gloaec
commented
6 years ago I'll make a pull-request soon enough, SAML/CAS authentication is ok : https://github.com/Cadoles/covoiturage-libre/commit/7566e70eb4422d133eeabe08288f50b9b8dd876e
I just need to fix some interfaces before I push (admin area among others). Btw, I "dockerized" the configuration a bit by adding a .env file. I also figured we could make strong authentication optional, so I did :
# Make authentication mandatory
AUTHENTICATION_ENABLED=trueI tried not to refactor too much, but I removed this 2 models/controllers : UserAuthentication and AuthenticationProvider (appeared to be unused/unfinished work ?). I introduced 2 new classes Identity and Omniauthable that aim to do the same thing. I reused most of the work I did for Mastodon (https://github.com/tootsuite/mastodon/pull/3148). Also, devise views/controllers are now totally scoped to namespace users. Now, I really feel like I want to migrate to Boostrap 4 (I miss flexboxes :stuck_out_tongue:)
I'll give you my roadmap soon, so you guys can decide what you want pull in legacy..
Current Behavior
No authentication, nor user management : identity based on email.
Expected Behaviour
The current mecanism allows anyone to create trips without authentication. For moderation matters, admins should at least be able to block/blacklist some users from backoffice interface.
Steps to Reproduce the Problem
Not really a problem : enhancement
[x] Development [x] Production
Ideas for solving the problem / Implementing the new functionality
As I said here #339, I'm about to implement SAML authentication in covoiturage-libre. This implies huge changes in user management. I noticed some "oauth" gems in the Gemfile currently unused. The idea would be to have an authenticated interface for user, and allow as many providers as possible to make it easy (Facebook, Google, Twitter...). I guess the "no authentication" approach was an explicit will at first, but I think I shall become mandatory as the application evolves. What do you guys think ?