You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First of all, thanks for your awesome work on Kirby 3! It’s a solid update. 👍
Describe the bug
I’m using Kirby to manage an internal website for students, who participate in various classes about web development. They need to log in with given account data to see infos about the class and corresponding tasks. I’m currently updating my site from Kirby 2 and encountered two issues.
If students log in with a wrong email, the login() function simply returns false. In Kirby 2 it returned false in both cases, which is more convenient. You’ve discussed this to some extent in #1027, but the issue is closed, so I’ve opened a new one.
Additionally, you can’t login with a username anymore. You’ve discussed this in #763. However, I have a strong argument in favor of usernames: In my case, I don’t want students to see my email adresses. Also, usernames are generally shorter. Would it be possible to extend the login() function to allow logging in via username? You could differentiate usernames from email by searching for an @ symbol.
Expected behavior
The login() function should return false, if used in a controller. I understand that there are arguments for throwing an exception. However, your code examples (see link above) suggest a different behavior.
Kirby Version
3.0.1
The text was updated successfully, but these errors were encountered:
distantnative
changed the title
Restricting access to your site: Code examples throw exception
[Cms] Restricting access to your site: Code examples throw exception
Mar 6, 2019
Additionally, you can’t login with a username anymore. You’ve discussed this in #763. However, I have a strong argument in favor of usernames: In my case, I don’t want students to see my email adresses. Also, usernames are generally shorter. Would it be possible to extend the login() function to allow logging in via username? You could differentiate usernames from email by searching for an @ symbol.
We have discussed this in length. I don't think this will change anytime soon.
Regarding the rest, my thoughts:
wrong email should also throw the same exception, I think it is best practice not to reveal which part was wrong
the code examples need to be updated to include try {} catch() {}
@tpmatthes For login via name rather than email, you would have to make sure that names are unique when creating/updating new users (using hooks), otherwise it won't work.
First of all, thanks for your awesome work on Kirby 3! It’s a solid update. 👍
Describe the bug
I’m using Kirby to manage an internal website for students, who participate in various classes about web development. They need to log in with given account data to see infos about the class and corresponding tasks. I’m currently updating my site from Kirby 2 and encountered two issues.
I’ve implemented the authentication logic in a custom controller. It roughly follows this example: https://getkirby.com/docs/cookbook/security/access-restriction
If students log in with the correct email but wrong password, the code throws an exception:
If students log in with a wrong email, the
login()
function simply returns false. In Kirby 2 it returned false in both cases, which is more convenient. You’ve discussed this to some extent in #1027, but the issue is closed, so I’ve opened a new one.Additionally, you can’t login with a username anymore. You’ve discussed this in #763. However, I have a strong argument in favor of usernames: In my case, I don’t want students to see my email adresses. Also, usernames are generally shorter. Would it be possible to extend the
login()
function to allow logging in via username? You could differentiate usernames from email by searching for an@
symbol.To Reproduce
Steps to reproduce the behavior:
Expected behavior
The
login()
function should return false, if used in a controller. I understand that there are arguments for throwing an exception. However, your code examples (see link above) suggest a different behavior.Kirby Version
3.0.1
The text was updated successfully, but these errors were encountered: