Page MenuHomePhabricator

Improve interaction between AuthManager and the UI layer
Open, NormalPublic

Description

Tracking bug for UI support in AuthManager and the special pages which use it.

Related Objects

StatusAssignedTask
ResolvedDeskana
ResolvedAnomie
OpenNone
ResolvedAnomie
OpenNone
ResolvedTgr
ResolvedAnomie
OpenNone
OpenNone
OpenTgr
ResolvedAnomie
ResolvedJoe
ResolvedJoe
Resolvedhashar
Resolvedbd808
ResolvedAnomie
ResolvedKrinkle
OpenNone
ResolvedJanZerebecki
ResolvedKrinkle
ResolvedTgr
ResolvedTgr
ResolvedTgr
Resolved Jdlrobson
ResolvedAnomie
ResolvedTgr
ResolvedTgr
OpenNone
OpenNone
ResolvedFlorian
OpenNone
ResolvedTgr
ResolvedTgr
Resolvedcicalese
ResolvedFlorian
InvalidNone
OpenNone

Event Timeline

Tgr created this task.Aug 26 2015, 6:00 AM
Tgr updated the task description. (Show Details)
Tgr raised the priority of this task from to Needs Triage.
Tgr added a subscriber: Tgr.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 26 2015, 6:00 AM
bd808 triaged this task as Normal priority.Aug 28 2015, 5:36 PM
bd808 added a subscriber: bd808.
Tgr claimed this task.Sep 2 2015, 9:52 PM
Tgr added a comment.Sep 8 2015, 8:54 AM

The first problem I am running into is how to group AuthRequest objects / form fields. For example, if we have three account creation providers: local password, captcha and facebook, then we probably want to check the captcha on passwords but not on a Facebook login. It is not clear how to do that. Should it be hardcoded into the captcha provider?

On the other side, it will probably make the life of the sitebuilder easier if the Facebook button and the username/password fields do not have to be in the same form element; but that means they are not submitted together and that's not something frontend code can safely decide.

I'm not sure, what extensions we have and how complex modifications they made to the login form, but what about a separation of authproviders. Providers that link to another auth service (e.g. Facebook, Google, Twitter or something else) normally need a button only, are Spam bot protected by the auth service and therefore shouldn't require any additional input (except the keep login checkbox, e.g.). These providers could set a specific class member and should ignore any other form input.

Any other auth provider (CAPTCHA, Token, domain (for LdapAuthentication, e.g.) normaly require any kind of data and checks?

Anomie closed this task as Resolved.May 16 2016, 7:17 PM
Anomie added a subscriber: Anomie.

Since the core AuthManager patches are merged now, I think we can call this done.

Tgr reopened this task as Open.

I have been using this for a while as a tracking bug so let's make it official.

Tgr updated the task description. (Show Details)Jun 1 2016, 6:36 PM
Anomie renamed this task from Specify interaction between AuthManager and the UI layer to Improve interaction between AuthManager and the UI layer.Jun 1 2016, 7:13 PM