There is a problem in the way authentication for provider_name=='local' with method=password works. When doing this specific authentication, we retrieve the existing user object by matching the username entered and the "screen name".
If someone changes the "screen name" on their profile, the username for the login would change. This would cause confusion.
It probably would be better to do something like ldap/openid where we decouple the login username (stored in UserAssociation's openid_url field) from the screen name (stored in the user's username field).
Of course, now saving the password becomes an issue :)
Just an FYI...This is not something that's an issue for us
There is a setting - "Allow changing screen name" - if it is set to "False", then this is not a problem.
If the login name and screen name are different, and the user wants password authentication, then there may be confusion - the user can forget the login name...
What is the standard out there? Fixed screen name == login name or separate login and screen names?
Create your Q&A site at askbot.com. Managed Askbot hosting at just $15/mo. Dedicated hosting, support contracts, consulting services.create your Q&A site
Asked: 2011-04-28 20:58:37 -0500
Seen: 68 times
Last updated: Apr 28 '11