This project forked from aadschippers/pleio_account
OAuth2 and OpenID microservice used for handling user registration, login and SAML2 SSO
Home Page: https://account-compte.gccollab.ca
License: European Union Public License 1.1
Currently activation emails for new accounts are sending in English, French, and Dutch.
Please remove Dutch from all outgoing emails.
Going to use this place to formally document details of users who cannot connect to GCcollab Message.
[email protected] (CRA) cannot access GCcollab Message without getting the 'Connecting' bar loading over and over again. He can login but can't access any channels successfully.
The language toggle button doesn't toggle the language site wide. It toggles only the page you are on when you hit the button.
down the rabbit hole
Need to migrate Elgg users into new account service
When trying to log in with security questions there is an error thrown after successfully answering the questions that crashes the system. Error relates to a missing route 'https'
Figure out if we can migrate users straight into account service or if some sort of on boarding needs to be involved. How to handle different account names across the service. Account for existing user base.
User gets a new job at new department, gets new email address, no longer able to reset password as no longer able to receive email. Come up with strategy to handle this situation. possible options are text, alternative email, etc. look into whats best for our users and what we can securely offer
Implement password reset based on security questions.
Awesome stuff with the MFA being added!
I went to change an old weak password after and hit a new password complexity requirement. This goes against the current security guidance from NIST (CSE harmonizes guidance from their specs).
Here is a human readable version of the changes https://venturebeat.com/2017/04/18/new-password-guidelines-say-everything-we-thought-about-passwords-is-wrong/
No more imposed password complexity (like requiring a combination of letters, numbers, and special characters). This means users now can be less “creative” and avoid passwords like “Password1$”, which only provide a false sense of security.
Moved from gctools-outilsgc/gccollab#306
As a user, when I need to update my email address in Account, it reflects in my Account but not on my profile. This is after logging out and logging back in with updated email.
This user changed her email to: mary.o'[email protected]
Old email was [email protected]
I deleted her duplicate accounts (this may be what caused it). In her account her email is now up to date reflecting the new email:
Even after logging in with the new email (@pco) her profile still reflects the old email: https://gccollab.ca/profile/Mary.Oshea
Refreshing the page and logging in/out does not update the email address.
Freshdesk ticket: https://gccollab.gctools-outilsgc.ca/helpdesk/tickets/4686
Change the "Termes et Conditions" on the French log in page to "Conditions D'Utilisation"
This is the beginning of a feature that will enable the ability for client applications to provide role based access to their apps depending on several key factors that will be stored in Profile as a Service.
The first key metric that will need to be determined is whether or not the user logging in is connecting from a GoC Network or from the Public Internet.
Things to consider:
lets see if getting connex and pedia onto account service is feasible out of the box or if it requires more work
New pages for the Accounts registration page, More details to come.
In IE 9 or older, new users can't register to GCcollab because they can't check the Terms & Conditions box.
People should be able to openly create an account, but based on their profile information, they will have access to various applications.
This UX design document has been created as a reference point and guideline to assist with the development of the new Request a Membership feature for GCcollab. This is a pilot version of a possible end to end UX process meant to guide the design of new and existing features, apps and microservices.
The current version is a PDF which hopefully can have comments and notes added to it by team members to enhance and strengthen the process while helping improve task clarity.
Now available:
Errors being thrown when a city cannot be located during GeoIP lookup
On the French version of the Log in account page, change the GCCollab Account to "Compte GCcollab"
Shown is a 2 step process that could occur after the system rejects the email address because it is not on the whitelist. Notes and suggestions have been added to the images but by no means are to be considered final.
The longer we keep updating the services separately, the harder it will be to bring them back together.
@bryan-robitaille @lucbelliveau
We will need to conduct research behind how to integrate Freshdesk into the single account service and what this will look like on the front/backend.
Things to consider:
Reduce the number of environment variables being set and move the administration of email server settings, profile as a service endpoint, etc to be modified and set in the Django Admin interface.
review and figure out what to change
Neither the README.md (GitHub) nor the Terms Of Service (production) mention or reference a point of contact nor procedure for reporting security vulnerabilities.
Considering the crucial role concierge plays in securing access to other resources, this information should be by readily available. If concierge falls under any available bug bounties this should also be included.
As a user whose first language is French, when I click on "Se Connecter" on the French page, I need for the browser to lead me to the French log in page
When "Se Connecter" on the French page is clicked it leads you to the English log in, it would have to be changed to be linked to the French log in page.
