You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- New feature: magic (email-based) login, with password fallback
- New feature: Time-based One-Time Password (TOTP) authentication
- Security enhancements to improve consistency, safety and reliability of the authentication process (see full description in the frontend app)
- Refactoring of `login` APIs
- Requires one new `frontend` dependency: [QRcode.vue](https://github.com/scopewu/qrcode.vue)
-**Docker Compose** integration and optimization for local development.
50
+
-**Authentication** user management schemas, models, crud and apis already built, with OAuth2 JWT token support & default hashing. Offers _magic link_ authentication, with password fallback, with cookie management, including `access` and `refresh` tokens.
49
51
-[**FastAPI**](https://github.com/tiangolo/fastapi) backend with [Inboard](https://inboard.bws.bio/) one-repo Docker images:
50
-
-**Authentication** user management schemas, models, crud and apis already built, with OAuth2 JWT token support & default hashing.
51
52
-**SQLAlchemy** version 1.4 support for models.
52
53
-**MJML** templates for common email transactions.
53
54
-**Metadata Schema** based on [Dublin Core](https://www.dublincore.org/specifications/dublin-core/dcmi-terms/#section-3) for inheritance.
54
55
-**Common CRUD** support via generic inheritance.
55
56
-**Standards-based**: Based on (and fully compatible with) the open standards for APIs: [OpenAPI](https://github.com/OAI/OpenAPI-Specification) and [JSON Schema](http://json-schema.org/).
56
57
-[**Many other features**]("https://fastapi.tiangolo.com/features/"): including automatic validation, serialization, interactive documentation, etc.
57
58
-[**Nuxt/Vue 3**](https://nuxt.com/) frontend:
58
-
-**Authentication** with JWT and cookie management, including `access` and `refresh` tokens,
59
59
-**Authorisation** via middleware for page access, including logged in or superuser.
60
60
-**Model blog** project, with [Nuxt Content](https://content.nuxtjs.org/) for writing Markdown pages.
61
61
-**Form validation** with [Vee-Validate 4](https://vee-validate.logaretm.com/v4/).
@@ -108,6 +108,7 @@ The input variables, with their default values (some auto generated) are:
108
108
-`docker_swarm_stack_name_staging`: The name of the stack while deploying to Docker in Swarm mode for staging. By default, based on the domain.
109
109
110
110
-`secret_key`: Backend server secret key. Use the method above to generate it.
111
+
-`totp_secret_key`: Two-factor security (TOTP) server secret key.
111
112
-`first_superuser`: The first superuser generated, with it you will be able to create more users, etc. By default, based on the domain.
112
113
-`first_superuser_password`: First superuser password. Use the method above to generate it.
113
114
-`backend_cors_origins`: Origins (domains, more or less) that are enabled for CORS (Cross Origin Resource Sharing). This allows a frontend in one domain (e.g. `https://dashboard.example.com`) to communicate with this backend, that could be living in another domain (e.g. `https://api.example.com`). It can also be used to allow your local frontend (with a custom `hosts` domain mapping, as described in the project's `README.md`) that could be living in `http://dev.example.com:8080` to communicate with the backend at `https://stag.example.com`. Notice the `http` vs `https` and the `dev.` prefix for local development vs the "staging" `stag.` prefix. By default, it includes origins for production, staging and development, with ports commonly used during local development by several popular frontend frameworks (Vue with `:8080`, React, Angular).
@@ -197,13 +198,34 @@ This stack can be adjusted and used with several deployment options that are com
197
198
198
199
Please refer to <ahref="https://dockerswarm.rocks"target="_blank">DockerSwarm.rocks</a> to see how to deploy such a cluster in 20 minutes.
199
200
201
+
## Authentication with magic and TOTP
202
+
203
+
> Any custodial changes to user-controlled information must be treated as requiring full authentication. Do **not** assume that a logged-in user is the authorised account holder.
204
+
205
+
Most web applications permit account recovery through requesting a password reset via email. This has process has been hardened using dual JWT tokens, and is offered as a primary authentication method, with password fallback.
206
+
207
+
Time-based One-Time Password (TOTP) authentication extends the login process to include a challenge-response component where the user needs to enter a time-based token after their preferred login method.
208
+
209
+
For development, you may prefer to use login and password.
210
+
200
211
## More details
201
212
202
213
After using this generator, your new project (the directory created) will contain an extensive `README.md` with instructions for development, deployment, etc. You can pre-read [the project `README.md` template here too](./{{cookiecutter.project_slug}}/README.md).
203
214
204
215
## Release Notes
205
216
206
-
### Latest Changes
217
+
### 0.7.0
218
+
219
+
- New feature: magic (email-based) login, with password fallback
220
+
- New feature: Time-based One-Time Password (TOTP) authentication
221
+
- Security enhancements to improve consistency, safety and reliability of the authentication process (see full description in the frontend app)
222
+
- Requires one new `frontend` dependency: [QRcode.vue](https://github.com/scopewu/qrcode.vue)
223
+
224
+
### 0.6.1
225
+
226
+
- Corrected error in variable name `ACCESS_TOKEN_EXPIRE_SECONDS`
227
+
228
+
### 0.6.0
207
229
208
230
- Inboard 0.10.4 -> 0.37.0, including FastAPI 0.88
0 commit comments