Kiran Jonnalagadda
Kiran Jonnalagadda
The Credential Management API is now a (proposed?) web standard for making login flows easier. Documentation: * [Google Developers](https://developers.google.com/web/updates/2016/04/credential-management-api) * [Mozilla MDN](https://developer.mozilla.org/en-US/docs/Web/API/Credential_Management_API) Lastuser should support it so that native flows...
In #215 we enforced a lowercase index for email addresses. This is pragmatic as it is extremely unlikely that a given email domain will have the same account with different...
Lastuser is currently organised into Flask Blueprints. These are however insufficient for separation of concerns. The blueprints constitute a single app with unrestricted access to resources. Lastuser should instead be...
In #166, Lastuser introduced automatic scope for trusted clients (apps hosted on the same parent domain as Lastuser itself, or apps hosted by the same company, ie, HasGeek). That ticket...
Lastuser's `Organization` and `Team` models are modelled on GitHub's. The assumptions are: 1. An Organization is a public-facing brand identity and has a username that shares namespace with `User` account....
In the common scenario where an 'organization' is an event series, owned by another organization that is the company that runs the events, there should be a way to link...
Creating new applications, adding/deleting organizations and other such critical actions should require a password prompt. However, since Lastuser doesn't require a password to login if the account is linked to...
In addition to #15's requirement for a password strength validator, we should use a common password validator to prevent using simple passwords. The [berzerk0/Probable-Wordlists](https://github.com/berzerk0/Probable-Wordlists) repo has multiple wordlists from leaked...
Lastuser needs two-factor authentication for anyone using their account to manage important data. Implementing it requires: 1. Support for verifying mobile numbers and sending text messages to mobile numbers anywhere...
Lastuser stores MD5sum of email, originally to facilitate Gravatar lookup, but as a result of that choice, also in other places like email verification and password reset links. We should...