PLANNING ISSUE: Multi party authentication

[SidharthBansal]

This is the checklist for the OAuth Login

Implementation common to all providers

• [x] Add omniauth gem #2381
• [x] Add fiagro gem #2531
• [x] Install Openssl #2745
• [x] Make localhost work under https connection #2745
• [x] Write Documentaion for openssl #2745
• [x] Write Documentation for omniauth and related gems #2855 #2848
• [x] Define routes #2531
• [x] Modify UserTag to acts as identiy model #2737 #2639
• [x] Add OmniAuth Capability to User Model #2771
• [x] Link provider to a user #2771
• [x] Delete provider from a user #2771
• [x] User_controller update #2771
• [x] User_session_controller update - #2771
• [x] Wiki Page https://publiclab.org/oauth

Google Provider

• [x] Add omniauth-google-oauth2 gem #2771
• [x] Add OmniAuth Configuration to initializer #2771
• [x] OAuth testing hash #2771
• [x] Write user session controller tests for the login through Google #2771
• [x] Write integration tests for the login through Google #2771
• [x] Set up developers app (discussion in #2771)
• [x] Docker file changes #2771
• [x] header #2866
• [x] /profile/edit page #2850
• [x] login page #2851
• [x] sign up page #2852

Github Provider

• [x] Add omniauth-github gem #2686
• [x] Add OmniAuth Configuration to initializer #2873
• [x] Set up developers app #2856
• [x] Docker file changes #2875
• [x] OAuth testing hash #2874
• [x] Write user session controller tests for the login through Github #2915
• [x] Write integration tests for the login through Github #2914
• [x] header #2975
• [x] /profile/edit page #2975
• [x] login page #2975
• [x] sign up page #2975

Twitter Provider

• [x] Add omniauth-twitter gem #2686
• [x] Set up developers app #2893
• [x] Docker file changes #2947
• [x] Add OmniAuth Configuration to initializer #2948
• [x] OAuth testing hash #2961
• [x] Write user sessions controller tests for the login through Twitter #2962
• [x] Write integration tests for the login through Twitter #2963
• [x] header #2986
• [x] /profile/edit page #2986
• [x] login page #2986
• [x] sign up page #2986

Facebook Provider

• [x] Add omniauth-facebook gem #2381
• [x] Set up developers app #2867
• [x] Docker file changes #2960
• [x] Add OmniAuth Configuration to initializer#2959
• [x] OAuth testing hash #2965
• [x] Write user session controller tests for the login through Facebook #2966
• [x] Write integration tests for the login through Facebook #2964
• [x] header #2987
• [x] /profile/edit page#2987
• [x] login page #2987
• [x] sign up page#2987

Handling Security Vulnerabilities

• [x] Random Number for password field #3031 #3071
• [x] Introduction of Password checker field into user model #3032
• [x] Uid field filter on profile page - only the admin and the user himself can see the usertag #3038
• [x] Uid field filter on profile page - only the admin and the user himself can see the usertag tests #3139
• [x] Trimming of the uid from the usertag when showed on profile page #3066
• [x] Tests for above #3139

Front End

• [x] header #2866
• [x] Login Page #3011
• [x] Sign Up Page #3012
• [x] Edit Page #3014

[jywarren]

wow i love this page 😆 ✅✅✅✅✅✅

[jywarren]

Interesting message from Trello.com - a reference for our own UI maybe! 👍

[SidharthBansal]

I love this feature.

[SidharthBansal]

@jywarren one way for https://github.com/publiclab/plots2/issues/2676#issuecomment-401952085 is to have an additional field in the user_model. If a user makes an account on the public lab using the legacy authentication system then it is zero. If a user makes an account via google then it is one, fb=>2, twitter=>3, github=>4. If a user resets a password then this field is reset to zero. So, that way we can check while logging the user in if the username's field is non zero this imply he has not generated password even once.

Zero field indicates that the account password is generated by the user Non zero field indicates the account password is not generated by the user yet.

Any other idea about this feature?

[SidharthBansal]

I am breaking the front end portion into sequential ftos. So that the I can focus on the other backend features

[jywarren]

Non zero field

This sounds interesting. Can you just walk through whether this could be achieved by looking at the password field itself, and the user tags, and explain to me if that would not be enough information to achieve this? I think I follow but just so we know we're understanding this the same way!

