ambrose
/
chronos
mirror of https://github.com/serverwentdown/chronos.git
1
0
Fork 0
Code Releases Activity
chronos/README.md

919 B
Raw Blame History

Chronos

A school event planner and timetable

Todo

  • Migrations, default data

  • Authentication

    • Global React user
    • OID auth client
    • jwt token provider
      • auth is a choice between oidc and pass, sends token/pass to /auth for validation
      • /auth verifies oid token or pass, generates signed jwt
        • jwt taken contains user role
        • hide/protect certain element
      • fake validator for jwt at protected endpoints
        • assume user is admin

  • Create group

  • Create one-off events

  • Create attachments

    • Description
    • File

  • Create group CCAs

  • Create group mentor

  • Display events as agenda

  • Display events as calendar

  • Create sample data

Security Pitfalls

  • Auth mechanism not verified
  • Verification of OID tokens is done by upn being the email address
  • Succeptable to insecure direct object references