Wishlist for backend features
Entries that are decided upon can be converted to a separate issue.
-
User-side rate limiting.
Password resets and login tries should be rate limited via IP and username. -
FreeIPA rate limiting.
Usage of FreeIPA APIs should also be rate limited. -
FreeIPA re-authenticate mechanism.
Do Kerberos credentials expire? Or rather, does the FreeIPA session expire before the credentials? Should we allow the FreeIPA client to login again within the same process? -
Email should be sent asynchronously.
Page load should not be blocked while waiting for the SMTP exchange. -
User could operate using their own authenticated IPA session.
This can happen in the circumstances in which the login method is known to FreeIPA (e.g. Kerberos, user+pass). Is this really useful? Does it significantly increase security? -
We could probably use an APIRouter instead of using the FastAPI app... Benefits include - having only one /docs endpoint (since it's the same app)
- you can put a
Depends
for the whole include - the syntax is basically the same