Skip to content

TODO.md

Latest commit

 

History

History
57 lines (54 loc) · 2.96 KB

TODO.md

File metadata and controls

57 lines (54 loc) · 2.96 KB

Auth TODO

  • Get everything actually working again @mitchell
  • Validate config in createAuth (e.g identityField and secretField exist on the list) @mitchell
  • Implement graphQLSchemaExtension properly based on config @mitchell
  • Secure Admin paths with secureFn if it is provided @mitchell
    • Except publicRoutes
    • Implement no access UI
    • Make no access UI look nice @jed
  • Put generating Auth Admin UI Pages in the package, add them with getAdditionalFiles @mitchell
  • Load Admin Meta from an API route @mitchell
    • With good HTTP caching headers
    • Protect it with the secureFn
    • Make it synchronously available on all pages
  • Write withItemData wrapper for sessions @noviny
    • Session functions will need enough API to execute a query
  • Pass session in context as session @mitchell
    • Remove authentication property from context and the usages of it
    • Pass this as an arg on access control? -- yes
  • Implement signout @jed
    • Only generate the endSession mutation if session.end exists
    • Create UI for the signout page
    • Only generate the signout page if the config is enabled
    • Add a signout button to the Admin UI when the config is enabled
  • [.] Implement forgotten password & magic links @molomby
    • Define the list/fields
    • Add the mutations (auth, get reset token, get magic link)
    • Don't error on failure; create types/union type; UserPasswordAuthSuccess { item token } UserPasswordAuthFailure { code message }
    • Refactor the list and field validation into validateConfig()
    • Build out redemption mutations
    • Auth to return set of fields (to be added to the list); move fields def from example app
    • withAuth() to configure the list config directly
    • Add suffix to config; use for types, mutations, field names, etc.
    • Add config for validUserConditions as an optional set of GraphQL filters; slightly refactor loading of item(s)
    • Fix the withAuth destructuring around fields
    • Hooks – See notes in HOOKS.md
      • Review/revise the existing hooks
      • Implement hooks for the auth, reset pass and magic link
      • Support rate limiting use case
    • Generate the UI if it is enabled
    • Wire up the UI
  • Implement init first user @mitchell
    • Generate the UI if it is enabled
    • Add the check for (no users?) => redirect
    • Lock down with (any users?) => nope
    • Correctly render the field views for the fields defined
    • Create the user
    • Add second screen for following / subscribing to Keystone
    • Set up something somewhere for us to collect the data
  • Write documentation for createAuth @molomby

Backlog

  • Handle session token authorisation header use case
  • Review the API that session functions get, try not to provide the keystone instance
  • 2FA
  • Social Auth