Apache Allura™

Forge software for hosting software projects

Brought to you by: alexluberg, brondsem, deshani, dill0wn, and 10 others

#7585 Require password entry for changes to email settings

Milestone: v1.2.0

Status: closed

Owner: Igor Bondarenko

Labels: 42cc (432) sf-1 (616)

Component: General

Reviewer: Dave Brondsema

Updated: 2015-08-20

Created: 2014-07-23

Creator: Dave Brondsema

Private: No

Adding an email address, removing an email address or changing your primary address are important account operations and it would be good to require entering your password again to make those changes. This will help avoid the possibility of someone gaining permanent access to an account that was left open, for example.

Discussion

Dave Brondsema - 2014-07-25

labels: --> 42cc

status: open --> in-progress

assigned_to: Igor Bondarenko
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2014-07-31

status: in-progress --> code-review
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2014-07-31

Closed #624. je/42cc_7585

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-08-18

status: code-review --> in-progress

QA: Dave Brondsema
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-08-18

This works perfectly fine, but the UI is confusing I think. We made some good improvements to the UI of this form a little while ago, so I'd like to continue making it better and not regress at all. Its confusing because the claim & delete buttons are above the password field, so its not obvious you need to enter your password to use those buttons.

One idea would be to have the password hidden from the form until you submit it (delete, claim, or save button) and then pop up a dialog asking for password to confirm the action. I don't know how tricky the JS would have to be to do that though.

Another theoretical idea would be to put the password field in a place that is clearly required for all the submit buttons. All I can think of is putting it at the top of the form, but that might look odd too. Perhaps it would be good enough if it also has the required attribute so that the browser tells you right away if you missed it, instead of waiting for the page submission. (That might even be good enough keeping the field at the bottom of the form too). Would the required attribute work with the multiple submit buttons though? Maybe need a bit of JS to enforce the password field is filled out. Probably easier than the dialog idea above.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-08-22

Milestone: forge-aug-8 --> forge-sep-5
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-08-22

Size: --> 1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2014-08-25

status: in-progress --> code-review
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2014-08-25

Closed #639. Force-pushed je/42cc_7585

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-08-25

Seems like I am missing something. The Delete, Claim New Address, and Save buttons don't do anything now. I don't see any errors in the console either. Tried Firefox and Chrome. Am I missing something?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2014-08-26

Sorry, forgot to test on a sandbox. Don't sure why it's not working. I see new js is there but still no reaction. Created ticket to investigate.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2014-08-26

status: code-review --> in-progress
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2014-08-26

status: in-progress --> code-review
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Bondarenko - 2014-08-26

It was pretty silly mistake, which I somehow missed. Html for the password popup was in the only block, which was overridden by sf :)

Updated je/42cc_7585

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2014-08-26

status: code-review --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2015-01-05

Milestone: unreleased --> asf_release_1.2.0
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.