First time here? Check out the FAQ!
Ask Your Question
1

do not allow the user to manage his login methods if there is no possible alternative provider

In my case the only possibility to sigin is the LDAP method. So there is no need to manage the signin methods. It would be better to not display the option to the user in that case.

It will be not really important if the following behavior could be avoid : if the user deletes the only method available for him, the next time he will signin, the system will consider that this is his first connection. So he will have to refill the username and email. But in my case the email is unique, so the user cannot sigin anymore. The key to find a user is not the login name?

Evgeny's avatar
13.2k
Evgeny
updated 2011-06-01 19:35:11 -0500
Samuel's avatar
425
Samuel
asked 2011-05-26 06:58:39 -0500
edit flag offensive 0 remove flag close merge delete

Comments

I think that the user should not have the possibility to remove the last login method in order to always be able to retrieve his account.
Samuel's avatar Samuel (2011-05-30 02:14:34 -0500) edit
more
  • delete
Samuel, I'll fix it this week, I am out of town for the long weekend.
Evgeny's avatar Evgeny (2011-05-30 06:19:57 -0500) edit
more
  • delete
add a comment see more comments

1 Answer

1

Evgeny, here is the fix I have finally done on my side in the file skin/default/template/authopenid/signin.html I simply disable the delete button if the provider is the one defined for LDAP.

@@ -139,7 +139,7 @@
                 <tr>
                     <th>{% trans %}provider{% endtrans %}</th>
                     <th>{% trans %}last used{% endtrans %}</th>
-                    <th>{% trans %}delete, if you like{% endtrans %}</th>
+                    <th>{% trans %}delete, if you like and if permitted{% endtrans %}</th>
                 </tr>
                 {% for login_method in existing_login_methods %}
                 <tr class="ab-provider-row">
@@ -152,7 +152,11 @@
                         {% endif %}
                     </td>
                     <td>
-                        <button>{% trans %}delete{% endtrans %}</button>
+                        {% if login_method.provider_name == settings.LDAP_PROVIDER_NAME %}^M
+                            <button disabled="disabled">{% trans %}delete{% endtrans %}</button>
+                        {% else %}
+                            <button>{% trans %}delete{% endtrans %}</button>
+                        {% endif  %}
                     </td>
                 </tr>
                 {% endfor %}
Samuel's avatar
425
Samuel
answered 2011-05-31 07:00:44 -0500
edit flag offensive 0 remove flag delete link
more

Comments

Good, but maybe you don't need the "manage login methods" view at all in that case? We could add a setting disabling it, what do you think?
Evgeny's avatar Evgeny (2011-05-31 12:42:58 -0500) edit
more
  • delete
Yes you are right. I do not need to manage login methods. Initially I had removed the link "manage login methods" in the file templates/user_profile/user_info.html. Then I thought that it was specific to LDAP so I have disabled the delete button for the ldap provider. Now I think that this feature should be automatically disabled if there is only one provider available. But if you add a parameter, I will use it. ;-)
Samuel's avatar Samuel (2011-06-01 09:44:52 -0500) edit
more
  • delete
Samuel, I finally added the setting that will allow you disable login method management - available on github and pypi, rev 0.6.89
Evgeny's avatar Evgeny (2011-06-01 19:34:46 -0500) edit
more
  • delete
It works fine. Thanks.
Samuel's avatar Samuel (2011-06-03 09:23:36 -0500) edit
more
  • delete
add a comment see more comments