-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create admin user from app? #10
Comments
I'd prefer to keep the /users/setup endpoint same origin. Instead of allowing 3rd party apps to create the admin user (or any user in the future) I'd prefer if we could just redirect http://app.knilxof.org to the box URL. This is how it should work once we have authorization anyway. |
Yes! Good idea. So we can add a 'Create account' link to the login page, and that would redirect to the user to the Box that was discovered through nupnp. |
I have been thinking the redirect would still not be very safe, especially if you get redirected back to the app after user creation completed. It's probably necessary to "hide" the Box a little bit from random web pages. For the three discovery mechanisms:
@cr what do you think? |
See fxbox/registration_server#3 (comment) about this. |
I'll prepare a PR with the redirect from the login page to the Box URL for (admin) user creation. |
I forgot to mention that the setup and login flows on the box already supports redirection fxbox/foxbox@39307e6 |
yes, just noticed. cool! will ping you on irc if I need help with the whole flow. |
This is the hyperlink I added to make the screenshots which I'm about to send out to the mailing list: https://github.com/fxbox/app/compare/master...michielbdejong:user-creation-poc?expand=1 As discussed on irc, we probably want to remove the login from from the app altogether, and use this |
I think we can close this one right? |
Yes! :) |
Right now, the user must first create an admin password on http://192.168.0.42/, before they connect to http://app.knilxof.org (or wherever we will host the app in this repo). That makes the whole discovery mechanism in this app pretty useless :)
possible solution: send the user straight to app.knilxof.org and do the admin user creation from there, but that's something we should discuss, because:
The text was updated successfully, but these errors were encountered: