Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve functionnality about authentication on profil page #83

Open
mathben opened this issue Mar 11, 2018 · 4 comments
Open

Improve functionnality about authentication on profil page #83

mathben opened this issue Mar 11, 2018 · 4 comments
Assignees
@mathben
Labels
priority project: javascript bootstrap angularjs web client project: python server
Milestone
Second game scena...

Comments

@mathben
Copy link
Member

mathben commented Mar 11, 2018
edited
Loading

What to improve :

  1. Memorize the value of secret cookie in server side to keep session when restart the server - Done
  2. Be able to set a password in profil page, when connected from a third-party - Done
  3. Add fonctionnal test on server about authentication to validate security exploit. Example, when authenticate without password.
  4. Improve error to show to the user in login and profile page.
  5. Validate email when subscribe from the form. Email verification and password change. #65
  6. Update the cookie to unlimited time when click "remember me".
  7. Add option to link with third-party on profile page.
@mathben
Copy link
Member Author

mathben commented Mar 11, 2018

This task is the next implementation of #3

@mathben mathben changed the title Improve functionnality about authentication with cookie Improve functionnality about authentication on profil page Mar 11, 2018
@mathben
Copy link
Member Author

mathben commented Mar 12, 2018

See web development security : #74

mathben added a commit that referenced this issue Mar 12, 2018
@mathben
[#83] authentication: replace eval to json when transform data cookie
ffb3593 
- eval can execute arbitrary code and the user can modify the cookie
- remove cookie management from handlers.py when try to detect loggued user
mathben added a commit that referenced this issue Mar 12, 2018
@mathben
[#83] authentication: replace eval to json when transform data cookie
7a0bb98 
- eval can execute arbitrary code and the user can modify the cookie
- remove cookie management from handlers.py when try to detect loggued user
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 18, 2018
@mathben
[AdminTL#83] authentication: replace eval to json when transform data…
7a47f7c 
… cookie

- eval can execute arbitrary code and the user can modify the cookie
- remove cookie management from handlers.py when try to detect loggued user
@mathben
Copy link
Member Author

mathben commented Mar 18, 2018
edited
Loading

#89
Enable third-party if secret key is configure.

mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 18, 2018
@mathben
[AdminTL#83] authentication: keep secret key for secure cookie in con…
7f39157 
…figuration

- auto generate this secret key if not exist.
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 19, 2018
@mathben
[AdminTL#83] server: send error to user client when got error status
c425a4e
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 19, 2018
@mathben
[AdminTL#83] server cmd character: fix permission on admin command
ad2c64f
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 19, 2018
@mathben
[AdminTL#83] server cmd character: fix permission when get user
b909e30 
- check if get user is the same user
- check admin persmission from generic command
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 21, 2018
@mathben
[AdminTL#83] server cmd character: fix permission when get user
4595c7b 
- check if get user is the same user
- check admin permission from generic command
@mathben
Copy link
Member Author

mathben commented Mar 23, 2018
edited
Loading

Fix comment from PR : 0f99f54#commitcomment-28224313

Check permission on cert file, need to be only 600, like ssh check.

mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 23, 2018
@mathben
[AdminTL#83] server cert check persmission, need to be only 600
dd83d61
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 24, 2018
@mathben
[AdminTL#83] server certificat SSL check permission, need to be only 600
0ac4cdc
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 26, 2018
@mathben
[AdminTL#83] Login: add option to go on subscribe directly by /login?…
1a7f9bf 
…subscribe
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 26, 2018
@mathben
[AdminTL#83] Login: remove user_password and email_password.
3277d97 
- Replace it with single password
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 26, 2018
@mathben
WIP [AdminTL#83] Login: rename name to username and add name in subsc…
6d2dc1a 
…ribe form
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 26, 2018
@mathben
[AdminTL#83] Server login: when connect to user, redirect to profile …
7d91560 
…page.
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 26, 2018
@mathben
[AdminTL#83] Profile: update page and able to update password
4edd58f 
- Rename connection button
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 26, 2018
@mathben
[AdminTL#83] Login: add option to go on subscribe directly by /login?…
cfbf980 
…subscribe
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 26, 2018
@mathben
[AdminTL#83] Login: remove user_password and email_password.
bb0bd39 
- Replace it with single password
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 26, 2018
@mathben
WIP [AdminTL#83] Login: rename name to username and add name in subsc…
fa4da40 
…ribe form
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 26, 2018
@mathben
[AdminTL#83] Server login: when connect to user, redirect to profile …
2a5e079 
…page.

