-
-
Notifications
You must be signed in to change notification settings - Fork 10
Home
Tom King edited this page May 25, 2018
·
6 revisions
Welcome to the cfwheels-example-app wiki!
This sample application is not a complete Content Management System, and is more of a starting point for your own applications; it aims to demonstrate some of the framework's features such as Database migrations, routing etc.
- Create, update & disable users
- Assume user accounts
- Disabled (soft deleted) users can then be deleted
- Searchable/Filterable User Index
- Filter audit logs by user activity/ip
- Optional User Registration
- 3 Default roles: Admin, Editor, User
- New roles can be added via web interface
- Each role can have default permissions set
- Automatic cascading Controller Based Permissions based on controller/action path
- Each user can then have additional permissions (overrides)
- Permissions can be altered via web interface
- Named Permissions
- Tableless models used for Authentication
- Easily add your own custom Auth model
- "Local" user accounts are the default
- TODO: LDAP example provided
- This app uses session based authentication, session rotation and session invalidation
- Sets Set Cache-Control: must-re-validate for authenticated pages
- Sets HTTPOnly attribute on Cookies
- Brute force attack mitigation
- "Remember Me" Cookie function
- OAuth/Twitter/Facebook, if time allows
- Passwords hashed via bCrypt (AuthenticateThis plugin)
- Password reset feature
- Require password change on login
- Database based configuration and settings
- Uses Database Migrations
- Tests also included
- Has some rudimentary logging for auditing activity
- Log extended data
- Log Severity level
- Installer
- TODO: JSON based API using Basic Auth/API Key
- TODO: JWT Authentication
- Will still technically use sessions as we can't mix and match in a single app, but would be an example of API Authentication