chronos/README.md

Chronos

A school event planner and timetable

Todo

• Migrations

• Authentication

  • Global React user
  • OID auth client
  • jwt token provider
    • auth is a choice between oidc and pass, sends token/pass to /auth for validation
    • /auth verifies oid token or pass, generates signed jwt
      • jwt taken contains user role
      • hide/protect certain element
    • fake validator for jwt at protected endpoints
      • assume user is admin

• Create group

• Create one-off events

• Create attachments

  • Description
  • File

• Create group CCAs

  • Create CCA schedules
  • Differentiate CCAs from Mentor Groups

• Create group mentor

  • Importable timetables

• Display events as agenda

• Display events as calendar

• Create sample data

• Refactor toolbar mutator for homepage pagination

Security Pitfalls

• Auth mechanism not verified
• Verification of OID tokens is done by upn being the email address
• Succeptable to insecure direct object references