Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication handling and error messages #28

Open
rtavcar opened this issue Apr 8, 2015 · 1 comment
Open

Authentication handling and error messages #28

rtavcar opened this issue Apr 8, 2015 · 1 comment

Comments

@rtavcar
Copy link

rtavcar commented Apr 8, 2015

Comments on login behaviour:

  1. If user is configured in LDAP and is member of one of olog's groups, login is OK.
  2. If LDAP is not configured, Olog returns a "wrong username or password" error.
  3. When logging in as existing LDAP user, which is not in any olog group (olog-logs, olog-tags, olog-logbooks or olog-admins), Olog ignores the login and keeps "Guest" logged in. No login error is reported.
  4. When logging in as bogus user, e.g. bogus:bogus, the browser's authentication pops up and infinitely requests the login data. No login error is reported by Olog.

Error message in case 2 is misleading. In cases 3 and 4, Olog should return meaningful error messages in the login screen. Message could be equal for both cases, something like "User unknown to olog."?

Cheers!
@berryma4
Copy link
Member

@AnthonyDionise can you look at this please.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@berryma4 @rtavcar