PLANNING ISSUE: Multi party authentication

[SidharthBansal]

This is the checklist for the OAuth Login

Implementation common to all providers

• Add omniauth gem Added omniauth gem and facebook-omniauth gem #2381
• Add fiagro gem Oauth routes, figaro and config/initializers file updates #2531
• Install Openssl Openssl added for https #2745
• Make localhost work under https connection Openssl added for https #2745
• Write Documentaion for openssl Openssl added for https #2745
• Write Documentation for omniauth and related gems Documentation added for OAuth #2855 Documentation for OAuth #2848
• Define routes Oauth routes, figaro and config/initializers file updates #2531
• Modify UserTag to acts as identiy model User should not be able to create Oauth based user_tags #2737 Added validation errors #2639
• Add OmniAuth Capability to User Model Google Authentication  #2771
• Link provider to a user Google Authentication  #2771
• Delete provider from a user Google Authentication  #2771
• User_controller update Google Authentication  #2771
• User_session_controller update - Google Authentication  #2771
• Wiki Page https://publiclab.org/oauth

Google Provider

• Add omniauth-google-oauth2 gem Google Authentication  #2771
• Add OmniAuth Configuration to initializer Google Authentication  #2771
• OAuth testing hash Google Authentication  #2771
• Write user session controller tests for the login through Google Google Authentication  #2771
• Write integration tests for the login through Google Google Authentication  #2771
• Set up developers app (discussion in Google Authentication  #2771)
• Docker file changes Google Authentication  #2771
• header OAuth user interface design on login screen #2866
• /profile/edit page Google OAuth edit profile view #2850
• login page Google OAuth login view #2851
• sign up page Google OAuth sign up view #2852

Github Provider

• Add omniauth-github gem Remaining gems added #2686
• Add OmniAuth Configuration to initializer Add OmniAuth Configuration to initializer for Github #2873
• Set up developers app Create Github OAuth App  #2856
• Docker file changes Docker changes made for Github Provider #2875
• OAuth testing hash Added OAuth hash for testing Github provider #2874
• Write user session controller tests for the login through Github User session controller tests for github provider #2915
• Write integration tests for the login through Github Integration tests added for Github Provider #2914
• header Github button for OAuth login #2975
• /profile/edit page Github button for OAuth login #2975
• login page Github button for OAuth login #2975
• sign up page Github button for OAuth login #2975

Twitter Provider

• Add omniauth-twitter gem Remaining gems added #2686
• Set up developers app Twitter Provider App Settings #2893
• Docker file changes Docker changes for the Twitter Provider #2947
• Add OmniAuth Configuration to initializer Twitter Provider Initializer changes #2948
• OAuth testing hash Omniauth hash for Twitter #2961
• Write user sessions controller tests for the login through Twitter User Session Controller tests for twitter #2962
• Write integration tests for the login through Twitter Integration tests for twitter #2963
• header OAuth Twitter Button #2986
• /profile/edit page OAuth Twitter Button #2986
• login page OAuth Twitter Button #2986
• sign up page OAuth Twitter Button #2986

Facebook Provider

• Add omniauth-facebook gem Added omniauth gem and facebook-omniauth gem #2381
• Set up developers app Facebook OAuth Settings #2867
• Docker file changes Docker changes done for fb #2960
• Add OmniAuth Configuration to initializer#2959
• OAuth testing hash Added fb test hash #2965
• Write user session controller tests for the login through Facebook User Session Controller tests for Facebook #2966
• Write integration tests for the login through Facebook Integration tests for facebook #2964
• header Facebook button for OAuth #2987
• /profile/edit page#2987
• login page Facebook button for OAuth #2987
• sign up page#2987

Handling Security Vulnerabilities

• Random Number for password field Password changed #3031 Password made safer #3071
• Introduction of Password checker field into user model Password checker field in OAuth Login #3032
• Uid field filter on profile page - only the admin and the user himself can see the usertag User Tag must be visible to admins or themselves #3038
• Uid field filter on profile page - only the admin and the user himself can see the usertag tests Tests for not displaying uid(WIP) #3139
• Trimming of the uid from the usertag when showed on profile page Uid made unvisible to client #3066
• Tests for above Tests for not displaying uid(WIP) #3139

Front End

• header OAuth user interface design on login screen #2866
• Login Page Shift the providers up on login page #3011
• Sign Up Page Shift the providers up on sign up page #3012
• Edit Page Shift Link to on edit page #3014

[jywarren]

wow i love this page 😆 ✅✅✅✅✅✅

[SidharthBansal]

@jywarren one way for #2676 (comment) is to have an additional field in the user_model. If a user makes an account on the public lab using the legacy authentication system then it is zero. If a user makes an account via google then it is one, fb=>2, twitter=>3, github=>4. If a user resets a password then this field is reset to zero. So, that way we can check while logging the user in if the username's field is non zero this imply he has not generated password even once.

