Page MenuHomePhabricator

Improve interaction between AuthManager and the UI layer
Open, MediumPublic

Description

Tracking bug for UI support in AuthManager and the special pages which use it.

Related Objects

StatusSubtypeAssignedTask
ResolvedDeskana
ResolvedAnomie
OpenNone
ResolvedAnomie
OpenNone
ResolvedTgr
ResolvedAnomie
OpenNone
OpenNone
OpenNone
ResolvedAnomie
ResolvedJoe
ResolvedJoe
Resolvedhashar
Resolvedbd808
ResolvedAnomie
ResolvedKrinkle
ResolvedNone
ResolvedJanZerebecki
ResolvedKrinkle
ResolvedTgr
ResolvedTgr
ResolvedTgr
ResolvedJdlrobson
ResolvedAnomie
ResolvedTgr
ResolvedTgr
OpenNone
OpenNone
ResolvedFlorian
OpenNone
ResolvedTgr
ResolvedTgr
Resolvedcicalese
ResolvedFlorian
InvalidNone
OpenNone

Event Timeline

Tgr created this task.Aug 26 2015, 6:00 AM
Tgr raised the priority of this task from to Needs Triage.
Tgr updated the task description. (Show Details)
Tgr added a subscriber: Tgr.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 26 2015, 6:00 AM
bd808 triaged this task as Medium priority.Aug 28 2015, 5:36 PM
bd808 added a subscriber: bd808.
Tgr claimed this task.Sep 2 2015, 9:52 PM
Tgr added a comment.Sep 8 2015, 8:54 AM

The first problem I am running into is how to group AuthRequest objects / form fields. For example, if we have three account creation providers: local password, captcha and facebook, then we probably want to check the captcha on passwords but not on a Facebook login. It is not clear how to do that. Should it be hardcoded into the captcha provider?

On the other side, it will probably make the life of the sitebuilder easier if the Facebook button and the username/password fields do not have to be in the same form element; but that means they are not submitted together and that's not something frontend code can safely decide.

I'm not sure, what extensions we have and how complex modifications they made to the login form, but what about a separation of authproviders. Providers that link to another auth service (e.g. Facebook, Google, Twitter or something else) normally need a button only, are Spam bot protected by the auth service and therefore shouldn't require any additional input (except the keep login checkbox, e.g.). These providers could set a specific class member and should ignore any other form input.

Any other auth provider (CAPTCHA, Token, domain (for LdapAuthentication, e.g.) normaly require any kind of data and checks?

Anomie closed this task as Resolved.May 16 2016, 7:17 PM
Anomie added a subscriber: Anomie.

Since the core AuthManager patches are merged now, I think we can call this done.

Tgr reopened this task as Open.Jun 1 2016, 6:33 PM

I have been using this for a while as a tracking bug so let's make it official.

Tgr updated the task description. (Show Details)Jun 1 2016, 6:36 PM
Anomie renamed this task from Specify interaction between AuthManager and the UI layer to Improve interaction between AuthManager and the UI layer.Jun 1 2016, 7:13 PM
Aklapper removed Tgr as the assignee of this task.Jun 19 2020, 4:24 PM

This task has been assigned to the same task owner for more than two years. Resetting task assignee due to inactivity, to decrease task cookie-licking and to get a slightly more realistic overview of plans. Please feel free to assign this task to yourself again if you still realistically work or plan to work on this task - it would be welcome!

For tips how to manage individual work in Phabricator (noisy notifications, lists of task, etc.), see https://phabricator.wikimedia.org/T228575#6237124 for available options.
(For the records, two emails were sent to assignee addresses before resetting assignees. See T228575 for more info and for potential feedback. Thanks!)

Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:02 PM