search

EagerELK / ditty

Sinatra Based Web Application Framework
MIT License
8 stars 7 forks source link

Add extra security layer for new user logins #23

Open jrgns opened 5 years ago

jrgns commented 5 years ago

Add a model called UserLoginTrait and a migration for the user_login_traits table with the following fields

Add a controller called UserLoginTraits and a policy called UserLoginTraitPolicy. Any authenticated user can list and get. Only super admin can create, update and delete. Scope the records to the logged in user, unless it's a super admin user.

Add a listener that subscribes to the user_login event. On each successful login, create or update a row in the table with the details:

If the record is newly created, direct the user to a captcha page to verify that they are user, and fire an email to the user to notify them of the fact that a login from a new browser / ip / os has been detected. If the user fails the captcha, log him out, and notify the user through email of the login attempt.

If the record already exists, redirect as usual.

The captcha page should be configurable in terms of which captcha service provider is used.

Add views to list, display, create and edit these records.

Add a link from the users/{userId} or user's profile page to view the login traits.

Jed-Giblin commented 5 years ago

I would like to work on this.

I'm new to Sinatra as a whole, but very familiar with Rails. Hoping to have a PR for this by end of week

AC seem very clear.

jrgns commented 5 years ago

@Jed-Giblin Go for it! Feel free to contact me if you have questions.

jrgns commented 5 years ago

Implemented capturing the details, as well as the views and displaying of records.

Still need to do the capture / security part.