hasgeek / lastuser Goto Github PK
View Code? Open in Web Editor NEWLastuser has been merged into Funnel. This repository is archived.
Home Page: https://hasgeek.com/
License: BSD 2-Clause "Simplified" License
Lastuser has been merged into Funnel. This repository is archived.
Home Page: https://hasgeek.com/
License: BSD 2-Clause "Simplified" License
Lastuser needs two-factor authentication for anyone using their account to manage important data. Implementing it requires:
Add a LinkedIn login provider, available for adding to user accounts but not for login.
Signals can be used to trigger a background notification to affected apps, and also used internally by the blueprint consumer.
When a user is logging into an app, the app should be able to set a custom login message with instructions. For instance, the job board should specifically instruct that the login is for the individual, not the company.
External ids should be linkable to organizations instead of users. This is similar to login providers, but cannot be used for login and links to GitHub organizations, Facebook pages, etc. Twitter ids behave the same as with a login provider, while Google is not available (except G+ pages).
Organization.owners.add([users] or user)
Emails are not case-sensitive. They should always be lowercase. Forms that ask for an email address should ensure they are converted into lowercase before saving.
When creating a client app, the domain in the URIs for Redirect, Notification and Resource MUST match that in the website. This is required since only the Website URI is shown to users when confirming their assent.
Many site users do not login until after much convincing. The activities they performed on the site pre-login are however valuable and could be linked to their logged-in profile (for example, jobs viewed on Hasjob or videos on HGTV).
Problem: right now, there is no way to track such transient users because they have no user accounts.
Idea: Add a flag to the User model to include a transient flag. For every cookie-enabled non-logged-in visitor, create a transient user account when they perform their first significant action (including actions like adding items to a shopping cart), and keep adding to this User object. When they finally login, if they have an existing User object, use Lastuser's merge user support to merge data. If they don't, make the User object a permanent user.
As a periodic sweep, remove transient accounts and data where the user has not visited again in a month or so.
Undecided: should this be centralized in Lastuser or decentralized in Flask-Lastuser? If the same user shows up on multiple sites, sharing a transient id is tricky for security rasons. The user has not yet agreed to share data with the specific site. A decentralized server can go about its business without such complications.
A decentralized approach, however, will mean that the user's record is even more fragmented and there is a chance of data loss when they actually login, because another site that previously saw the same visitor is not yet aware that they have a proper user account. Centralization will make sync more efficient.
If the user has disabled cookies in their browser, login will fail without explaining to the user why. Users need to be notified if they have cookies disabled.
Related to #12.
Login should be disallowed if cookies are disabled.
Like "Owners", organizations should have a "Members" team that is the default team for anyone who is a member of the organization. All owners should be members by default.
The members team does not provide administrative access. It's instead the default team for anywhere that access has to be restricted in any way (filing expense reports in Kharcha or posting to a discussion group). The Members team is used in situations where managing teams is too much detail.
An app that does not have access to an organization's teams can still be aware of the existence of Owners and Members (and a user's membership in these) and can therefore be reasonably functional until team access is granted.
Google's OpenID login process sends user data via a browser GET request. Is this request signed? Is the data tamper proof? If not, the email address provided can no longer be trusted.
Not sure how high the priority for this would be. But, nevertheless an important feature.
Binds allow a blueprint to be embedded in another app while maintaining an independent database connection. Lastuser should use binds to allow the UI to be embedded in Hasweb.
The login
resource should require a user to be logged in with a specific login provider. login/linkedin
, for instance, mandates LinkedIn login.
The /auth
endpoint will refuse to let the user proceed unless they have the specified login service applied to their account.
To reduce the chances of a duplicate account, the login screen encourages users to login with the last used service and then asks for the required service to be added to the user's account.
When a username is blank in Lastuser, client apps that have Profiles use the userid instead. This will fail for User A if User B's username is the same as User A's userid.
When a user picks a username, it should be checked for uniqueness against all userids.
Teams need a nullable client_id
column that indicates if the team was created by a client app. Client apps can use this to directly add users to a team, bypassing the Lastuser UI.
Lastuser needs a table for old userids, from ids discarded when accounts are merged. When a user logs into a client app, these old ids are supplied as part of the userinfo and the client can perform data merger.
The same mechanism can be used later for push notifications.
Lastuser needs to provide a mechanism for client apps to leave messages for each other. This can be used, for example, for BoxOffice to post an invoice in Billgate (using Billgate's API), and for Billgate to notify BoxOffice of successful payment (via the messaging API).
The messaging API helps communicate across firewalls, since Lastuser is always accessible, and ensures message delivery even if an app is down (though Lastuser is now the single point of failure).
UserExternalId should store the refresh token and expiry date for services that use them (like LinkedIn).
Currently user can register an account with password length 1, We need to have password strength validator.
The term "organization" confuses people into assuming that it's only meant for formal organizations. Renaming the concept to "group" will make this easier to accept.
User
and Organization
should have a field client_id
that indicates the client that created them.
The Twitter OAuth decorator in oauthclient.py raises an OAuthException
if Twitter denies the login attempt. Unfortunately, this propagates as a 500 error and is shown to the user as an app error.
