Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[30pt] - Project authentication #8

Open
5 of 16 tasks
Nemwel-Boniface opened this issue Apr 2, 2023 · 0 comments
Open
5 of 16 tasks

[30pt] - Project authentication #8

Nemwel-Boniface opened this issue Apr 2, 2023 · 0 comments
Assignees
@Nemwel-Boniface

Comments

@Nemwel-Boniface
Copy link
Owner

Nemwel-Boniface commented Apr 2, 2023
edited
Loading

In this milestone, I need to implement the following:

  • Setup devise in the project
  • Add some additional fields to the user table and setup the :configure_permitted_parameters in the application_controller.rb file to permit the additional fields. They include:
    • names
    • role (user and admin) default user
    • profile_photo
    • posts_counter default 0
    • status default active
    • mobile_number
    • email
    • location
  • Add the devise views
  • Update the devise views with the additional fields that are not coming with devise by default
  • Update the project navbar and render the links conditionally depending whether the user is authenticated or not
  • Style all the devise views
  • Configure active storage in the project to make the phot upload work in my project
  • Integrate my project with Cloudinary to upload my images to their cloud services.
  • Implement email confirmation in the project - making use of the gem called "devise-confirmable" and it is a built-in module provided by Devise.
  • Implement two-factor authentication - requires users to provide an additional form of authentication (such as a code sent to their phone) in addition to their password. Devise provides a gem called devise-two-factor for implementing 2FA.
  • Implement account lockout - lock user accounts after a certain number of failed login attempts to prevent brute-force attacks. Devise provides a gem called devise-lockout for implementing this feature.
  • Implement password complexity - set up Devise to require that users choose strong passwords that meet certain complexity requirements, such as a minimum length and a mix of upper and lowercase letters, numbers, and symbols.
  • Implement session time out - To prevent unauthorized access to a user's account if they leave their computer unattended. Devise provides a gem called devise-timeout for implementing this feature.
  • Implement captcha verification - To prevent automated bots from creating accounts or submitting forms. Devise provides a gem called devise-security for implementing this feature.
  • Implement forgot password functionality.
  • AOB

I might decide to change and not use devise for authentication. Let me see how things go as I do more research on this topic.
Will include the links to the gems used
@Nemwel-Boniface Nemwel-Boniface self-assigned this Apr 2, 2023
@Nemwel-Boniface Nemwel-Boniface changed the title [10pt] - Project authentication [30pt] - Project authentication Apr 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Nemwel-Boniface Nemwel-Boniface

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Nemwel-Boniface