[SidharthBansal]

@jywarren please see #3032 for password_checker field conversation. I have added few items to the checklist which we discussed on google hangouts. Thanks

[SidharthBansal]

@jywarren is there any need to bcrypt the uid before storing in the db? I don't think there is a need. I have added few items to the checklist on which I am working nowadays. Also, is there any need to notify the user weekly or monthly that they have not set up there passwords yet OR can we just ignore this? I think it will be frustrating for the clients to get weekly messages until they set up their passwords. There are many websites which enables you to log in and log out without notifying users via email to set passwords.

[jywarren]

Yeah, i think we can skip notifications, but display a note on their profile maybe?

On Tue, Jul 24, 2018 at 1:31 AM Sidharth Bansal notifications@github.com wrote:

@jywarren https://github.com/jywarren is there any need to bcrypt the uid before storing in the db? I don't think there is a need. I have added few items to the checklist on which I am working nowadays. Also, is there any need to notify the user weekly or monthly that they have not set up there passwords yet OR can we just ignore this? I think it will be frustrating for the clients to get weekly messages until they set up their passwords. There are many websites which enables you to log in and log out without notifying users via email to set passwords.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/publiclab/plots2/issues/2676#issuecomment-407286024, or mute the thread https://github.com/notifications/unsubscribe-auth/AABfJySJP9IIkeKGawcDHkxsKVWnrpWzks5uJrEZgaJpZM4Tru9Q .

[SidharthBansal]

OK, I have updated the checklist according to your suggestions. Thanks

[SidharthBansal]

@jywarren can we close this now?

[jywarren]

Yes! And congratulations!

[SidharthBansal]

Congrats to you to. And thanks for your help. You helped at each stage of the project. You are the best mentor @jywarren . I will be learning Machine Learning and AI at my university in the current semester. Is there any project on PL where I can apply these, can learn and contribute?

[jywarren]

I wonder about a couple things --

1. could you use it to find related tags or related posts? Maybe for suggesting tags from the body text so tagging is more automated?
2. could you use it to try to make an image classifier, along these lines, that's web-based? https://publiclab.org/notes/warren/1-16-2012/clashifier-open-source-web-based-image-classification-prototype

[SidharthBansal]

Thanks. I like both of them. The first project seems to me beginner project. So, will like to take it if we need it. What do you suggest?

[SidharthBansal]

that's web-based?

@jywarren if we have anything different from RoR/web but ML and AI is involved, even then, I am happy to contribute. I love contributing to PL and learning things here. I want to increase my knowledge. You know a lot of things. And I think you can guide me better than anyone else. Can you please think and tell if any other place we need it?

[jywarren]

well, we have had a long-term interest in trying "interest point finding and matching" -- i.e. "bundle adjustment" on MapKnitter, so that we may start to auto-match images against their background map, and/or against each other. It's a complex problem, but having a modular javaScript library for it would be amazing. Or, a web service for it so you submit 2 images and it sends back matched points.

On Mon, Aug 6, 2018 at 11:25 AM Sidharth Bansal notifications@github.com wrote:

@jywarren https://github.com/jywarren if we have anything different from RoR/web but ML and AI is involved even then I am happy to contribute. I love contributing to PL and learning things here. I want to increase my knowledge. I am also interested in web/RoR. You know a lot of things. Can you please think and tell if any other place we need it?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/publiclab/plots2/issues/2676#issuecomment-410746981, or mute the thread https://github.com/notifications/unsubscribe-auth/AABfJ3jn-VJS-aBlMrlXDiOQBWxQzrNSks5uOF_YgaJpZM4Tru9Q .

[SidharthBansal]

Oh you mean two images background comparison to get the common points in both of them. Sound interesting. I will search tonight these things. PL is really huge!!!

[SidharthBansal]

Thanks

[jywarren]

Haha PL really is huge lol ... 😂

On Mon, Aug 6, 2018, 11:42 AM Sidharth Bansal notifications@github.com wrote:

Thanks

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/publiclab/plots2/issues/2676#issuecomment-410752471, or mute the thread https://github.com/notifications/unsubscribe-auth/AABfJ4ZEWfhGw0gfTSPc3L86_mfj2KT-ks5uOGOqgaJpZM4Tru9Q .