Skip to content
This repository has been archived by the owner on Feb 19, 2021. It is now read-only.

Implement user authentication #25

Closed
patateqbool opened this issue Aug 16, 2018 · 7 comments
Closed

Implement user authentication #25

patateqbool opened this issue Aug 16, 2018 · 7 comments
Assignees
@patateqbool
Labels
enhancement New feature or request
Milestone
0.3

Comments

@patateqbool
Copy link
Member

patateqbool commented Aug 16, 2018
edited by NeatMonster
Loading

Implementing some kind of user authentication would allow for some partitioning between users and projects so that not everyone is able to access everything on the server. Also, by introducing a permissions system, we could make a project read-only.
@SilverBut
Copy link
Contributor

I have a version based on the client-side certificate. However, I will not open a PR until a fixed some stability and GUI issues.

@patateqbool
Copy link
Member Author

Yes I saw your fork and your commits, it is indeed an option envisagable. The other option would be to create a web interface/Qt frontend to create accounts and manage permissions.
I'm not sure that the two features are mutually exclusive, we could implement both imho.

@SilverBut
Copy link
Contributor

Now we have a config file, so adding a QT frontend is not hard. The problem is how to implement it, if not using certificate...

@NeatMonster NeatMonster changed the title Implement user authentication User Authentication Aug 17, 2018
@NeatMonster
Copy link
Member

I have a version based on the client-side certificate.

I think an username/password approach would be easier to manage. I like your idea to be able to use a custom PKI to authenticate the server, but I don't think it matches our needs for this feature.

@NeatMonster NeatMonster added the enhancement New feature or request label Aug 17, 2018
@NeatMonster NeatMonster changed the title User Authentication Implement user authentication Aug 17, 2018
@NeatMonster NeatMonster added this to the 0.3 milestone Aug 17, 2018
@SilverBut
Copy link
Contributor

I like your idea to be able to use a custom PKI to authenticate the server,
This is only a small part of the code.

Client-side certificate means the client needs to send its own certificate to server, and server will check if it's signed with an valid CA or it can be directly trusted. It is not used for auth the server.

And it still remains a problem about how to auth an user. Let's assume there already have some user authentication method, and the problem is: should SSL be forced if the method is applied? If not, we may need to have a strong design of the auth method. Or, we can just use something like basic authentication, since server can be trust.

@NeatMonster
Copy link
Member

I know you implemented mutual authentication on your repo. I just meant that I can see value in authenticating the server using a custom certificate chain. But authenticating clients the same way might be very practical for large corporations, but way overkill for small groups of individuals.

You're right that we need to do authentication correctly if we allow SSL to be disabled though.

@patateqbool patateqbool mentioned this issue Aug 23, 2018
Closed
@NeatMonster
Copy link
Member

I think this issue and #45 have the same end goal. We'll need some kind of mandatory SSL tunnel and some kind of user authentication. I'm closing this issue in favor of the other one (that I have also renamed).

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@patateqbool patateqbool

Labels
enhancement New feature or request
Projects
None yet
Milestone
0.3
Development

No branches or pull requests
3 participants
@NeatMonster @SilverBut @patateqbool