Closed Bug 612746 Opened 14 years ago Closed 14 years ago

[tracker] Login and Logout

Categories

(support.mozilla.org :: Users and Groups, task, P1)

Product:
support.mozilla.org
Component:
Users and Groups
Type:
task

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: jsocol, Unassigned)

References

Details

Users need to be able to log in and out through Kitsune. (We can also remove the Tiki session support.) This involves a few steps, so filing as a tracker for now.

* Logout (should be pretty self-contained).
* Wipe out any currently stored passwords in auth_user.password.
* Switch to using Fred's SHA-256 auth backend (we'll never have a better chance than right now).
* Remove Tiki session detection and models.
* Auth fallback (see below).
* A login page that does all this.
* The login page should robustly support a destination parameter.

We can look at django-registration for it's auth but can't use it because we don't use Django templates.


Auth Fallback:

Check the user's password normally, against the hashed data in auth_user.password.
  - Success? Win!
  - Failure? Check the user's password against the old tiki password.
    - Failure? Login fail!
    - Success?
      - Use the plaintext to populate auth_user.password with the SHA-256 hash and permanently erase the old, insecure hash.
Priority: -- → P1
Depends on: 612749
Depends on: 612750
Depends on: 613986
Depends on: 613987
Depends on: 614002
Depends on: 614011
Component: General → Users and Groups
Depends on: 614589
Depends on: 614705
All blockers resolved!
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Verified login/out with new users and also old tiki users.
Status: RESOLVED → VERIFIED
Flags: in-testsuite?
You need to log in before you can comment on or make changes to this bug.