Proposed user creation with client side QR

[SmithPeder]

New flow for user creation

1. The user is prompted with the Create user button that generates a username and a password.
2. The user is prompted to take a screenshot of the random username and password.
3. The user is shown a QR code created by a username:password:code string. The user is now ready to approach the mod-computer.
4. The moderator scans a white card, giving the mod-computer the cardKey, which prompts the camera feature on the computer.
5. The user shows his/hers QR code to the computer camera
6. The mod-computer sends the username, password, code and cardKey to the VOTE-API
7. The VOTE-API creates the user, and sends a websocket msg to all users with the code
8. The user sees his/her code on the websocket msg, and his/hers username and password are autofilled and logged in.

[odinuge]

Proposal v2.1

Make 1 RSA keypair on API-startup (or via env, but we only run one instance because of sockets), and all qr-codes are encrypted with that one. The public key can be embeded into the HTML-response, or fetched via. a simple request.

Not 100% necessary, but the QR code may be visible for several minutes, and with this it wouldn't matter.

Any thoughts @orhanhenrik?