Comments (16)
@jancborchardt Well, you could use the API to invite users to the organization...
Also, I am planning on building a small one-file php version that contains only the join page and uses the API.
from orgmanager.
Yeah I know I could, but I can’t cause I’m not that deep of a developer. ;) And I thought that’s maybe what orgmanager would be useful for too.
from orgmanager.
There’s no way it could just be using JS? Cause that would be immensely helpful for static pages like ours.
from orgmanager.
@jancborchardt Not without exposing your Orgmanager token, I think...
I mean, if you don't mind exposing your API token, you can make a form, transform output to json and use the API.
You migth want to take a look at the api docs...
http://docs.orgmanager.miguelpiedrafita.com
Also, stackoverflow about transforming form output to json:
http://stackoverflow.com/questions/11338774/serialize-form-data-to-json
from orgmanager.
@jancborchardt Maybe a form integration can be possible, but you need a way to keep the bots out, as you can't use your own recaptcha... Ideas?
from orgmanager.
Could we just embed an iframe with the form?
from orgmanager.
@simonv3 Chrome and Mozilla disabled iframes for security reasons. Also, iframes are deprecated for lots of security issues.
from orgmanager.
Huh, when did that happen? I'm fairly sure that sandstorm makes extensive use of iframes, and I use it in Chrome.
Edit: I don't think I see anything here about them being insecure or being disabled: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe
from orgmanager.
@simonv3 You're rigth. Iframes aren't deprecated. You may want to read about iframe security for pages that embed them. The problem I have is with the server-side validation. Orgmanager tries ro prevent bot signups, by providing a captcha on web request or requiring the admin's token on the API. Allowing forms would raise two security issues:
-
CSRF Protection. Orgmanager uses tokens to prevent Cross Site Request Forgery, and if I allow posting from the outside, I'd have to disable some routes, risking from malicious requests.
-
Bot prevention. As you can't add a dynamic token to static pages, there wouldn't be any bot prevention (or, at least, not any secure bot prevention).
I will make some tests with OrgManager and iframes as soon as I can and report results back.
from orgmanager.
@jancborchardt Is this still a need? It is the last issue open tagged before v3.0
, and now that you linked the join page on the opensourcedesign website, maybe this can be closed...
from orgmanager.
I'll let @jancborchardt be the judge of that, he created the issue :)
from orgmanager.
@jancborchardt What do you think?
from orgmanager.
@jancborchardt @simonv3 I think I'm going to move this to v4
because I want to release v3
this week.
from orgmanager.
It would really be cool still – as said on #56 (comment)
That also gets everyone who lands on your page to get involved very quickly. Sure, with a button you could just link to the orgmanager page, but abstracting the whole thing away through just an input field or a button which launches Github auth would be even cooler.
from orgmanager.
@jancborchardt So then, this can be closed in favour of #56?
from orgmanager.
@m1guelpf :D I think #56 should be closed in favor of this, since this here is much clearer, and the other issue was a completely different one at the start. ;)
from orgmanager.
Related Issues (20)
- Bad credentials in GET /sync
- Design is broken and organization sync gives error HOT 6
- No vendor folder in the app's directory HOT 1
- API Support? HOT 2
- Hosted version unvailable HOT 2
- Unlikely timing attack when comparing HMACs HOT 1
- CUSL (National Free Software Development Contest)
- Org Synchronization Not Working HOT 3
- Site is OFF?
- Migration fails for MySQL version lower than 5.7 HOT 1
- Main link redirects to developer's personal website
- Unable to access official hosted version
- The requested package m1guelpf/github could not be found in any version
- I want To Join This Organization.
- Request to join this organisation. HOT 2
- Request for joining the organisation
- Bad Gateway : Broken Link HOT 1
- Feature request: github app or heruko app
- Shows a 404 error HOT 1
- Polish translation
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from orgmanager.