Roadmap 0.0.3

[neokoenig]

• Add Installation via commandbox
• Breaking change: application settings now stored as serialized JSON to help with migrator bug (see Migrator - addRecord doesn't work right for sql server if you have a number in a text field wheels#871)
• Ensure password isn't in email address

To Do:

• Ensure password isn't in top 100000 hacked password lists
• Add Travis CI Support
• Travis: Unit tests require DB; DB migrate can't access custom servername from CLI, so need to fix that first.
• Protected 'superadmin' flag on accounts which can't be assumed etc

Maybe:

• Add LDAP example?
• Add some sort of Brute force attack mitigation
• If login required to auth'd page, add an appropriate redirect after login
• Possibly change AES encryption on cookie to be JWT?
• Add OAuth/Twitter/Facebook, if time allows
• 2FA Maybe (!)
• Add JSON based API using Basic Auth/API Key
• Add JWT Authentication (Will still technically use sessions as we can't mix and match in a single app, but would be an example of API Authentication)
• Localisation / i8N?
• Add http headers as per https://github.com/ddspringle/framework-one-secure-auth/blob/master/MyApplication.cfc#L94

[chapmandu]

I recently implemented this as a service for pwned password check

https://github.com/JayIsPainting/CFML_HIBP

[neokoenig]

Cool. Might make a good plugin? Either that or I'll implement it directly. I'm warying of building in too many 3rd party dependencies though. My original idea was based on https://github.com/ddspringle/framework-one-secure-auth which just has a txt file(!) cached as an array for lookup.

[chapmandu]

It would be perfect as a plugin. I like HIBP as it's up to date, and I don't have to commit a huge txt file to my repo and keep it up to date.. but yeah, I get not wanting too many 3rd party services.

[neokoenig]

I might add it in as an application level switch or something

[malpaso]

Would definitely like to see signup/login via Auth0 (JWT). Great app btw!

[MvdO79]

Thanks again for this app! Further checking it out, posting errors if I see them, and tomorrow translate to Dutch.

[openbizgit]

@malpaso Please have a look at this example ColdFusion AuthO : https://github.com/namitan/cf_auth0_sample

[neokoenig]

Thanks @malpaso @openbizgit - I think what I might do is try and put most of the Auth0 functionality into a plugin, but then include the appropriate Authentication model/methods in the example app, so people can then chose how/if they want to use it. Thanks for the example - always useful.