SP 17 Item 02 - Secure remote access to node GUI
Milestone ID: 2993
As a clinician i want to access my node's GUI from my professional computer on the hospital's network so that i can easily participate to an experiment.
Tasks:
-
add user authentication for using the GUI - user account (login/password)
- local account database, dedicated to the node
- accounts added to the database by node admin, who gives user login/password out of band
- store passwords securely (using salting password?)
- VPN/container environment: permanent (kept if node container removed/re-created)
-
GUI extensions: disconnect button, change password menu, (request change password at first connection, if simple ?), show connected user, inactivity timeout (done through refresh token). -
secure connections HTTPS + server side SSL certificate - give the option to either autogenerate an SSL certificate or load a real, signed certificate
-
option to disable HTTPS + user authentication - disabled by default in
dev
mode, enabled by default invpn
mode
- disabled by default in
-
nice to have: dynamic user creation and update: - creation:
-
option1: creation by user:
- user connects to GUI URL, clicks Sign In, enters email address
- node admin validates account request
-
option2: creation by node admin:
- node admin adds account (login/password/email) in database
-
sends email to user with link to complete account creation + mandatory set password by user
-
- lost password
- user connects to GUI URL, click Lost Password, enters email address
- if account exists, send email to user (same as creation)
- creation:
-
nice to have: 2 factor authentication. Check with hospitals (DPOs ? IT ? data manager ?) for importance + 2FA scheme (email ?). -
optional: support other account database options, after checking with hospital IT teams (Active Directory, LDAP ?)
Validation of the task
- test hospital IT team validates security and integration in IT process/tools
- test clinician validates the user functionality/usability
discussion: to be discussed :
- salting password
- refresh tokens
- HTTP -> HTTPS redirection
- admin panel (one page with notifications, another one displaying a table of users name and password, and to accept incoming registration. It also displays number of users connected)
- create admin account after very first launch / connection to fedbiomed to gui (when database is empty)
Update: we decided to use Tokens over cookies to maintain user connected to his session
There still are some security issues that remain to be fixed
- refresh token should be removed once unused (best practice). currently all refresh tokens are saved into local storage (now fixed)
- generate secret key server side (currently key is hardcoded) (now fixed)