Changing passwords

Question

Changing passwords

JacksonChen666 opened this issue 7 months ago · comments

Seems like Mycorrhiza doesn't have the feature of changing passwords, for what I know.

Can be important because the password you used has been maybe leaked or something like that (accidentally pasted in wrong place).

(Would it be fine if I sent a patch (if I made one) on sourcehut even though I sent an issue on GitHub?)

Patch: https://lists.sr.ht/~bouncepaw/mycorrhiza-devel/patches/47102

Timur Ismagilov · Answer 1 · Fri Nov 24 2023 07:56:09 GMT+0800 (China Standard Time)

Sounds good.

Patches are totally fine.

Jackson · Answer 2 · Sun Nov 26 2023 23:13:34 GMT+0800 (China Standard Time)

I'm about to start and...

Where do we even have a page for user account management?

I don't think there's any. Could I just place the change password page somewhere like /change-password ~~or /.well-known/change-password~~ (WIP spec) then deal with putting links after?

Timur Ismagilov · Answer 3 · Sun Nov 26 2023 23:16:06 GMT+0800 (China Standard Time)

Administrators can change users' groups and delete them at /admin/users. Does that count as user account management?

Following the standard sounds good.

Jackson · Answer 4 · Sun Nov 26 2023 23:23:20 GMT+0800 (China Standard Time)

Administrators can change users' groups and delete them at /admin/users. Does that count as user account management?

What if a user wants to change the password themselves? Or delete their account themselves?

Now that I know about the admin user interface again, I will also add changing password in the admin interface.

Following the standard sounds good.

The endpoint is supposed to be a redirect, so my question is: What URL path should be used for the user changing their password for themselves? (We can't put the change password page at /.well-known/change-password cause the spec says no)

Timur Ismagilov · Answer 5 · Sun Nov 26 2023 23:28:19 GMT+0800 (China Standard Time)

What if a user wants to change the password themselves? Or delete their account themselves?

They would need a separate page for that.

What URL path should be used for the user changing their password for themselves?

/change-password or something. Maybe /settings/change-password, I want to have a /settings page one day.

Jackson · Answer 6 · Sun Nov 26 2023 23:34:08 GMT+0800 (China Standard Time)

Maybe /settings/change-password, I want to have a /settings page one day.

Going with that.

Jackson · Answer 7 · Mon Nov 27 2023 00:09:05 GMT+0800 (China Standard Time)

Should changing password be restricted to local accounts? I'm assuming yes for now.

Let me know about things I should know like Telegram authentication (should password changes be allowed)?

Timur Ismagilov · Answer 8 · Mon Nov 27 2023 00:15:42 GMT+0800 (China Standard Time)

Restrict to local, yes. Telegram users have empty passwords, their authentication is done through Telegram.

Jackson · Answer 9 · Mon Nov 27 2023 21:58:24 GMT+0800 (China Standard Time)

Sent the patch

Timur Ismagilov · Answer 10 · Tue Nov 28 2023 03:51:29 GMT+0800 (China Standard Time)

The patch was applied, thank you!