DonkeyKongJr
commented
6 years ago Maybe it is useful to split this issue in multiple smaller ones.
Closed DonkeyKongJr closed 6 years ago
DonkeyKongJr
commented
6 years ago Maybe it is useful to split this issue in multiple smaller ones.
DonkeyKongJr
commented
6 years ago Current Implementation allows user registration with all valid email addresses, anyway, this seems good enough for now.
Is your feature request related to a problem? Please describe. To increase security when accessing data from firebase and to limit the application to a specific user set a user management and authentication is mandatory.
Describe the solution you'd like The email (username) and password mechanism from firebase should be used. In the first draft the application should only be accessible by users where the TLD is their email addresses is pmone.com. At the moment there is no need for any kind of multi-tenancy.
If the user isn't authenticated it should not be possible to take any orders nor access the firebase database. When a not authenticated user requested a protected route he should be redirected to the login page where he can enter his credentials.
Describe alternatives you've considered Considerable alternatives would be OAuth services providers like Google, Facebook, Github etc., but this may increase the complexity of granting users access to specific resources. Although this could be interesting when opening the platform for multiple-organizations or users outside the pmone.com domain.