View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0021854 | mantisbt | authentication | public | 2016-11-04 04:18 | 2016-11-27 00:45 |
Reporter | vboctor | Assigned To | vboctor | ||
Priority | normal | Severity | minor | Reproducibility | N/A |
Status | closed | Resolution | fixed | ||
Product Version | 2.0.0-rc.1 | ||||
Target Version | 2.0.0-rc.2 | Fixed in Version | 2.0.0-rc.2 | ||
Summary | 0021854: Re-authenticating when visiting manage page should re-use login page | ||||
Description | If a plugin extends the login page to support alternative login mechanisms, then the re-authenticate form that shows when user Manage page doesn't make a lot of sense. Instead of maintaining login logic in two places, we should have the re-authentication redirect to login page and pre-fill the username. This way, we have a single flow and UI for login. | ||||
Tags | No tags attached. | ||||
IMO, username should moreover be read-only in this case |
|
I don't know if we really need it to be read-only. However, we should have the username defaulted, and the focus on the password field by default. User should be able to change the username to go from vboctor to vboctoradmin if they like (as an example). But in most cases, they should just type in a password and press enter. |
|
I hear your argument, but from my point of view it sounds weird to allow someone to switch users in a reauthentication context. Not a big deal if they can, but weird. |
|
I'd add to dregad comment: The core point of this feature should be use the same code to present the login form, to eventually unify login methods/plugins, etc And:
I think having the plain login page without modification is confusing. |
|
MantisBT: master f409ea2a 2016-11-06 07:19 Details Diff |
Re-authentication flow should re-use login page This changes removes a redundant re-authentication page in favor of the standard login page. This removes redundant code and makes it easier for plugins or custom authentication schemes to plugin into one place for providing extra functionality. Fixes 0021854 |
Affected Issues 0021854 |
|
mod - core/authentication_api.php | Diff File | ||
mod - login_page.php | Diff File | ||
MantisBT: master ee4a656c 2016-11-08 15:20 Details Diff |
Revise login page features in case of reauth Hide the following features: - Signup - Reset Password - Anonymous Login - Remember Me - Secure Session - Warnings - though happy to show this to increase awareness. Added or changed - Use the re-authentication language string rather than login for form title. - Show the re-authentication message language string for user to understand why they need to login. Fixes 0021854 |
Affected Issues 0021854 |
|
mod - login_page.php | Diff File | ||
MantisBT: master 97628c14 2016-11-08 16:53 Details Diff |
Flow re-authenticate flag on login failures This avoid extra redirect and shows correct error message for wrong password. Fixes 0021854 |
Affected Issues 0021854 |
|
mod - login.php | Diff File | ||
mod - login_page.php | Diff File |