Open tlvince opened 8 years ago
Kazana/Hoodie/React approach: https://github.com/eHealthAfrica/kazana-account-app
@gr2m's (hey Gregor! :wave:) thing https://github.com/gr2m/couchdb-user-management-app
Bearer plugin for Hapi (use Hapi as a reverse proxy): https://github.com/eHealthAfrica/hapi-couchdb-auth-bearer-plugin
Corresponding issue for Call Centre (and GN connect): https://github.com/eHealthAfrica/sl-ebola-call-admin/issues/1026
@jofomah do you think we can get away with having user management in a separate app? Maybe admin-dd.ehealth.org.ng
?
@janetbutts think we'll need to look at this before releasing. In short, if CouchDB's security is set up properly, then users page will not work, including for super
users unless the user is a "real" CouchDB admin user. Handing out CouchDB admin credentials is a bad idea security wise. One immediate solution is to introduce a middleware layer between the app and CouchDB that proxies user management actions. Otherwise, we have a generic CouchDB user management app that could be repurposed, but would need to live on its own address e.g. (edit: this will still require giving CouchDB admin credentials to our super users).admin-dd.ehealth.org.ng
.
@tlvince , agreed that we do not want dashboard users to also be couchdb admins. what is the effort involved with this middleware layer? is this a show stopper for the release?
Most of the middleware service work preexists (see above), so I don't estimate more than a day of integration. However, coordination with ops for deployment may take some time, depending on their schedule.
That said, the fact that this currently works in dev suggests to me CouchDB's security has not been set up correctly. I will review and also check stage and prod.
Working on this.
@tlvince, this will get tabled until the next release. for right now, we will just hide the security tab (#321).
Un-assigning for now.
Middleware approach https://github.com/tlvince/recliner