app
app copied to clipboard
simple-login
Added TOTP-like alias generation and included some extra information on CONTRIBUTING.md
I like having short aliases, but UUIDs are very long, and I prefer using random characters instead of two random words, so I constantly find myself creating custom aliases like:
[email protected]
This pull request adds a mode that allows creating random aliases just like that one, which is very similar to the code we might get when using one-time-passwords.
I also modified CONTRIBUTING.md and explained that to copy the example.env, we first have to go back to the root folder. I spent a minute trying to find out why I could not copy that file π
Please do let me know if there is anything else I need to do before this can be merged π
Hey, thanks for the PR! It seems to be a nice feature. I'll leave some comments:
- The keyspace is too short. If we get to a million aliases we will have a 1 in 2k chance of collision. Since we can't use upper and lower case characters, at least make it 9 chars long.
- Please don't call it totp. It stands for time-based one time password. It's neither time based nor a password. Can we call it
shortor something like that? - Can you add a test to make sure the alias is generated as expected?
- Please don't call it totp. It stands for time-based one time password. It's neither time based nor a password. Can we call it
shortor something like that?
I'd say short_uuid to give a clearer context
Hey, thanks for the PR! It seems to be a nice feature. I'll leave some comments:
* The keyspace is too short. If we get to a million aliases we will have a 1 in 2k chance of collision. Since we can't use upper and lower case characters, at least make it 9 chars long. * Please don't call it totp. It stands for time-based one time password. It's neither time based nor a password. Can we call it `short` or something like that? * Can you add a test to make sure the alias is generated as expected?
@acasajus You're right, I'll increase the keyspace, but can we make this customizable when using custom domains? Maybe not in this PR as it will require adding a button to the front-end, too.
I know it's not a TOTP, but I'm very bad at naming and that's the first thing that came to mind when I saw word and uuid π
and yeah, I'll add a test case.
- Please don't call it totp. It stands for time-based one time password. It's neither time based nor a password. Can we call it
shortor something like that?I'd say
short_uuidto give a clearer context
@ntnhon That does sound But that can also be misleading because it would not be a uuid, maybe alphanumeric? slid? How about short_code?
I'm glad you told me to write some tests because the previous code had some bugs, but now it should be better. I ended up calling this alias generator random_string like the suffix generator
Funny, I was thinking that it'd be great if we had a dictionary in the enum class for that, to avoid modifying the same code in the future, but I didn't know that we could already do that. Pretty cool. Will update the code soon π
Looks good!
However I think "random characters" is a better name than "random string", technically all current email generating methods are "random string" methods. Just a small input though.
Additionally I think random character alias length should be defined in the environment variables, just like how the path to the words file is. This to easily propagate eventual changes to the alias length across the whole code base.
Is there any update on when this could be implemented? βΊοΈ
EDIT: Related issue here #1252
@Nautman it seems that there are still some questions that are not answered/addressed yet in the PR.
@zafuru anything new to this? I am really hoping that this could be merged soon! thanks for your work!
I personally like this feature, hope this can be merged soon. For reference, DuckDuckGo Email Protection currently uses 8 random lowercase letters and numbers for their address generation and it seems to work well for them.
