Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Story: Enforce Initial Authentication #443

Closed
26 tasks done
jonnalley opened this issue Sep 12, 2022 · 2 comments
Closed
26 tasks done

Story: Enforce Initial Authentication #443

jonnalley opened this issue Sep 12, 2022 · 2 comments
Assignees
@tdonaworth
Labels
security-privacy-compliance Work needed around Security, Privacy, or Compliance story A defined user story adhering to expected norms including a narrative

Comments

@jonnalley
Copy link
Contributor

jonnalley commented Sep 12, 2022
edited by tdonaworth

User Story

As an OPS System Admin, I want to require authentication so that I can limit who is able to initially access OPS and initially prevent undesired user access.

Acceptance Criteria

  • Users must not be able to access any OPS page via direct URL or make any other HTTPS request (GET, POST, etc) without authenticating first
  • Have a provision for session state to expire after the prescribed time (15 minutes)

Tasks

UX Design/Research:

Dev:

Definition of Done Checklist

  • OESA: Code refactored for clarity
  • OESA: Dependency rules followed
  • Automated unit tests passed
  • Automated integration tests passed
  • Automated quality tests passed
  • Automated load tests passed
  • Automated a11y tests passed
  • Automated security tests passed
  • 90%+ Code coverage achieved
  • PR(s) have been merged to main
  • Design/tech debt eliminated
  • Build process updated
  • Documentation updated or added
  • Feature flags/toggles created

Additional Context & Resources

  • There are ACF-specified login banners and messages that need to be used.
  • There are also USWDS styles/components to use for those messages
  • Inactivity/refresh tokens will be handled later
@jonnalley jonnalley added draft draft only, not ready for prime time. still being authored or needs refinement story A defined user story adhering to expected norms including a narrative labels Sep 12, 2022
@jonnalley jonnalley added security-privacy-compliance Work needed around Security, Privacy, or Compliance and removed draft draft only, not ready for prime time. still being authored or needs refinement labels Jan 30, 2023
@tdonaworth tdonaworth mentioned this issue Feb 8, 2023
Merged
@jonnalley jonnalley mentioned this issue Feb 16, 2023
Closed
36 tasks
@tdonaworth
Copy link
Collaborator

Current Warning used:
image

@jonnalley jonnalley reopened this Mar 6, 2023
@jonnalley
Copy link
Contributor Author

opre review on 3/6

@tdonaworth tdonaworth mentioned this issue Mar 21, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tdonaworth tdonaworth

Labels
security-privacy-compliance Work needed around Security, Privacy, or Compliance story A defined user story adhering to expected norms including a narrative
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jonnalley @tdonaworth