openware / barong Goto Github PK
View Code? Open in Web Editor NEWBarong auth server
Home Page: https://www.openware.com
License: Apache License 2.0
Barong auth server
Home Page: https://www.openware.com
License: Apache License 2.0
Rake db:seed with test application only if not production
Phone verification has 2 purposes :
1- Verify profile level=2 (email is level=1)
2- 2FA with an SMS check
Account has_many Phones
Each users can add and verify several mobile phone numbers
each one of them will need an sms confirmation from twillio to be enabled
Any phone can be used for 2FA challange.
We need to parse phone to list Country in Phones tables.
Implement 2FA for login and withdraw
Should use environment variable for admin email
as example: ADMIN_USER=[email protected]
We need a role for accessing only profiles page on admin panel.
Need to add field level for Account to display level of verification
@mod Do we need to refresh spec/models tests? As I understand that tests don't match with actual models data.
We should remove opportunity to change self role for admin
@gfedorenko please do it
Abiltity to receive and sign a JSON object if the otp code is valid
AppLogic
{
uid: 'ID4242',
otp: 432567,
payload: "BASE64_ENCODED_JSON_OBJECT"
}
Validation steps:
1- Check UID exist
2- Check if otp is valid
3- Check base64 is valid
4- Check if payload is valid json after decoding
DO:
Validates otp for user(uid) and sign the payload with a JWT and
returns it a structure like:
{
"payload":
"eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGF
tcGxlLmNvbS9pc19yb290Ijp0cnVlfQ",
"signatures":[
{"protected":"eyJhbGciOiJSUzI1NiJ9",
"header":
{"kid":"2010-12-29"},
"signature":
"cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZ
mh7AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjb
KBYNX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHl
b1L07Qe7K0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZES
c6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AX
LIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77Rw"},
{"protected":"eyJhbGciOiJFUzI1NiJ9",
"header":
{"kid":"e9bc097a-ce51-4036-9562-d2ade882db0d"},
"signature":
"DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8IS
lSApmWQxfKTUJqPP3-Kg6NU1Q"}]
}
Add config file with ability to export with url links:
Add dropdown to documents#new
@spavlishak
Please find here screen "Barong Authenticator Code 2":
https://zpl.io/V0MGqwO
Handle issue when user tried use phone number, which already exist in database
Add dropdown for roles with admin
, member
, etc
I think we can use enum to make it nice, and easy to add new roles.
Fields:
Step to reproduce:
Once a user verified his phone with a 2FA,
he can activate 2FA with Google Auth.
We need to generate a seed for TOTP with a QR code
The user needs to scan or enter the seed
We need to ask him to clearly write down the seed on a piece of paper.
Then user can enter a 2FA code and it should activate the 2FA.
paetio.tech 😞
Confirm your email will provide level=1 and state=active
Layout should be very lite,
centered fixed, but mobile compatible.
We probably don't need a navbar header and footer
we need simple text links around the main content box
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.