#7585 Require password entry for changes to email settings

v1.2.0
closed
General
2015-08-20
2014-07-23
No

Adding an email address, removing an email address or changing your primary address are important account operations and it would be good to require entering your password again to make those changes. This will help avoid the possibility of someone gaining permanent access to an account that was left open, for example.

Discussion

  • Dave Brondsema

    Dave Brondsema - 2014-07-25
    • labels: --> 42cc
    • status: open --> in-progress
    • assigned_to: Igor Bondarenko
     
  • Igor Bondarenko

    Igor Bondarenko - 2014-07-31
    • status: in-progress --> code-review
     
  • Igor Bondarenko

    Igor Bondarenko - 2014-07-31

    Closed #624. je/42cc_7585

     
  • Dave Brondsema

    Dave Brondsema - 2014-08-18
    • status: code-review --> in-progress
    • QA: Dave Brondsema
     
  • Dave Brondsema

    Dave Brondsema - 2014-08-18

    This works perfectly fine, but the UI is confusing I think. We made some good improvements to the UI of this form a little while ago, so I'd like to continue making it better and not regress at all. Its confusing because the claim & delete buttons are above the password field, so its not obvious you need to enter your password to use those buttons.

    One idea would be to have the password hidden from the form until you submit it (delete, claim, or save button) and then pop up a dialog asking for password to confirm the action. I don't know how tricky the JS would have to be to do that though.

    Another theoretical idea would be to put the password field in a place that is clearly required for all the submit buttons. All I can think of is putting it at the top of the form, but that might look odd too. Perhaps it would be good enough if it also has the required attribute so that the browser tells you right away if you missed it, instead of waiting for the page submission. (That might even be good enough keeping the field at the bottom of the form too). Would the required attribute work with the multiple submit buttons though? Maybe need a bit of JS to enforce the password field is filled out. Probably easier than the dialog idea above.

     
  • Dave Brondsema

    Dave Brondsema - 2014-08-22
    • Milestone: forge-aug-8 --> forge-sep-5
     
  • Dave Brondsema

    Dave Brondsema - 2014-08-22
    • Size: --> 1
     
  • Igor Bondarenko

    Igor Bondarenko - 2014-08-25
    • status: in-progress --> code-review
     
  • Igor Bondarenko

    Igor Bondarenko - 2014-08-25

    Closed #639. Force-pushed je/42cc_7585

     
  • Dave Brondsema

    Dave Brondsema - 2014-08-25

    Seems like I am missing something. The Delete, Claim New Address, and Save buttons don't do anything now. I don't see any errors in the console either. Tried Firefox and Chrome. Am I missing something?

     
  • Igor Bondarenko

    Igor Bondarenko - 2014-08-26

    Sorry, forgot to test on a sandbox. Don't sure why it's not working. I see new js is there but still no reaction. Created ticket to investigate.

     
  • Igor Bondarenko

    Igor Bondarenko - 2014-08-26
    • status: code-review --> in-progress
     
  • Igor Bondarenko

    Igor Bondarenko - 2014-08-26
    • status: in-progress --> code-review
     
  • Igor Bondarenko

    Igor Bondarenko - 2014-08-26

    It was pretty silly mistake, which I somehow missed. Html for the password popup was in the only block, which was overridden by sf :)

    Updated je/42cc_7585

     
  • Dave Brondsema

    Dave Brondsema - 2014-08-26
    • status: code-review --> closed
     
  • Dave Brondsema

    Dave Brondsema - 2015-01-05
    • Milestone: unreleased --> asf_release_1.2.0