accountserver issueshttps://git.autistici.org/ai3/accountserver/-/issues2020-07-03T20:57:10Zhttps://git.autistici.org/ai3/accountserver/-/issues/16when disabling a user, we should not recursively disable mailing list2020-07-03T20:57:10Zalewhen disabling a user, we should not recursively disable mailing listMailing lists have multiple ownership, disabling a user should not deactivate its lists too.Mailing lists have multiple ownership, disabling a user should not deactivate its lists too.https://git.autistici.org/ai3/accountserver/-/issues/15Add support for statsId2020-05-17T15:54:12ZaleAdd support for statsIdThe piwik/matomo identifier associated with each website.The piwik/matomo identifier associated with each website.https://git.autistici.org/ai3/accountserver/-/issues/13Replace direct password checks with calls to the auth-server2020-02-11T12:07:52ZaleReplace direct password checks with calls to the auth-serverhttps://git.autistici.org/ai3/accountserver/-/issues/12Implement account deletion workflow2020-02-05T09:56:42ZaleImplement account deletion workflowhttps://git.autistici.org/ai3/accountserver/-/issues/10Support creationDate2020-01-15T10:09:13ZaleSupport creationDateThe legacy A/I schema requires a *creationDate* field on all resource objects.The legacy A/I schema requires a *creationDate* field on all resource objects.https://git.autistici.org/ai3/accountserver/-/issues/9Support for distributed operation2019-09-09T10:13:24ZaleSupport for distributed operationhttps://git.autistici.org/ai3/accountserver/-/issues/8alias non e' riconosciuto come listadmin2019-06-09T10:13:31Zputroalias non e' riconosciuto come listadminSe un utente usa un alias per gestire una lista, la lista non compare nel pannelloSe un utente usa un alias per gestire una lista, la lista non compare nel pannellohttps://git.autistici.org/ai3/accountserver/-/issues/7CI does not run integration tests2019-05-05T15:44:33ZaleCI does not run integration testsThe autotest step in debian/rules is not running tests in the integrationtest/ subdir, probably because there are no non-test Go source files there. There's probably a way to tell dh-golang to do so anyway though.The autotest step in debian/rules is not running tests in the integrationtest/ subdir, probably because there are no non-test Go source files there. There's probably a way to tell dh-golang to do so anyway though.https://git.autistici.org/ai3/accountserver/-/issues/6Implement search functionality2019-02-03T11:00:31ZaleImplement search functionalityRequired by the account management UI.Required by the account management UI.https://git.autistici.org/ai3/accountserver/-/issues/5Make ResourceID actually opaque2018-11-18T07:55:11ZaleMake ResourceID actually opaqueThis is a YAGNI-class problem: the ResourceID has a complex structure that unifies representation, classification, and opaque database ID. This is unnecessary and introduces a weird translation layer between these IDs and LDAP DNs. Furth...This is a YAGNI-class problem: the ResourceID has a complex structure that unifies representation, classification, and opaque database ID. This is unnecessary and introduces a weird translation layer between these IDs and LDAP DNs. Furthermore, the path-like structure isn't really used, as we have parent_ids for hierarchy.
Instead, we should separate this into a Type, and a completely opaque database ID (which is never shown to the user), that can simply be the DN for the LDAP backend.https://git.autistici.org/ai3/accountserver/-/issues/4Support password last change attributes2018-11-14T08:40:55ZaleSupport password last change attributesNeed to support shadowLastChange LDAP attributes and friends, that allow us to track the time of the last password change for every user. This needs to be handled in the database *and* surfaced to the API on the User object.Need to support shadowLastChange LDAP attributes and friends, that allow us to track the time of the last password change for every user. This needs to be handled in the database *and* surfaced to the API on the User object.https://git.autistici.org/ai3/accountserver/-/issues/3Stricter control on problematic state transitions2018-11-18T07:53:16ZaleStricter control on problematic state transitionsThere are some corner cases in user state transitions that should be handled better:
* [x] if we initialize encryption keys for a user with a new password, existing secondary authentication passwords (recovery, ASPs) must be cleared or ...There are some corner cases in user state transitions that should be handled better:
* [x] if we initialize encryption keys for a user with a new password, existing secondary authentication passwords (recovery, ASPs) must be cleared or we end up in a state where the user thinks the account is recoverable, but it isn't
* [x] when the last 2FA token is cleared (otp or u2f), we must ensure that ASPs are cleared too
* probably others (modify the issue to add more)
Some of these things will require feedback on the actions taken to be returned in the response, to show the right UI to the user.https://git.autistici.org/ai3/accountserver/-/issues/2Refactor2018-11-12T10:29:52ZaleRefactorThe code as it stands fails a bit short of its intended target of simplicity and readability. The API is ok-ish, and even the internal database abstraction is salvageable, but the business logic implementation is still confusing.The code as it stands fails a bit short of its intended target of simplicity and readability. The API is ok-ish, and even the internal database abstraction is salvageable, but the business logic implementation is still confusing.https://git.autistici.org/ai3/accountserver/-/issues/1Add logging to usermetadb2018-11-12T10:30:04ZaleAdd logging to usermetadbAccount management actions should be logged to the user activity log (usermetadb).Account management actions should be logged to the user activity log (usermetadb).