Giters

sb8244 / pow_starter_pack

My all-included Elixir Pow project to serve as an example

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Pow Exploration Project - User Service

I setup this project to explore how Pow works, and to configure an instance of how I might want to run Pow. This allows me to freely judge the project, and determine if I'd ever use it.

I'm quite happy with Pow so far. I've been able to keep control over my user flow, and have even gone so far as to implement SSO flows on top of Pow. The flexibility has been good, while still giving me everything I need to be successful.

This project is still a WIP, until the checklist at the bottom is fully completed.

Running the Project

You can startup this project with the following commands:

mix deps.get && npm install --prefix assets && mix ecto.setup
mix phx.server

This starts on port 4000, but expects to run via http://idp.localhost.development:4000. You can set this up in your /etc/hosts file as:

127.0.0.1 idp.localhost.development test.localhost.development

You should also startup the user consumer if you want to see the SSO flow in action.

Sent Emails

You can view sent emails (in-memory only) at http://idp.localhost.development:4000/sent_emails. Use this to confirm any created users.

OAuth Login

You can create a GitHub app to test out OAuth connection. The SalesLoft one is just there to see how Assent works with custom OAuth providers. Update config/dev.secret.exs to include your sensitive environment variables. It's not version-controlled.

TOTP

I setup a basic TOTP implementation as a pow extension to see what writing a custom extension was like. I don't think I'm going to finish it at the moment, but it can be found on the branch pow-totp.

You can find the extension (not finished) at https://github.com/sb8244/pow_totp.

User Consumer

There is an included sub-project that implements the consumer side of SSO. It has code for both server-server and client-server SSO. Start it via:

cd user_consumer
mix deps.get
mix phx.server

It starts on port 4001, but expects to run via http://test.localhost.development:4001 for local testing purposes. This allows it to be on a different domain than the IDP, which proves that it is working correctly. You can use the /etc/hosts setup in the previous section.

TODO

  • Setup Redis cache store with namespace
  • Make cookie live longer than session (possibly persistent extension)
  • Sign in with redirection
  • SSO API server
  • Review all messages (Pow.Phoenix.Messages, [Pow Extension].Phoenix.Messages)
  • Setup mailer (local)
  • SSO API server auth (JWT token auth)
    • Add GUID to user for reference
    • CORS
  • Do not store the full user in the session
  • UI
    • Bulma to BS4?
  • Capture user name on registration
  • Social login
    • Logging on all failure (like add-user-id triggering)
  • 2FA
  • [o] invites
    • Basic setup
    • Attach arbitrary attributes to the invite (is Pow okay for this?)
    • View all pending invitations sent by the current user (user enumeration vector?)
  • Admin interface to manage users
    • Manually confirm emails
    • View user information
    • Send reset password link
  • Team concept?
    • I'm a bit unsure if I want to introduce this here or not. It should be where invites are, or the 2 systems would need to cross talk about invites.

Tests

  • Redis Cache Tests
  • IDP tests

About

My all-included Elixir Pow project to serve as an example

License:MIT License

Languages

Language:Elixir 82.9%Language:HTML 15.6%Language:JavaScript 1.3%Language:CSS 0.2%