cfwheels-example-app icon indicating copy to clipboard operation
cfwheels-example-app copied to clipboard
verified publisher icon cfwheels

Roadmap 0.0.3

Open neokoenig opened this issue 7 years ago • 8 comments

  • [x] Add Installation via commandbox
  • [x] Breaking change: application settings now stored as serialized JSON to help with migrator bug (see https://github.com/cfwheels/cfwheels/issues/871)
  • [x] Ensure password isn't in email address

To Do:

  • [ ] Ensure password isn't in top 100000 hacked password lists
  • [ ] Add Travis CI Support
  • [ ] Travis: Unit tests require DB; DB migrate can't access custom servername from CLI, so need to fix that first.
  • [ ] Protected 'superadmin' flag on accounts which can't be assumed etc

Maybe:

  • [ ] Add LDAP example?
  • [ ] Add some sort of Brute force attack mitigation
  • [ ] If login required to auth'd page, add an appropriate redirect after login
  • [ ] Possibly change AES encryption on cookie to be JWT?
  • [ ] Add OAuth/Twitter/Facebook, if time allows
  • [ ] 2FA Maybe (!)
  • [ ] Add JSON based API using Basic Auth/API Key
  • [ ] Add JWT Authentication (Will still technically use sessions as we can't mix and match in a single app, but would be an example of API Authentication)
  • [ ] Localisation / i8N?
  • [ ] Add http headers as per https://github.com/ddspringle/framework-one-secure-auth/blob/master/MyApplication.cfc#L94

neokoenig avatar Jun 20 '18 11:06 neokoenig

I recently implemented this as a service for pwned password check

https://github.com/JayIsPainting/CFML_HIBP

chapmandu avatar Jun 20 '18 11:06 chapmandu

Cool. Might make a good plugin? Either that or I'll implement it directly. I'm warying of building in too many 3rd party dependencies though. My original idea was based on https://github.com/ddspringle/framework-one-secure-auth which just has a txt file(!) cached as an array for lookup.

neokoenig avatar Jun 20 '18 11:06 neokoenig

It would be perfect as a plugin. I like HIBP as it's up to date, and I don't have to commit a huge txt file to my repo and keep it up to date.. but yeah, I get not wanting too many 3rd party services.

chapmandu avatar Jun 20 '18 11:06 chapmandu

I might add it in as an application level switch or something

neokoenig avatar Jun 20 '18 11:06 neokoenig

Would definitely like to see signup/login via Auth0 (JWT). Great app btw!

malpaso avatar Jun 24 '18 00:06 malpaso

Thanks again for this app! Further checking it out, posting errors if I see them, and tomorrow translate to Dutch.

MvdO79 avatar Jun 24 '18 02:06 MvdO79

@malpaso Please have a look at this example ColdFusion AuthO : https://github.com/namitan/cf_auth0_sample

openbizgit avatar Jun 25 '18 16:06 openbizgit

Thanks @malpaso @openbizgit - I think what I might do is try and put most of the Auth0 functionality into a plugin, but then include the appropriate Authentication model/methods in the example app, so people can then chose how/if they want to use it. Thanks for the example - always useful.

neokoenig avatar Jun 25 '18 16:06 neokoenig