Zero field indicates that the account password is generated by the user
Non zero field indicates the account password is not generated by the user yet.

Any other idea about this feature?

[SidharthBansal]

I am breaking the front end portion into sequential ftos. So that the I can focus on the other backend features

[jywarren]

Non zero field

This sounds interesting. Can you just walk through whether this could be achieved by looking at the password field itself, and the user tags, and explain to me if that would not be enough information to achieve this? I think I follow but just so we know we're understanding this the same way!

[SidharthBansal]

@jywarren please see #3032 for password_checker field conversation.
I have added few items to the checklist which we discussed on google hangouts.
Thanks

[SidharthBansal]

@jywarren is there any need to bcrypt the uid before storing in the db? I don't think there is a need.
I have added few items to the checklist on which I am working nowadays.
Also, is there any need to notify the user weekly or monthly that they have not set up there passwords yet OR can we just ignore this?
I think it will be frustrating for the clients to get weekly messages until they set up their passwords. There are many websites which enables you to log in and log out without notifying users via email to set passwords.

[jywarren]

Yeah, i think we can skip notifications, but display a note on their profile maybe?

…

On Tue, Jul 24, 2018 at 1:31 AM Sidharth Bansal ***@***.***> wrote: @jywarren <https://github.com/jywarren> is there any need to bcrypt the uid before storing in the db? I don't think there is a need. I have added few items to the checklist on which I am working nowadays. Also, is there any need to notify the user weekly or monthly that they have not set up there passwords yet OR can we just ignore this? I think it will be frustrating for the clients to get weekly messages until they set up their passwords. There are many websites which enables you to log in and log out without notifying users via email to set passwords. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#2676 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AABfJySJP9IIkeKGawcDHkxsKVWnrpWzks5uJrEZgaJpZM4Tru9Q> .

[SidharthBansal]

OK, I have updated the checklist according to your suggestions.
Thanks

[SidharthBansal]

@jywarren can we close this now?

[jywarren]

Yes! And congratulations!

[SidharthBansal]

Congrats to you to. And thanks for your help. You helped at each stage of the project. You are the best mentor @jywarren .
I will be learning Machine Learning and AI at my university in the current semester. Is there any project on PL where I can apply these, can learn and contribute?

[jywarren]

I wonder about a couple things --

1. could you use it to find related tags or related posts? Maybe for suggesting tags from the body text so tagging is more automated?
2. could you use it to try to make an image classifier, along these lines, that's web-based? https://publiclab.org/notes/warren/1-16-2012/clashifier-open-source-web-based-image-classification-prototype

[SidharthBansal]

Thanks. I like both of them. The first project seems to me beginner project. So, will like to take it if we need it. What do you suggest?

[SidharthBansal]

that's web-based?

@jywarren if we have anything different from RoR/web but ML and AI is involved, even then, I am happy to contribute. I love contributing to PL and learning things here. I want to increase my knowledge.
You know a lot of things. And I think you can guide me better than anyone else. Can you please think and tell if any other place we need it?

[jywarren]

well, we have had a long-term interest in trying "interest point finding and matching" -- i.e. "bundle adjustment" on MapKnitter, so that we may start to auto-match images against their background map, and/or against each other. It's a complex problem, but having a modular javaScript library for it would be amazing. Or, a web service for it so you submit 2 images and it sends back matched points.

…

On Mon, Aug 6, 2018 at 11:25 AM Sidharth Bansal ***@***.***> wrote: @jywarren <https://github.com/jywarren> if we have anything different from RoR/web but ML and AI is involved even then I am happy to contribute. I love contributing to PL and learning things here. I want to increase my knowledge. I am also interested in web/RoR. You know a lot of things. Can you please think and tell if any other place we need it? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#2676 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AABfJ3jn-VJS-aBlMrlXDiOQBWxQzrNSks5uOF_YgaJpZM4Tru9Q> .

[SidharthBansal]

Oh you mean two images background comparison to get the common points in both of them. Sound interesting.
I will search tonight these things.
PL is really huge!!!

[SidharthBansal]

Thanks

[jywarren]

Haha PL really is huge lol ... 😂

…

On Mon, Aug 6, 2018, 11:42 AM Sidharth Bansal ***@***.***> wrote: Thanks — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#2676 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AABfJ4ZEWfhGw0gfTSPc3L86_mfj2KT-ks5uOGOqgaJpZM4Tru9Q> .