Since exceptions in decorators cannot be trapped in the decorated function, we need another decorator on top of the Twitter decorator, whose sole purpose is to watch for OAuthException
and render a friendly error message suggesting users try again. It could simply flash a message and redirect back to the login page (restoring the next
component of the request from the session).
User accounts need a flag that requires them to change password on the next login.
The requires_login decorator should recognise this flag and prevent any other user activity, especially access to /auth
.
The Client.owner
property's name is misleading. It sounds like it should return an object, but instead returns a string. ownername
sounds better, but name
has a specific meaning in our models (it refers to URL names). ownertitle
is semantically correct since title
is the user-facing value, but it sounds odd.
The column should be renamed to one of ownername
or ownertitle
(but which?).
By convention, we want underscores between words in all the Model properties and functions.
Each change will require major renames in various files across models, views, templates & forms. Each change should hence be pushed with considerable amount of diligence.
Organizations can have an optional but unique email domain. If specified, any user who has an email address with the same domain is automatically added to the Members group (see #28).
The user who is configuring the organization can only claim email domains that they have a currently valid email address at.
Known webmail domains can be blacklisted from the app's configuration.
When a user wants to register a new account, https://auth.hasgeek.com/register doesn't show recaptcha . Recaptcha image and text field isn't rendered.
Teams are currently all private -- their existence is only revealed to users and organization owners.
There should be a public
flag on teams instead, default False
, allowing for some teams to be made public.
For apps, the "Requires access to teams" flag will now be about access to private teams as public teams are shared by default.
For apps that provide a comprehensive function, such as hasweb, which manages everything related to user profiles, asking for permission to every single resource in lastuser makes for an unnecessarily long scope string. Apps (trusted-only?) should be able to ask for wildcard permissions such as email/*
or even just *
.
Some client apps may need login sessions to be shorter than browser sessions for security reasons. LastUser should:
When a user logs into an app with a custom session duration and the user is already logged into LastUser, LastUser should:
Point 3 is iffy. OAuth services will return without showing any UI since there is an existing token for the current user and the lastuser app. Perhaps security-sensitive apps should insist on the user having a lastuser password before they are allowed to login.
User.fullname
currently stores the user's full name as reported by them (or sometimes automatically guessed from a login provider). There are contexts where we'll want a first name instead of a fullname, so we should store first/middle/last names separately.
However, trying to guess first/middle/lastname automatically or constructing a fullname out of them is a minefield given varying cultural contexts (and native scripts when the name is originally non-Latin).
Lastuser needs to model the name fields to (a) work with as little information as possible, (b) be able to extract the name components when available and (c) provide a user interface that allows editing each component without overburdening the user.
(This issue is not a short term priority as having only fullname is acceptable for the vast majority of use cases).
Lastuser should notify apps when user data changes and the app has a valid OAuth token for that user.
This has been "coming soon" for way too long. It's desperately needed. Here's some documentation from Facebook on how they do it.
Googlebot is attempting to login by hitting the /auth
page. Since Googlebot isn't a user and can't login, this is pointless.
/auth
and /token
should be denied to bots in robots.txt
.
When a user removes an email address (which was verified), preserve it in a new UserPastEmail (or similar) model, with no unique constraint on the email address.
Past emails can be a useful indicator of past associations.
This is not a fully thought-out proposal. It may not be feasible.
Sub-organizations are like organizations, but bound to a parent. They have a name that is unique within the scope of the parent and they can contain their own teams.
Sub-organizations are used for event editions. For example, the metarefresh
organization has 2012
and 2013
sub-organizations, each of which can have distinct teams to indicate the Program Committee, Participant Directory, etc.
Post-profiles project, they'll get URLs like these:
The requires_login decorator for /auth shouldn't ask the user to login because they are trying to login when they get there.
Lastuser needs a deleted
flag or some kind of a status flag on the User model to indicate a deleted/suspended user account. This flag should be queried everywhere that the User model is queried.
User.password_is(candidate)
is more intuitive.
The current lastuser architecture provides very little control to implementations. The code should be reorganized into blueprints, with implementations having the option to deploy only the parts that are needed:
lastuser_core
provides the database models, the internal resource registry and the core functionslastuser_oauth
provides the /login
, /logout
, /auth
, /token
and /api
endpointslastuser_ui
provides the UI for managing the user profile, organizations and permissions.An implementation may choose to provide #1 and #2 but not #3, folding that functionality into a client app. This helps prevent duplicated functionality for users.
Lastuser_oauth has some hard coded references to the names of login provider services. These were meant to be interim, during the transition to a registry. They should be removed now.
In the common scenario where an 'organization' is an event series, owned by another organization that is the company that runs the events, there should be a way to link these two and allow teams to be inherited from one, to simplify team management.
Organizations need a parent_id, where the parent cannot itself have a parent, and organizations.teams (or a new all_teams) should include the parent's teams.
User.organizations and User.organizations_owned should include child organizations.
Sites are often out of sync with Lastuser w.r.t the user's logged in state. The user may be logged into the site but not the app or vice versa.
The login beacon is a JS script loaded from the Lastuser server in all app sites that attempts to fix this:
Questions:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.