https://forge-allura.apache.org/p/allura/tickets/You searched for labels:"auth"enThu, 20 Aug 2015 22:07:20 -0000https://forge-allura.apache.org/p/allura/tickets/6783/Allura should have a link on the login page for people who have forgotten their username or password. It should go to a form that asks them for their email address, and then if that email address is verified in the system and and the user record isn't disabled, send an email to them. The email should include their username and a link to a reset page. The reset page can use a secret hash url parameter to validate the user and let them reset their password. The hash should be stored in the database when the email was first sent. Also store the time that the email was sent, so that the hash is only valid for a certain time period (configurable in ini). For the password change form, lets re-use as much of the password change logic that already exists for logged-in users. Refactor if needed. Use `config['site_name']` on the html and email templates, so that the experience is recognizable and comfortable for users. Since auth is pluggable in Allura, this whole process needs to be optional. Perhaps the simplest thing would be a new property on `AuthenticationProvider` classes. Have it default to false, and the `LocalAuthenticationProvider` can set the "forgot password reset" property to true.Dave BrondsemaThu, 20 Aug 2015 22:07:10 -0000https://forge-allura.apache.org/p/allura/tickets/6783/https://forge-allura.apache.org/p/allura/tickets/6529/Create a decorator or `require_access` alternative that allows the page to render but causes a login overlay dialog to be displayed over the page, similar to [this mockup](http://rhaynie-4185.sb.sf.net/Slashdesign/SFlogin/overlay/login-overlay.html). The overlay should load an iframe from the URL specified in `auth.login_fragment_url` with the appropriate `return_to` info provided, which should submit to `_top` to reload the source page. Also, the overlay should be a little lighter than the mockup and the box should be movable so that the underlying page can be inspected (although not interacted with) as the purpose behind this is to showcase what can be done when logged in. A default fragment implementation should be provided based on the default login view in `allura.controllers.auth.AuthController`. A SFX fragment implementation will need to be created, as well, for SF.Cory JohnsThu, 20 Aug 2015 22:07:20 -0000https://forge-allura.apache.org/p/allura/tickets/6529/