Password-less Login

[etruta]

Possibility to login from a link (token).

This has 2 methods:

1. GET /passwordless/token: To request a passwordless token, that send the token to a webhook (responsible to send the email to account id);
2. POST /passwordless/login: To login with this token.

The webhook url is setted by env APP_PASSWORDLESS_TOKEN_URL.

This token can be used until expired, your time to expire is setted by env PASSWORDLESS_TOKEN_TTL.

[coveralls]

Coverage increased (+0.4%) to 73.479% when pulling 5e6c10d on etruta:passwordless into a5d4ebf on keratin:master.

[coveralls]

Coverage increased (+0.4%) to 73.477% when pulling 86eb9df on etruta:passwordless into 68df61e on keratin:master.

[cainlevy]

This is next on my list! I hope to get to it within the next few days. 🎉

[cainlevy]

@etruta Love it!

I'd like to upgrade this before release with a nonce or optimistic lock that allows these tokens to expire before the TTL. Right now my best idea is to add an accounts.last_login_at field that is updated as expected, then compare it against a lock field in the token (just like with password resets). Thoughts? I'm happy to contribute that part.

[etruta]

@cainlevy, What do you think about to update accounts.last_login_at in api.NewSession?

[cainlevy]

@cainlevy, What do you think about to update accounts.last_login_at in api.NewSession?

perfect 💯

[cainlevy]

@etruta I have a bit of extra time coming up. Let me know if I can be of any help?

[etruta]

Hi @cainlevy, it's ok. I returned today with more time to this project too, until tomorrow I hope to solve this questions.

[cainlevy]

I think ... I think that does it! Thanks for this contribution @etruta!

I'll start working on a demo integration and any bits of documentation needed to release this.

[cainlevy]

released in v1.5.0 🎉