Hi,
Since the User Management PR has been submitted [1] there has been of a lot
of useful and interesting feedback, thanks Matzew and Abstractj for that.
Some valid concerns has been raised, in particular 2 of them that I would
like to expose here and to discuss to see how we can deal witth them for
the 0.10.0 release :
1.
Currently the password register/reset link that is generated is persisted.
This is a point of concern[2]. The fact is that with the current flow, we
can not go against that:
- An admin create an user, a link is generated.
- The admin send this link to the new user.
- The user browse to link -> at this moment we need to be able to retrieve
the stored link to check for its validity.
Some points :
- The token/register link is presisted without any relation with the newly
created user, so an hacker could not make a connection between the 2.
- The new created user, as long he has not registered through the link,
can not log into the system as he has no password, as Bruno suggested me to
do on the ML.
How shall we deal with that for 0.10.0 ? We can improve in 0.11.0 and also
keeping in mind that keycloak could come into the party quite soon.
2.
Currently, to generate the register link, we use a private key. This key is
located in the project[3]. This should not be in the github project as
pointed by Bruno [4] which make totally sense. I will remove the private
key from the repo and add instructions to tell how and where to put your
private key.
But I don't know how to deal for the UPS cartdridge, since we ship a war,
the private key will be missing. Any ideas input on that is welcome.
For 0.10.0, we could just ship a war containing a private key and add a
warning and maybe add instruction on how to clone the app locally, change
the key and push again (which is not really user friendly when you expect
to have a cartdridge that "just work").
Notice that there is ticket to be able to manage your private key from the
Admin console[5]
Again, in the future, keycloak could be used also to manage the keys.
Besides that, the current PR, in terms of functionnalities works : you can
create and manage users like specified in the specs.
So for the (very soon) 0.10.0 release how shall we deal with these concerns
?
Sebi
[1]
https://github.com/aerogear/aerogear-unifiedpush-server/pull/118
[2]
https://github.com/aerogear/aerogear-unifiedpush-server/pull/118#discussi...
[3]
https://github.com/aerogear/aerogear-unifiedpush-server/blob/register_lin...
[4]
https://github.com/aerogear/aerogear-unifiedpush-server/pull/118#discussi...
[5]
https://issues.jboss.org/browse/AGPUSH-518