Details
-
Task
-
Resolution: Won't Do
-
P2: Important
-
None
-
None
-
None
Description
Right now what we do is that in one call, we call the "discovery", "login", "conan_pwd" and also add the conan_user to "artifactory".
IMHO, we could break this thing into:
- discovery + login
- store jwt, env in JS (will it be secure??)
- discovery + login + conan_pwd
- needs to store the "session" from the user or at least store authentication variables from previous step
- add add groups to conan_user - so that they can access the repo
In the current flow, the flaw is that:
- Even without completing onboarding process, the user is granted access to docker repo