Skip to content
This repository was archived by the owner on Mar 15, 2018. It is now read-only.

WIP: Multi-Token-Challenge: 2FA #33

Open
wants to merge 26 commits into
base: master
Choose a base branch
from
Open

WIP: Multi-Token-Challenge: 2FA #33

wants to merge 26 commits into from

Conversation

pozylon
Copy link
Contributor

@pozylon pozylon commented Jan 30, 2018
edited
Loading

  • Refactor the auth module to allow for token challenge type abstraction
  • DB: Entangle sessions from tokens
  • Add TOTP Challenge Type
  • Adjust the GraphQL API to allow multiple token challenge validation for 2FA
  • DB: Add Flag and Secret to User for 2FA
  • Add GraphQL Operations to manage 2FA activation (store shared secret, toggle 2fa login, ...)
  • Add token expiration logic & extend the error reporting so a UI can behave differently on "token expired", "2fa required", "token not found", "token burned" errors.
  • Tests

pozylon added 12 commits January 23, 2018 10:40
@pozylon
feat(mail): adds method to move newsletter settings from one to anoth…
1012139 
…er email address

affects: @orbiting/backend-modules-mail
@pozylon
Revert "fix(auth): remove changeEmail, belongs to republik-backend"
31a3660 
This reverts commit dab95c2.
@pozylon
fix(auth): use the new moveNewsletterSubscriptions from mail
a63bfa7 
affects: @orbiting/backend-modules-auth, @orbiting/backend-modules-mail
@pozylon
fix(auth): fix clearSession
8226d14 
affects: @orbiting/backend-modules-auth
@pozylon
fix(auth): fix updateUserEmail
df5277a 
affects: @orbiting/backend-modules-auth, @orbiting/backend-modules-mail
@pozylon
style(auth): cleanup
4b4a23b 
affects: @orbiting/backend-modules-auth, @orbiting/backend-modules-base
@pozylon
feat(auth): 2fa
3f5a866 
affects: @orbiting/backend-modules-auth, @orbiting/backend-modules-base,
@orbiting/backend-modules-mail

BREAKING CHANGE:
mail, auth, base
@pozylon
fix(auth): typo
1ea42c8
@pozylon
feat(auth): add tokens to db
303d0e0
@pozylon
fix(auth): 2fa (wip)
8aa0fe1
@pozylon
fix(auth): 2fa (wip)
8edf028
@pozylon
Merge branch 'master' into totp
17c7ac4 
* master: (30 commits)
  chore(release): releasing component
  fix(assets): remove unnecessary await
  chore(release): releasing component
  feat(assets): buffer instead of stream for content-length
  chore(release): releasing component
  fix(base): clear cf cookie
  chore(release): releasing component
  fix(documents): webp cap. check
  chore(release): releasing component
  chore(release): releasing component
  chore(release): releasing component
  feat(assets): repo.uploadImages: transfers images from github to AWS S3
  feat(documents): add webp suffix to image urls in Document resolvers
  feat(assets): add lib webp url suffixer
  fix(documents): devide processRepoImageUrls in processRepoImageUrlsInContent and -InMeta
  feat(documents): add lib processImageUrls (migrate from publikator-backend)
  feat(assets): add size=WxH to portraitUrl in uploadPortrait
  feat(assets): upload lib, cleanup convertImage
  chore(assets): readme
  fix(assets): readme
  ...
@pozylon
Copy link
Contributor Author

pozylon commented Jan 30, 2018

This is going to be a massive change

@pozylon
fix(auth): 2fa
22d45dd
@pozylon
Merge branch 'fix-session-clear' into totp
aefee2b 
* fix-session-clear:
  fix(auth): fix clearSession
@pozylon
Merge branch 'move-interests' into totp
4aff619 
* move-interests:
  fix(auth): fix updateUserEmail
  fix(auth): use the new moveNewsletterSubscriptions from mail
  Revert "fix(auth): remove changeEmail, belongs to republik-backend"
  feat(mail): adds method to move newsletter settings from one to another email address
@pozylon
fix(auth): updateEmail
1fd936b
This was referenced Jan 30, 2018
Closed
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pozylon