepNow the question is, what do you think of this? |
This is great progress @JulienAmoros. Give me a bit to free up some time and catch-up. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few changes/fixes requested.
Agree
Cool - we can address this afterwards.
♪┏(°.°)┛┗(°.°)┓┗(°.°)┛┏(°.°)┓ ♪ I think the approach is perfect - minimalist and functional. We can touch up as things progress.
Agree - post merge I'll likely do some touch ups and move some of that stuff off of the main page. |
t.datetime :current_sign_in_at | ||
t.datetime :last_sign_in_at | ||
t.string :current_sign_in_ip | ||
t.string :last_sign_in_ip |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pglombardo Should I leave this trackable part or not if we actually want to know the fewest about users?
1bf9a71
to
2481a92
Compare
Hey @pglombardo !
And here are new questions:
Also, I rebased on you master branch. I look forward for your answer 😄 |
Hi @JulienAmoros - So sorry that I've been late in replying to this... #startuplife. I'm going to run through some testing locally on this and will post back here this week. |
Took a look at this last night. There might be a problem with the migrations as it says no
Trackable should go away if possible or later on if it's easier.
It's fine to drop/recreate the users table since we weren't using it anyways. I'll retry this weekend and before this upgrade, we'll test it on more dbs, have backups just in case. Most important is that pre-existing URLs still work. If just users table, the risk is low to none.
I would say yes with a note saying essentially the password is expired and no longer there - so we can still see view logs and have historical record.
Yes - same as above.
Not sure - I'll take a look but might not be necessary unless the info is incorrect/misleading.
If they have no future, I would delete. If future features may use them, then it doesn't hurt to leave them in. Aiming also for simplicity for other potential contributors - so judgement call.
I would say yes to this. Also as long as we don't break any users upgrading from very old versions. |
What happened with this? |
@cb3inco Hi, I never took the time to finish this. But if you want to take over, don't hesitate 😃 |
Oh no worries. I'm by no means a developer, just an app user. Unfortunately I won't be of much help. 😢 |
After > 3 years this is now done/implemented and live on pwpush.com. Thanks @JulienAmoros for taking a shot at this! |
🚧 WIP - Add authentication
Description
This PR purpose is to add devise in order to link new passwords with connected user in order to be able to retreive a password link, expire or delete password.
Changelog
passwords
action to see your passwords (when being connected)User stories:
AS a user, I WANT to be able to see previously created passwords SO THAT I can retreive a lost link.
AS a user, I WANT to be able to see previously created passwords SO THAT I can expire some.
AS a user, I WANT to be able to see what IPs/UAs viewed a particular password that I pushed.
Migration
YES
Looks like there where already Devise installed long time ago, I decided to drop corresponding table to regenerate Devise model.
Notes
/users/sign_up
/users/sign_in
config/initializers/devise.rb
to make proper setupconfig/secrets.yml
, you will have to add this env var on production:SECRET_KEY_BASE
TODO
sign_up
/sign_in
Questions
@pglombardo
Can you give me your opinion about: