[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id
#9214: support logins using e-mail address instead of user id ---+ Reporter: davisagli |Owner: maurits Type: PLIP | Status: closed Priority: minor |Milestone: 4.0 Component: Unknown| Resolution: fixed Keywords: | ---+ Comment(by maurits): Replying to [comment:48 daftdog]: When activating email as login and member folder creation, the member folder's ID sort of reveals the email address. A user with the email- address t...@test.org will get a member folder with id test-40test.org. To me that is too close to the real address to deter spammers. IMHO it would make much more sense to use the email address solely for the login, but have member.getId() return the ID that was set during registration. This is already happening, but the email address is used as both login name and user id (returned by getId()) so you don't notice a difference. -- Ticket URL: http://dev.plone.org/plone/ticket/9214#comment:49 Plone http://plone.org Plone Content Management System ___ PLIP-Advisories mailing list plip-advisor...@lists.plone.org http://lists.plone.org/mailman/listinfo/plip-advisories
[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id
#9214: support logins using e-mail address instead of user id ---+ Reporter: davisagli |Owner: maurits Type: PLIP | Status: closed Priority: minor |Milestone: 4.0 Component: Unknown| Resolution: fixed Keywords: | ---+ Comment(by daftdog): When activating email as login and member folder creation, the member folder's ID sort of reveals the email address. A user with the email- address t...@test.org will get a member folder with id test-40test.org. To me that is too close to the real address to deter spammers. IMHO it would make much more sense to use the email address solely for the login, but have member.getId() return the ID that was set during registration. -- Ticket URL: http://dev.plone.org/plone/ticket/9214#comment:48 Plone http://plone.org Plone Content Management System ___ PLIP-Advisories mailing list plip-advisor...@lists.plone.org http://lists.plone.org/mailman/listinfo/plip-advisories
[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id
#9214: support logins using e-mail address instead of user id ---+ Reporter: davisagli |Owner: maurits Type: PLIP | Status: closed Priority: minor |Milestone: 4.0 Component: Unknown| Resolution: fixed Keywords: | ---+ Changes (by daftdog): * cc: daftdog (added) Comment: Replying to [comment:49 maurits]: This is already happening, but the email address is used as both login name and user id (returned by getId()) so you don't notice a difference. I debugged into the member folder creation code, and it determines the member folder's id by checking getId(), which returns the email address. The id/url of the member folder is thereby the email ad (with the @ encoded as -40). We will have public member folders in a project I'm working on, and I really think showing the email ad in the URL is a bad idea. -- Ticket URL: http://dev.plone.org/plone/ticket/9214#comment:50 Plone http://plone.org Plone Content Management System ___ PLIP-Advisories mailing list plip-advisor...@lists.plone.org http://lists.plone.org/mailman/listinfo/plip-advisories
[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id
#9214: support logins using e-mail address instead of user id ---+ Reporter: davisagli |Owner: maurits Type: PLIP | Status: assigned Priority: minor |Milestone: 4.0 Component: Unknown| Resolution: Keywords: | ---+ Comment(by esteele): This PLIP has been accepted for merging into Plone 4.0 The final vote was: Alec Mitchell +1 David Glick +1 Erik Rose +1 Laurence Rowe +1 Matthew Wilkes +1 Ross Patterson +1 Please merge your branches into the Plone 4.0 head by end-of-day Friday Oct 16. If you need assistance with merging, please contact me. We'll be assigning a documentation ticket to this PLIP shortly. Please assist the docs team in documenting the changes and new features that this PLIP introduces. -- Ticket URL: http://dev.plone.org/plone/ticket/9214#comment:40 Plone http://plone.org Plone Content Management System ___ PLIP-Advisories mailing list plip-advisor...@lists.plone.org http://lists.plone.org/mailman/listinfo/plip-advisories
[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id
