First time here? Check out the FAQ!
0

Problem with local/password login

  • retag add tags

There is a problem in the way authentication for provider_name=='local' with method=password works. When doing this specific authentication, we retrieve the existing user object by matching the username entered and the "screen name".

If someone changes the "screen name" on their profile, the username for the login would change. This would cause confusion.

It probably would be better to do something like ldap/openid where we decouple the login username (stored in UserAssociation's openid_url field) from the screen name (stored in the user's username field).

Of course, now saving the password becomes an issue :)

Just an FYI...This is not something that's an issue for us

Benoit's avatar
875
Benoit
updated 2011-04-28 20:59:56 -0500, asked 2011-04-28 20:58:37 -0500
edit flag offensive 0 remove flag close merge delete

Comments

is this really a bug that should be fixed? not sure... Maybe give user a message that their login name has changed once they change the screen name? On most sites I see login name is the same as screen name, but most do not allow to change it.
Evgeny's avatar Evgeny (2011-05-02 13:09:07 -0500) edit
add a comment see more comments

1 Answer

0

There is a setting - "Allow changing screen name" - if it is set to "False", then this is not a problem.

If the login name and screen name are different, and the user wants password authentication, then there may be confusion - the user can forget the login name...

What is the standard out there? Fixed screen name == login name or separate login and screen names?

Evgeny's avatar
13.2k
Evgeny
answered 2011-04-28 22:15:54 -0500
edit flag offensive 0 remove flag delete link

Comments

add a comment see more comments