Comments (4)
da2ce7
commented on September 10, 2024
Hello Mick,
I think that we should have a more comprehensive account setup process.
- Rate Limiting captcha. + Acceptance of Terms + (Invitation)
- Give Account Registration Recovery Code to User.
The account recovery code is exactly the same as a password + username concatenated together.
[user_id] (supplied by server)
[user_random_code] (32-byte, generated by user)
[user_random_code][user_id] -> [account_recovery_code]
The server stores:
hash[account_recovery_code] -> [hashed_recovery_code]
Under the record of the user_id.
-
User Password (policy optional)
-
Select Username (policy optional)
-
Add Email. (policy optional)
-
Verify Email. Email Settings (Recovery + Security, Announcements, General)
-
The account is in the "email" stage. It is possible to give more privileges than just "pending or public".
(Optional Policy) This account may have an expiry, where it is deleted after a certain date.
-
Add Picture
-
Add Bio
-
Apply for Account Promotion.
If the account meets a certain policy, the user can apply for an account promotion.
A user that has the appropriate privileges can accept the promotion. Ie. Full User.
- Automatic Account Promotions.
The above can happen automatically according to certain administrative policies.
At each stage the account has a status. maybe:
-
Public (no account).
-
Default (no username)
-
Name (username, no password)
-
User (username, password)
-
Mail (with email)
-
Photo
-
Bio
-
Full Account
-
Moderator
-
Administrator
-
Founders (account created before a certain date)
-
Adult (account older than certain amount)
Then we could have all sorts of activity based statistics connected to accounts and enable promotion requests or automatic promotions based upon these statistics.
from torrust-index-archive.
WarmBeer
commented on September 10, 2024
Hey @da2ce7 ,
I think this is a good idea.
I'm only a bit confused by having user passwords as optional. Would users then only login with their username and/or Account Registration Recovery Code?
I'm currently working on an ERD for a new database structure that incorporates this issue as well as #30.
from torrust-index-archive.
da2ce7
commented on September 10, 2024
@WarmBeer I've updated the account_recovery_code part to be more descriptive.
from torrust-index-archive.
da2ce7
commented on September 10, 2024
from torrust-index-archive.
Related Issues (20)
- Allow renaming categories and tags HOT 3
- Show number of torrents using a tag in the `tag` administration tab HOT 1
- Report issue button HOT 1
- Contributor Agreement (CA) HOT 7
- The frontend and backend need to be moved into their own repositories
- Readme additions and corrections HOT 2
- Workflows with errors
- README: Test and Build badge HOT 1
- Contributor agreement adaptation to Torrus from the original Nautilus Cyberneering and clean up empty lines in Readme
- Contributor Agreement - Replace one Nautilus Mention
- LICENSE - Multilicense change links to Torrust and take out the Nautilus reference
- User Roles/Permissions HOT 2
- Improve error messages in the UI HOT 3
- [bug] users not getting logged out when their sessions expire HOT 2
- Implement Cameron's signed invitation proposal HOT 4
- Overhall Readme File
- Make backend settings read-only HOT 1
- Scraping the DHT?
- Allow banning users HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from torrust-index-archive.