#9214: support logins using e-mail address instead of user id ---+ Reporter: davisagli |Owner: maurits Type: PLIP | Status: assigned Priority: minor |Milestone: 4.0 Component: Unknown| Resolution: Keywords: | ---+ Comment(by maurits): (In [30321]) Made compatible with Plone 4.0. Show different labels on login form when site_properties/use_email_as_login is switched on (Plone 4.0). Should still work in earlier Plones. Refs #9214 -- Ticket URL: http://dev.plone.org/plone/ticket/9214#comment:44 Plone http://plone.org Plone Content Management System ___ PLIP-Advisories mailing list plip-advisor...@lists.plone.org http://lists.plone.org/mailman/listinfo/plip-advisories
[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id
#9214: support logins using e-mail address instead of user id ---+ Reporter: davisagli |Owner: maurits Type: PLIP | Status: closed Priority: minor |Milestone: 4.0 Component: Unknown| Resolution: fixed Keywords: | ---+ Changes (by maurits): * status: assigned = closed * resolution: = fixed Comment: Okay, plip 9214 has been merged! -- Ticket URL: http://dev.plone.org/plone/ticket/9214#comment:45 Plone http://plone.org Plone Content Management System ___ PLIP-Advisories mailing list plip-advisor...@lists.plone.org http://lists.plone.org/mailman/listinfo/plip-advisories
[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id
#9214: support logins using e-mail address instead of user id ---+ Reporter: davisagli |Owner: maurits Type: PLIP | Status: closed Priority: minor |Milestone: 4.0 Component: Unknown| Resolution: fixed Keywords: | ---+ Comment(by esteele): Please assist the doc team in creating/updating documentation relating to this PLIP. See #9621. -- Ticket URL: http://dev.plone.org/plone/ticket/9214#comment:46 Plone http://plone.org Plone Content Management System ___ PLIP-Advisories mailing list plip-advisor...@lists.plone.org http://lists.plone.org/mailman/listinfo/plip-advisories
[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id
#9214: support logins using e-mail address instead of user id ---+ Reporter: davisagli |Owner: maurits Type: PLIP | Status: assigned Priority: minor |Milestone: 4.0 Component: Unknown| Resolution: Keywords: | ---+ Comment(by rossp): FWT vote: +1 for merging -- Ticket URL: http://dev.plone.org/plone/ticket/9214#comment:38 Plone http://plone.org Plone Content Management System ___ PLIP-Advisories mailing list plip-advisor...@lists.plone.org http://lists.plone.org/mailman/listinfo/plip-advisories
[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id
#9214: support logins using e-mail address instead of user id ---+ Reporter: davisagli |Owner: maurits Type: PLIP | Status: assigned Priority: minor |Milestone: 4.0 Component: Unknown| Resolution: Keywords: | ---+ Comment(by erikrose): (In [30219]) Broke my review into a separate file and updated it for the final vote. Refs #9214. -- Ticket URL: http://dev.plone.org/plone/ticket/9214#comment:37 Plone http://plone.org Plone Content Management System ___ PLIP-Advisories mailing list plip-advisor...@lists.plone.org http://lists.plone.org/mailman/listinfo/plip-advisories
[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id
#9214: support logins using e-mail address instead of user id ---+ Reporter: davisagli |Owner: maurits Type: PLIP | Status: assigned Priority: minor |Milestone: 4.0 Component: Unknown| Resolution: Keywords: | ---+ Comment(by esteele): Your PLIP has been reviewed by the Framework team. Feel free to discuss any suggested changes either here in the PLIP ticket or on the mailing lists. Final deadline for this PLIP is set for September 30. -- Ticket URL: http://dev.plone.org/plone/ticket/9214#comment:32 Plone http://plone.org Plone Content Management System ___ PLIP-Advisories mailing list plip-advisor...@lists.plone.org http://lists.plone.org/mailman/listinfo/plip-advisories
[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id
#9214: support logins using e-mail address instead of user id ---+ Reporter: davisagli |Owner: maurits Type: PLIP | Status: assigned Priority: minor |Milestone: 4.0 Component: Unknown| Resolution: Keywords: | ---+ Comment(by erikrose): (In [29644]) Here's my first whack at a review of the email-address-as- login PLIP. Refs #9214. -- Ticket URL: http://dev.plone.org/plone/ticket/9214#comment:30 Plone http://plone.org Plone Content Management System ___ PLIP-Advisories mailing list plip-advisor...@lists.plone.org http://lists.plone.org/mailman/listinfo/plip-advisories
