Kiran Jonnalagadda
Kiran Jonnalagadda
The search by email feature can be abused to discover user accounts and should not be allowed. However, because it also an extremely convenient feature when checking for a colleague's...
When a user who has no password (used external auth) attempts to login with a password, it will fail. On asking to reset their password, they are told their password...
Users may invite other users via Client apps. #59 already discusses new columns and APIs for clients to communicate with Lastuser and for these introductions to be tagged with the...
When a user goes inactive, there should be two ways to remove email addresses associated with their account: 1. If the email address had a hard bounce 2. If the...
When a user is invited to have an account and they accept, Lastuser needs to ask them for a password so they can access the account again. At this point...
Lastuser will soon have an "invited user" feature. As these users have not actively shown interest in having an account, they need careful handling: 1. Unwanted invites, aka spam 2....
Rather than the current webhook model for push notifications to client apps, Lastuser should provide a reliable queue mechanism that works across the web, perhaps using MQTT. This will help...
Hasjob's EventSession provides better raw data for analytics than Google Analytics captures, so it makes sense to be able to do this with our own code across websites. Lastuser should...
Automatic scope and top level domain cookies introduced via #166 and #168 have greatly improved user management for apps sharing a parent domain. However, apps hosted on other domains still...
Lastuser should implement the session management code introduced in Hasjob as we need a better understanding of user drop-off at the login screen.