Passwordless login and signup #3531
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
theskumar
changed the title
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
theskumar
force-pushed
the
feature/passwordless-login-signup
branch
from
e1a0a95
to
05a656e
Compare
Don't use public site template
fourthletter
requested review from
Techslammer
and removed request for
Techslammer
theskumar
force-pushed
the
feature/passwordless-login-signup
branch
from
b617765
to
0565e79
Compare
theskumar
force-pushed
the
feature/passwordless-login-signup
branch
from
5621bfc
to
ed14b24
Compare
Fix layout on login page
theskumar
force-pushed
the
feature/passwordless-login-signup
branch
from
aebeb73
to
b473f2c
Compare
theskumar
force-pushed
the
feature/passwordless-login-signup
branch
from
70f8231
to
250919e
Compare
theskumar
force-pushed
the
feature/passwordless-login-signup
branch
from
250919e
to
b9769ec
Compare
|
Sure. that sounds good. Just finalizing the sudo mode/confirm access without password. It will send a code/url in the email to confirm access and elevate the permission. |
theskumar
force-pushed
the
feature/passwordless-login-signup
branch
2 times, most recently
from
9efed24
to
92e7871
Compare
|
This is ready to testing now. Update the "Sudo" mode work without password. Also, updated 2FA flows to not depend on the passwords. @frjo @wes-otf @Techslammer |
Also update the 2FA flows to use 'sudo' mode Update view backup_tokens url and urlname, remove password in it The backup token uses elevate now, and would be possible to confirm access without password
theskumar
force-pushed
the
feature/passwordless-login-signup
branch
from
92e7871
to
e1a5b74
Compare
…login-signup * origin/main: Add comment count to the communications tab. (#3632)
|
Updated description with screenshots |
|
Will put this on test after today's testing. This will be part of a very nice Hypha 5.1 release! |
frjo
added
Status: Needs testing
Put forgot password along-side the password field
|
@frjo Updated the login with password screen so that the Also, update the context text to be smaller/de-emphasized.
|
wes-otf
pushed a commit
that referenced
this pull request
May 7, 2024
Fixes #ISSUEID This PR is depended on #3521 - [x] Passwordless login - [x] Passwordless signup - [x] Allow user to set a password after going to profile. - [x] Allow user to change their email even if they don't have an email set. - [x] Allow user to add their name in the application form if name is not present in the user account. - [x] Don't display "Dashboard" link if the user does't have permission to access to it. - [x] Allow to use to setup 2FA without account password. - [x] Display user content on the login screen, if configured (it is an existing feature) - [x] If 2FA is enforced, allow the user to submit the application without setting up 2FA - [x] Add email re-verification option to elevate, sudo mode, apart from password - [x] Update landing page after application submission, on success it redirects now. - [x] Update ENABLE_PUBLIC_SIGNUP and FORCE_LOGIN_FOR_APPLICATION to true by default # Login/Signup Flow  ## Updated Login Page with Registration Enabled  ## After providing the email ID The messaging is kept neutral to hide if the user is already registered or not. The email will contain more detail, if the account exist or not.  Login email copy  ## Signup New Account Email copy  ### Profile Page just after signup The user after clicking on the signup link in the email is redirect to homepage. No dashboard is available as the user doesn't have applicant role. If they click on the "profile" button they see this page with open to update profile and setup a password and enable 2FA. If the user decide to change the email, password is not asked if not password is set, instead an email is sent to authorize the email change.  ## Updated "Sudo" mode page ### For account with password  After clicking on the "Send a confirmation code to your email" link   ### For account without password  ## Updated disable 2FA page It requires "Sudo" mode, instead of password now. 
wes-otf
pushed a commit
that referenced
this pull request
May 8, 2024
Fixes #ISSUEID This PR is depended on #3521 - [x] Passwordless login - [x] Passwordless signup - [x] Allow user to set a password after going to profile. - [x] Allow user to change their email even if they don't have an email set. - [x] Allow user to add their name in the application form if name is not present in the user account. - [x] Don't display "Dashboard" link if the user does't have permission to access to it. - [x] Allow to use to setup 2FA without account password. - [x] Display user content on the login screen, if configured (it is an existing feature) - [x] If 2FA is enforced, allow the user to submit the application without setting up 2FA - [x] Add email re-verification option to elevate, sudo mode, apart from password - [x] Update landing page after application submission, on success it redirects now. - [x] Update ENABLE_PUBLIC_SIGNUP and FORCE_LOGIN_FOR_APPLICATION to true by default # Login/Signup Flow  ## Updated Login Page with Registration Enabled  ## After providing the email ID The messaging is kept neutral to hide if the user is already registered or not. The email will contain more detail, if the account exist or not.  Login email copy  ## Signup New Account Email copy  ### Profile Page just after signup The user after clicking on the signup link in the email is redirect to homepage. No dashboard is available as the user doesn't have applicant role. If they click on the "profile" button they see this page with open to update profile and setup a password and enable 2FA. If the user decide to change the email, password is not asked if not password is set, instead an email is sent to authorize the email change.  ## Updated "Sudo" mode page ### For account with password  After clicking on the "Send a confirmation code to your email" link   ### For account without password  ## Updated disable 2FA page It requires "Sudo" mode, instead of password now. 
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #ISSUEID
This PR is depended on #3521
Login/Signup Flow
Updated Login Page with Registration Enabled
After providing the email ID
The messaging is kept neutral to hide if the user is already registered or not. The email will contain more detail, if the account exist or not.
Login email copy
Signup
New Account Email copy
Profile Page just after signup
The user after clicking on the signup link in the email is redirect to homepage. No dashboard is available as the user doesn't have applicant role. If they click on the "profile" button they see this page with open to update profile and setup a password and enable 2FA.
If the user decide to change the email, password is not asked if not password is set, instead an email is sent to authorize the email change.
Updated "Sudo" mode page
For account with password
After clicking on the "Send a confirmation code to your email" link
For account without password
Updated disable 2FA page
It requires "Sudo" mode, instead of password now.