[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id
#9214: support logins using e-mail address instead of user id ---+ Reporter: davisagli |Owner: maurits Type: PLIP | Status: assigned Priority: minor |Milestone: 4.0 Component: Unknown| Resolution: Keywords: | ---+ Comment(by maurits): (In [28971]) PLIP 9214, support logins using e-mail address instead of user id, is ready for review. Refs #9214 -- Ticket URL: http://dev.plone.org/plone/ticket/9214#comment:29 Plone http://plone.org Plone Content Management System ___ PLIP-Advisories mailing list plip-advisor...@lists.plone.org http://lists.plone.org/mailman/listinfo/plip-advisories
[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id
#9214: support logins using e-mail address instead of user id ---+ Reporter: davisagli |Owner: maurits Type: PLIP | Status: assigned Priority: minor |Milestone: 4.0 Component: Unknown| Resolution: Keywords: | ---+ Changes (by grahamperrin): * cc: grahamper...@gmail.com (added) -- Ticket URL: http://dev.plone.org/plone/ticket/9214#comment:28 Plone http://plone.org Plone Content Management System ___ PLIP-Advisories mailing list plip-advisor...@lists.plone.org http://lists.plone.org/mailman/listinfo/plip-advisories
[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id
#9214: support logins using e-mail address instead of user id ---+ Reporter: davisagli |Owner: maurits Type: PLIP | Status: new Priority: minor |Milestone: 4.0 Component: Unknown| Resolution: Keywords: | ---+ Comment(by esteele): Approved by FWT vote. -- Ticket URL: https://dev.plone.org/plone/ticket/9214#comment:25 Plone http://plone.org Plone Content Management System ___ PLIP-Advisories mailing list plip-advisor...@lists.plone.org http://lists.plone.org/mailman/listinfo/plip-advisories
[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id
#9214: support logins using e-mail address instead of user id ---+ Reporter: davisagli |Owner: maurits Type: PLIP | Status: new Priority: minor |Milestone: 4.0 Component: Unknown| Resolution: Keywords: | ---+ Comment(by erikrose): Having spent a lot of time in the PAS and membership code, I'm concerned at adding more branches in there; there are a lot of cleanups that should happen first. * As alecm says, we need need NEED to stop using loginname to reference users internally; userid is the correct immutable key. I routinely change loginnames when clients move from Plone's built-in auth to our Kerberos auth. * The OpenID plugin has to do some truly awful hacks (the same ones I do in WebServerAuth) to be able to authenticate a non-enumeratable user; that needs to get fixed in PAS. * The setting of the last-login time and, IIRC, the firing of some important events are essentially hard-coded into the login_form. These should be moved elsewhere so non-form-based login can be a first-class citizen. I wonder if email-based login could be better implemented as an add-on once we improve the hook situation in PAS and the rest of the auth code. FWT vote: -1 for now. I think the idea is good, given that so many people seem to request this, but I want to be sure we implement it in a maintainable way rather than just glomming more branches onto an already hard-to-follow subsystem. -- Ticket URL: https://dev.plone.org/plone/ticket/9214#comment:24 Plone http://plone.org Plone Content Management System ___ PLIP-Advisories mailing list plip-advisor...@lists.plone.org http://lists.plone.org/mailman/listinfo/plip-advisories
[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id
#9214: support logins using e-mail address instead of user id ---+ Reporter: davisagli |Owner: maurits Type: PLIP | Status: new Priority: minor |Milestone: 4.0 Component: Unknown| Resolution: Keywords: | ---+ Comment(by calvinhp): FWT Vote: +1 -- Ticket URL: https://dev.plone.org/old/plone/ticket/9214#comment:23 Plone http://plone.org Plone Content Management System ___ PLIP-Advisories mailing list plip-advisor...@lists.plone.org http://lists.plone.org/mailman/listinfo/plip-advisories