Comments (5)
This feature is finally implemented.
There is a new authorization option: Password Authorization. It's configured by Auth.AllowPasswordAuth
option in appsettings.json
, which is turned on by default. This allows you to:
- Register the initial admin user without configuring any social network providers
- Create new user accounts with a login and password
A user account is always bound to a specific type of authorization. There is no way to change the authorization type for an existing account.
Password for any account can be reset by the administrator. Administrator can reset their own password as well if they are logged in. However, if there is only one admin account, it's password-based and the password is forgotten - there's no built-in way to restore this password besides raw database manipulation by external tools. I'm considering this functionality for later.
A user account will get locked out if there are 10 consecutive failed password attempts. To unlock the user, their password must be reset.
from bonsai.
- User authorization kinds: remote provider & password (database support)
- Reset password for a user in admin panel
- Authorization form
- Initial registration when no remote providers are configured
- Root admin password reset
from bonsai.
This needs careful consideration.
There were 2 main reasons for choosing Facebook / Google as primary authorization options:
- All the complexity is delegated to these services: you don't need to configure 2FA, SMTP for sending password reset emails, pay for a SMS gateway integration, etc. There are benefits for everyone: smaller code in Bonsai to maintain, fewer dependencies for admins and a frictionless process for users.
- Facebook provides name and email, so the user doesn't have to enter them manually during registration. Gender and birthday can also retrieved, but this requires the app to be validated by Facebook (hard and cumbersome), so these were dropped.
So, for "production mode" OAuth providers will stay as the only authorization option. However, it makes sense to add a "no-authorization" mode for people who are just checking Bonsai out and want faster installation. For example, there will be just one account named "Admin", which requires no authorization.
I will look into this, but this is not the top priority at the moment.
from bonsai.
I understand your position, however I'd like to propose another option.
If we consider this application primarily as not-so-big-family service ruled by one person who knows what he's doing I think the easiest way for authorization would be just insert directly into DB (or via admin page) login/passwords for all family members.
Yes, it's manual operation but it's one-time since I assume family isn't a really fast growing thing.
It also could much easier way to give an access to elderly (or not) family members which didn't have Facebook or Google accounts but be able to use written login/password.
from bonsai.
Assigning accounts manually makes sense. Can't give an estimate on when I'll get round to implementing this, though, but a pull request would be very welcome.
from bonsai.
Related Issues (20)
- Форма авторизации показывается даже, если пользователь уже авторизован
- Привести форматы дат в порядок
- На странице логина не показывается ссылка на регистрацию
- Сортировка медиа-файлов по тегам
- Не работает поиск в админке при использовании SQLite
- Прямой переход на страницу при поиске
- Некорректная сортировка медиа по количеству тегов
- Отображать версию приложения в админке
- Отсутствует валидация конфига
- Заглавная картинка не-квадратной формы отображается растянутой
- На тестовом стенде не показываются деревья
- Демо-режим: дерево не отображается после старта контейнера
- Улучшить ссылки на соцсети
- Обновить скриншоты в readme
- В "Большом древе" накладываются линии связи друг на друга HOT 1
- Поле "Контактный номер телефона"
- При редактировании существующих страниц возникают дубли при поиске HOT 1
- Некорректно отображается выпадалка при @-упоминании
- Подсказка страниц некорректно работает на SQLite
- Некорректное отображение фамилий некоторых людей на графе HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bonsai.