Hello, On Sun, 17 May 2015 03:12:20 +0200 Mads Kiilerich <[email protected]> wrote:
> > Correct me if I'm wrong, but if I read the code correctly, the check > > here will have no effect (which is why I haven't added it). > Ok. The explanation explains it. The code do however seem fragile and > non-obvious when reading it. An extra check or a clear comment would > help. So adding a comment — and you're fine with the change? :) > Next, my first thought is whether the form validation check somehow > should rewrite the login ... but that also seems wrong. > My next (and correct?) thought is that it is wrong to use form > validation for login check. As your patches shows, it is ok that the > login process _not_ is user friendly. How about dropping the login > form validation of usernames/password first (perhaps except for > "non-empty")? What's your thought? Yes, that didn't seem very right to me. I think the first thing to remove is tooShort check, authentication part is probably something to be improved separately. -- Cheers, Andrew _______________________________________________ kallithea-general mailing list [email protected] http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
