ohadr / authentication-flows-js Goto Github PK
View Code? Open in Web Editor NEWauthentication-flows-js is a powerful and highly customizable framework that covers all flows that any express-based authentication-server needs.
authentication-flows-js is a powerful and highly customizable framework that covers all flows that any express-based authentication-server needs.
ensure that Even if we don’t find an email address, we return 'ok' as our status.
We don’t want untoward bots figuring out what emails are real vs not real in our database.
My web app has a pretty standard feature that allows a user who forgot their password to reset it by sending themselves a password reset email with a link to the page to create a new password.
I'm concerned that person1 could use this page to harass person2 by claiming to need a password reset email, but giving the email address of person2, and automate this with a bot, sending massive numbers of emails to person2. It wouldn't reveal any secrets, but it could be very annoying, even a DoS on their inbox, and my application would get the blame.
rather than "debug()", use a good logger (e.g. log4js)
the hosting app needs to "guess" which env-vars it should define. it is more clear to pass all relevant configuration in the .config() method. for example, the details of the email-server:
process.env.emailSender
process.env.smtpServer
process.env.smtpPort
process.env.emailServerUser
process.env.emailServerPass
better use use log4js-api
, and let the user-app to configure the logger:
https://github.com/log4js-node/log4js-api
change activate URL to /aa/ instead of /aa?uts=
since in-mem is lightweight impl and requires no dependencies, it is better to be here in the main package rather than in a seperate package (OhadR/authentication-flows-js-inmem)
related to #11
use policyRepo.getDefaultAuthenticationPolicy().getMaxPasswordEntryAttempts(), rather hard-coded '5'
when error upon sending email (e.g. mail not configured) do not throw error, only log
because if i throw error, so for example in account-lock scenario, the user do not see the lock page because in the code the LOCK_ERROR is never thrown but instead there is the error because of the email.
so log the error to the logger, but do not throw.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.