Closed
Bug 612746
Opened 14 years ago
Closed 14 years ago
[tracker] Login and Logout
Categories
(support.mozilla.org :: Users and Groups, task, P1)
support.mozilla.org
Users and Groups
Tracking
(Not tracked)
VERIFIED
FIXED
2.4
People
(Reporter: jsocol, Unassigned)
References
Details
Users need to be able to log in and out through Kitsune. (We can also remove the Tiki session support.) This involves a few steps, so filing as a tracker for now. * Logout (should be pretty self-contained). * Wipe out any currently stored passwords in auth_user.password. * Switch to using Fred's SHA-256 auth backend (we'll never have a better chance than right now). * Remove Tiki session detection and models. * Auth fallback (see below). * A login page that does all this. * The login page should robustly support a destination parameter. We can look at django-registration for it's auth but can't use it because we don't use Django templates. Auth Fallback: Check the user's password normally, against the hashed data in auth_user.password. - Success? Win! - Failure? Check the user's password against the old tiki password. - Failure? Login fail! - Success? - Use the plaintext to populate auth_user.password with the SHA-256 hash and permanently erase the old, insecure hash.
Reporter | ||
Updated•14 years ago
|
Priority: -- → P1
Reporter | ||
Updated•14 years ago
|
Component: General → Users and Groups
Reporter | ||
Comment 1•14 years ago
|
||
All blockers resolved!
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Comment 2•14 years ago
|
||
Verified login/out with new users and also old tiki users.
Status: RESOLVED → VERIFIED
Updated•13 years ago
|
Flags: in-testsuite?
You need to log in
before you can comment on or make changes to this bug.
Description
•