-
Notifications
You must be signed in to change notification settings - Fork 5
Home
Most wanted are your opinions and ideas. . Please hit 'Edit Page' if you have something to say.
Help with the code and docs is welcome.
See the issues tab
These are open for discussion, not just about the how and priority but also the if at all and why. Please add your own ideas too.
-
Test with more Symfony versions
-
Test with FOSUserBundle, eventually add configuration instructions
-
Maybe support is possible for KnpMenuBundle
-
Administrator user interfaces: - replace annotations by yml configurations - add statistics per user name - releases: for listing, adding and removing
-
Add (example) Controllers and templates for sending e-mails with urls with release tokens and for processing the resulting release requests. (NB: there may also be need for these functions in relation to user administration, like a password forgotten function sending
-
Adding more Guard classes for different types of Authentication Listener, or replacing it by other hooks into symfony's authentication (discussion)
-
Guarding more Paths
"Applications implementing their own authentication systems should consider a threshold governor to prevent the over-use of the following paths:
- Account registration processes (if any)
- Primary authentication path
- Step up authentication (such as two factor tokens)
- Password change**
- Password resets** (**Low value systems only - Most medium and all high value systems should not be using passwords, and thus do not possess password reset capabilities)"
The primary authentication path is already covered. A kernel request listener could be added for blocking other paths by ip address. Support for blocking by username could be usefull too, but some coustomization will be requiered as there is no generic way to obtain the username. A specialization of FOSUserBundle could be provided and could also serve as an example for custom Guards.
Also see the roadmap of the Tresholds Governor library
Quotations are from https://www.owasp.org/index.php/Guide_to_Authentication