[PATCH v2] auth: let users log in using their email address
andrew at shadura.me
Sun May 17 07:04:17 EDT 2015
On Sun, 17 May 2015 03:12:20 +0200
Mads Kiilerich <mads at kiilerich.com> wrote:
> > Correct me if I'm wrong, but if I read the code correctly, the check
> > here will have no effect (which is why I haven't added it).
> Ok. The explanation explains it. The code do however seem fragile and
> non-obvious when reading it. An extra check or a clear comment would
So adding a comment — and you're fine with the change? :)
> Next, my first thought is whether the form validation check somehow
> should rewrite the login ... but that also seems wrong.
> My next (and correct?) thought is that it is wrong to use form
> validation for login check. As your patches shows, it is ok that the
> login process _not_ is user friendly. How about dropping the login
> form validation of usernames/password first (perhaps except for
> "non-empty")? What's your thought?
Yes, that didn't seem very right to me. I think the first thing to
remove is tooShort check, authentication part is probably something to
be improved separately.
More information about the kallithea-general