0

Problem with local/password login
 

There is a problem in the way authentication for provider_name=='local' with method=password works. When doing this specific authentication, we retrieve the existing user object by matching the username entered and the "screen name".

If someone changes the "screen name" on their profile, the username for the login would change. This would cause confusion.

It probably would be better to do something like ldap/openid where we decouple the login username (stored in UserAssociation's openid_url field) from the screen name (stored in the user's username field).

Of course, now saving the password becomes an issue :)

Just an FYI...This is not something that's an issue for us

To enter a block of code:

  • enter empty line after your previous text
  • paste or type the code
  • select the code and press the button above
Preview: (hide)
Benoit's avatar
875
Benoit
updated 14 years ago, asked 14 years ago

Comments

is this really a bug that should be fixed? not sure... Maybe give user a message that their login name has changed once they change the screen name? On most sites I see login name is the same as screen name, but most do not allow to change it.
Evgeny's avatar Evgeny (14 years ago)
see more comments

1 Answer

0

There is a setting - "Allow changing screen name" - if it is set to "False", then this is not a problem.

If the login name and screen name are different, and the user wants password authentication, then there may be confusion - the user can forget the login name...

What is the standard out there? Fixed screen name == login name or separate login and screen names?

To enter a block of code:

  • enter empty line after your previous text
  • paste or type the code
  • select the code and press the button above
Preview: (hide)
Evgeny's avatar
13.2k
Evgeny
answered 14 years ago
link

Comments

see more comments