-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User account creation #51
Comments
I know @JanKoszewski was experimenting with replacing authlogic with devise, but I don't know the status of that experiment. |
regarding "Helpful errors when login fails", do we want to identify incorrect password vs unknown username? its a potential vulnerability to give outsiders a view of valid usernames. of course, i'm not sure that we need to be too worried about that, but it's something to consider. |
For now? Either way. I always think it's bullshit when sites refuse to tell me which one I got wrong, since I think it's rare that there's not an oracle for that information elsewhere (usually in that site's "forgot password?" flow). But the most common practice is to do it that way, so who am I to complain? |
Currently the login page says "Username/Password combination is not valid" when it fails, the PHP version say says "Invalid username or password. " That seems sufficient to me for the login page. The forgot password page needs creating The user account creation page sends an email. but the link in email is unroutable. The forgot password page needs a working link in the email and the pages could do with a layout. Most pages limit access, but the admin pages need to be limited. The logout action seems to work |
Looks like this is all fixed. Thanks for all your hard work, @jamesprior! |
Various things for the standard authentication system:
.grinnell.edu
email address. Otherwise it gets moderated by the admins. Probably just mimic whatever process happens on the current site.A lot of this stuff already exists, but I do not know exactly what. And some of it probably needs some polishing.
The text was updated successfully, but these errors were encountered: