Closed Vedant1202 closed 4 years ago
Thanks for your patience here. I don't think this concept has to involve tokens. If the token is staying on the server which generated it, and has no way to determine who is using it, wouldn't this then be very similar to managing disable security? Also, if it's running with a restart policy, it would repeatedly be in this state unintentionally. I haven't had much opportunity to reach out to existing users about this, so I don't know what's important to them, but I think the core idea of this suggestion is reasonable. It may be more early accomplished by having some kind of timestamp or equivalent at which the mode is deactivated. (e.g. I'll be adding users until 25 APR 2020 at 1:00 AM UTC, after which time use normal login) Do you believe that this suggestion is in the spirit of your concept? Have I misunderstood something?
@birm, So just having a preset timestamp after which we can enable security would do?
Probably, but if you don't think so or have a better idea, don't keep it to yourself :smiley:
Not at the moment, but I will if something strikes me up though. Meanwhile I'll update the PR to do the timestamp thing. 👍
@birm, I've done the changes and this as well as the dependant PRs are up for review. 👍 Please tell me if any changes are required.
@birm Thanks for the help, I have done the changes and the PRs are up for further review.
Well I think the other two would be necessary, as the one in distro contains the ENABLE_SECURITY_AT env var addition in develop.yml And the one in camicroscope contains a frontend check in user signup.html, whether the time window is open or closed. If the window is open, the form is submitted to User/post, else a user add request gets created if the user is an editor.
Ah, that's true; I had forgotten about the request system!
Description
This update provides a mechanism for general users to signup authentic users/admins upto a certain period of time based on a preset environment variable
ENABLE_SECURITY_AT
. The datetime has the formatMM/DD/YYYY hh:mm:ss
. To disable the feature, just keep the variable to empty string.The changes are:
This depends upon Distro PR-122 and caMicroscope PR-388.
Motivation and Context
**Why is this change required? What problem does it solve?
How Has This Been Tested?
**Please describe in detail how you tested your changes.
Types of changes
**What types of changes does your code introduce? Put an
x
in all the boxes that apply:Checklist: