Gitea: `Delete account ` password field length
- Gitea version (or commit ref):
Current - Git version:
N/A - Operating system:
N/A - Database (use
[x]):N/A
- [ ] PostgreSQL
- [ ] MySQL
- [ ] MSSQL
- [ ] SQLite
- Can you reproduce the bug at https://try.gitea.io:
- [x] Yes (provide example URL) https://try.gitea.io/user/settings/delete
- [ ] No
- [ ] Not relevant
- Log gist:
Description
Make delete account password field match the length of rest of the fields under settings.
Screenshots
Currently:
Make it like gogs (talking about the length, not the settings arrangement):
Fastidious
All 15 comments
I'm calling this a ui-bug 😄
bkcsoft
on 2 May 2017
@bkcsoft also, why is there a reason for a “Forgot password?” link there? To get to this, one must be logged in, am I missing something? Gogs, for example, do not have it there.
Fastidious
on 2 May 2017
I have no clue 😂
bkcsoft
on 2 May 2017
@Fastidious Since Gitea support login via Oauth2 then many people maybe didn't use their password many days. So when he want to delete himself he maybe forget his password.
lunny
on 3 May 2017
And I don't think this is a bug, maybe it's an enhancement.
lunny
on 3 May 2017
So when he want to delete himself he maybe forget his password.
@lunny, if anything, that’s an UX problem. Perhaps gitea should detect you are logging in with Oauth2, and allow account deletion under those conditions, perhaps asking “Are you sure?” with a little verbose stating that’s final — thus making the “Forgot password?” link irrelevant.
Fastidious
on 3 May 2017
Deleting account must ask for password for security reasons
lafriks
on 3 May 2017
@lafriks I think we all understand that. How do you propose asking for a password should happen, when using Oauth2 to login? Perhaps disable account deletion with Oauth2 logins, and only show it with local logins?
Fastidious
on 3 May 2017
@Fastidious, in fact, OAuth2/OpenID is an linked account, you also has an related local account. This is different from LDAP/SMTP. Also, maybe we should change LDAP/SMTP like OAuth2 in future.
lunny
on 3 May 2017
No, LDAP should not be moved to linked account as in organizations LDAP will be primary account store and users should not be able to change/use different passwords for Gitea as than it can't be controlled by password policy etc.
lafriks
on 3 May 2017
@lunny yes, I understand that too. Yet, once you use OAuth2 there is no longer a need to remember the “other” local password.
Fastidious
on 3 May 2017
@Fastidious that is why there is Forgot password link ;)
lafriks
on 3 May 2017
@lafriks we are dancing in a loop, playing a broken record. Back to this track. Cheers!
Fastidious
on 3 May 2017
Password handling discussion should be in #1036, please continue it there.
This ticket is for an UI bug, keep that here.
strk
on 4 May 2017
I can fix the password length field if no one else is working on it.
Edit: Seems I overlooked the comment about what to do with it regarding OAuth2 etc, scratch that.
sondr3
on 15 May 2017
Related issues
jakimfett
·
3Comments
ghost
·
3Comments
BRMateus2
·
3Comments
flozz
·
3Comments
BNolet
·
3Comments
Most helpful comment
@lafriks we are dancing in a loop, playing a broken record. Back to this track. Cheers!