Existing GCcollab users are unable to request a password reset if they have not yet signed in to the single sign-on with their existing credentials.
When requesting a password reset, no email is sent out.
Temporary solution: Helpdesk must login to users existing GCcollab account, manually change password, then login to the single sign-on. An reply is then sent to the user providing the Forgot Password link and the temporary password.
As an existing user, I should be able to request a password reset regardless if i have not used the single sign-on before.
As a regular an frequent user of GCcollab, I need to be able the login process to be quick and efficient without having to go through the splash page twice and to the Account page before entering the GCcollab site.
The current workflow to login to GCcollab is:
1- Accessing the GCcollab splash page and choose my language preference (English)
2- I'm now on the login page. Enter my login credential and click "login".
3- I'm now in the Accounts page. Select "GCcollab" from the suite navigation icons.
4- I'm now back on the Splash page again. Select my preferred language.
5- Finally! I'm logged in to GCcollab and I'm now on the Newsfeed page.
Proposed Workflow to put in place:
1- Splash Page - select preferred language
2- Login page (Account)
3- Redirected directly to GCcollab's newsfeed page.
Right now, the below code renders as collapsible in GCpedia. In GCcollab wiki, it doesn't.
Users would like collapsible table templates added to GCcollab wiki.
Complete and implement account lockout functionality.
#57
Add GCcollab Message icon and link to the Account menu, along with the icons/links to Wiki and GCcollab. @MPM9000 please add graphic files here. Thanks.
Added feature with de537ab.
As an admin, I need to be able to see which profile is attached to which account. Without phpmyadmin I have no way to confirm which profile is attached to which account.
I have seen duplicate accounts and duplicate profiles. I need a link on the user's page in the Account settings to easily direct me to the associated profile in GCcollab.
Currently the service only responds with a GET response which passes the id_token as a query parameter in the URL. Software we're using only seems to support the POST response mode (reportedly for increased security), where the service winds up POSTING the id_token as a parameter back to the Service Provider.
See details here: https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html
Not a critical issue as we're only prototyping, not relying heavily on this currently, and have gotten around it by double-hopping the request through Azure AD B2C which accepts the GET method from the GCCollab IDp, and returns back to the SP with a POST response mode.
Thanks!
UX design document has been created as a reference point and guideline to assist with the development of the new Request a Membership feature for GCcollab. This is a pilot version of a possible end to end UX process meant to guide the design of new and existing features, apps and microservices.
The current version is a PDF which hopefully can have comments and notes added to it by team members to enhance and strengthen the process while helping improve task clarity.
UXDD_GCcollab_Request_Membership_v01.pdf
this maybe needed in the other projects instead of the account project. Need to properly implement open id refresh tokens.
The logo on the top left of the account services need to be changed to the GCTools logo instead of the GCCollab logo to keep up with consistency.
Docker volumes or mount points are required to be empty upon instantiation by the posgres image. Git requires that a file be present in the folder in order for it to be part of the repo structure.
A solution may be to build an initialization script for the first time running the docker image which empties or creates the posgres-data directory and then runs the docker-compose up --build.
When a user first logs in to message.gccollab.ca with the gccollab account, the user lands on the account page rather than being sent to rocket.
If the user has previously logged in from a certain machine, even if he or she has logged out, a successful login WILL send the user to Rocket chat.
We want to understand why users create multiple accounts on the system. This issue is for R&D into why users do this. Once we understand why we can develop a strategy to deal with it (separate work item)
I have had a growing number of users report that they get 'This email address is not allowed' when using their gc.ca email address to register.
I can't explain it, often they can revisit the register page and successfully register the 2nd or 3rd time.
This one user cannot consistently register using her TBS email. [email protected]
Another user who currently can't register: [email protected]
I have confirmed that both users do not have an existing account.
Likely because of PR #82 creating a new instance from scratch will result in an unusable site due to a missing SiteConfiguration record. It must currently be manually created in the database in order to use the instance.
SiteConfiguration record and what each setting means.Revert and remove SiteConfiguration entirely and instead use one of the many existing django modules for live settings. These include caching, proper cache invalidation, setting forms (admin integration), help text (i18), support for contrib.sites, etc..
The language switcher on the account login page usually does not work in production.
Since I am not sure how your production environment is setup, my guess would be that you have enabled server-side sessions, but are not storing them in a database/cache. The language switcher will only work when you happen to round-robin back to the same process.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.