- add option to go on subscribe directly by /login?subscribe
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 26, 2018
@mathben
[AdminTL#83] Profile: update page and able to update password
784c199 
- Rename connection button
- Remove user_password and email_password
- Manage only 1 password and no more salt from client
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 26, 2018
@mathben
WIP [AdminTL#83] Login: rename name to username and add name in subsc…
1762a7c 
…ribe form
@mathben mathben self-assigned this Mar 26, 2018
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 30, 2018
@mathben
[AdminTL#83] Profile: update page and able to update password
bd5a4ba 
- Rename connection button
- Remove user_password and email_password
- Manage only 1 password and no more salt from client
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 30, 2018
@mathben
WIP [AdminTL#83] Login: rename name to username and add name in subsc…
1918c4d 
…ribe form

- fetch more information from third-party about the user
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 31, 2018
@mathben
[AdminTL#83] Login: rename name to username and add name in subscribe…
87ee2e3 
… form

- fetch more information from third-party about the user
- add postal_code information
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 31, 2018
@mathben
[AdminTL#83] character: add argument to disable user character
c89e9dd 
- this will block user to access to our character
- admin has access in readonly to the character
- use disable_login instead of invalid_login
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 31, 2018
@mathben
[AdminTL#83] character: add argument to disable user character
3108ac6 
- this will block user to access to our character
- admin has access in readonly to the character
- use disable_login instead of invalid_login
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 31, 2018
@mathben
[AdminTL#83] Login: add third-party when subscribe
7df7ba7 
- redirect to profile when subscribe and auto-connect
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Mar 31, 2018
@mathben
[AdminTL#83] Login: add third-party when subscribe
86e308d 
- redirect to profile when subscribe and auto-connect
@mathben mathben added this to the First game scenario 2 milestone Apr 1, 2018
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Apr 1, 2018
@mathben
[AdminTL#83] Login: fix when unauthorized permission when connect to …
b341237 
…third-party

- change menu color item to red for admin button
- move all item menu to left, remove right option
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Apr 1, 2018
@mathben
[AdminTL#83] Login: add incremental information when connect from thi…
8f9d704 
…rd-party
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Apr 1, 2018
@mathben
[AdminTL#83] Login: fix email insensitive case and show error when up…
cf75db8 
…date password

- use lower case when store password
- show status or error to user when add/update password
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Apr 1, 2018
@mathben
[AdminTL#83] Profile: show status when add or update password
126c7cb 
- show server error when http error
- show timeout error
- show validation error from client and server side
- show loading when send request
- disable button when send request
- remove request update profile when add password
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Apr 1, 2018
@mathben
[AdminTL#83] Login: add feature to hide the login button from the menu
d030e97
mathben added a commit that referenced this issue Apr 1, 2018
@mathben
Merge pull request #90 from mathben/authentication_profil_page_#83
70fce83 
Authentication profil page #83
mathben added a commit that referenced this issue Apr 1, 2018
@mathben
[#83] Login: fix option hiden menu login when user is logging
3dd83bd
mathben added a commit that referenced this issue Apr 1, 2018
@mathben
[#83] Login: fix option hiden menu login when user is logging
9777af6
mathben added a commit to mathben/gestion_personnage_TL that referenced this issue Apr 1, 2018
@mathben
[AdminTL#83] Login: fix option hiden menu login when user is logging
c0a1a88
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mathben mathben

Labels
priority project: javascript bootstrap angularjs web client project: python server
Projects
None yet
Milestone
Second game scenario 2
Development

No branches or pull requests
1 participant
@mathben