[PATCH v2] auth: let users log in using their email address

Andrew Shadura andrew at shadura.me
Sun May 17 07:04:17 EDT 2015


On Sun, 17 May 2015 03:12:20 +0200
Mads Kiilerich <mads at kiilerich.com> wrote:

> > Correct me if I'm wrong, but if I read the code correctly, the check
> > here will have no effect (which is why I haven't added it).

> Ok. The explanation explains it. The code do however seem fragile and 
> non-obvious when reading it. An extra check or a clear comment would
> help.

So adding a comment — and you're fine with the change? :)

> Next, my first thought is whether the form validation check somehow 
> should rewrite the login ... but that also seems wrong.

> My next (and correct?) thought is that it is wrong to use form 
> validation for login check. As your patches shows, it is ok that the 
> login process _not_ is user friendly. How about dropping the login
> form validation of usernames/password first (perhaps except for
> "non-empty")? What's your thought?

Yes, that didn't seem very right to me. I think the first thing to
remove is tooShort check, authentication part is probably something to
be improved separately.


More information about the kallithea-general mailing list