Changing passwords
JacksonChen666 opened this issue · comments
Seems like Mycorrhiza doesn't have the feature of changing passwords, for what I know.
Can be important because the password you used has been maybe leaked or something like that (accidentally pasted in wrong place).
(Would it be fine if I sent a patch (if I made one) on sourcehut even though I sent an issue on GitHub?)
Patch: https://lists.sr.ht/~bouncepaw/mycorrhiza-devel/patches/47102
Sounds good.
Patches are totally fine.
I'm about to start and...
Where do we even have a page for user account management?
I don't think there's any. Could I just place the change password page somewhere like /change-password
or (WIP spec) then deal with putting links after?/.well-known/change-password
Administrators can change users' groups and delete them at /admin/users. Does that count as user account management?
Following the standard sounds good.
Administrators can change users' groups and delete them at /admin/users. Does that count as user account management?
What if a user wants to change the password themselves? Or delete their account themselves?
Now that I know about the admin user interface again, I will also add changing password in the admin interface.
Following the standard sounds good.
The endpoint is supposed to be a redirect, so my question is: What URL path should be used for the user changing their password for themselves? (We can't put the change password page at /.well-known/change-password
cause the spec says no)
What if a user wants to change the password themselves? Or delete their account themselves?
They would need a separate page for that.
What URL path should be used for the user changing their password for themselves?
/change-password
or something. Maybe /settings/change-password
, I want to have a /settings
page one day.
Maybe
/settings/change-password
, I want to have a/settings
page one day.
Going with that.
Should changing password be restricted to local
accounts? I'm assuming yes for now.
Let me know about things I should know like Telegram authentication (should password changes be allowed)?
Restrict to local, yes. Telegram users have empty passwords, their authentication is done through Telegram.
The patch was applied, thank you!