| |
133 |
133 |
<seg>EXT-AUTH-38</seg> |
| |
134 |
134 |
<seg>A</seg> |
| |
135 |
135 |
<seg>ad_form complain feature</seg> |
| |
136 |
136 |
</seglistitem> |
| |
137 |
137 |
<seglistitem> |
| |
138 |
138 |
<seg>EXT-AUTH-19</seg> |
| |
139 |
139 |
<seg>A</seg> |
| |
140 |
140 |
<seg>Rewrite password recovery to use API</seg> |
| |
141 |
141 |
</seglistitem> |
| |
142 |
142 |
<seglistitem> |
| |
143 |
143 |
<seg>EXT-AUTH-21</seg> |
| |
144 |
144 |
<seg>A</seg> |
| |
145 |
145 |
<seg>Rewrite email verification with API</seg> |
| |
146 |
146 |
</seglistitem> |
| |
147 |
147 |
<seglistitem> |
| |
148 |
148 |
<seg>EXT-AUTH-28</seg> |
| |
149 |
149 |
<seg>A</seg> |
| |
150 |
150 |
<seg>Username is email switch</seg> |
| |
151 |
151 |
</seglistitem> |
| |
152 |
152 |
</segmentedlist> |
| |
153 |
|
<para>Users will log in using a username, a authority, and a |
| |
|
153 |
<para>Users will log in using a username, an authority, and a |
| |
154 |
154 |
password. The authority is the source for user/password |
| |
155 |
155 |
verification. OpenACS can be an authority itself. </para> |
| |
156 |
156 |
|
| |
157 |
157 |
<para>Each user in OpenACS will belong to exactly one authority, which |
| |
158 |
158 |
can either be the "local" OpenACS users table, in which case the |
| |
159 |
159 |
password column is used, or it can be some external authority, |
| |
160 |
160 |
which will be communicated with using some protocol, as implemented |
| |
161 |
161 |
by an authentication driver.</para> |
| |
162 |
162 |
<para>Username will be separate from email address. It can be an |
| |
163 |
163 |
email address, it can look like an email address but not be the |
| |
164 |
164 |
name of an actual email mailbox, or it can be something else |
| |
165 |
165 |
entirely.</para> |
| |
166 |
166 |
<para>We're assuming that user information (name, email, etc.) will |
| |
167 |
167 |
either already be in the users table through a batch |
| |
168 |
168 |
synchronization job, or that the relevant authentication |
| |
169 |
169 |
implementation supports real-time synchronization of user data. |
| |
170 |
170 |
Specifically, if you want remote users who haven't yet logged-in to |
| |
171 |
171 |
OpenACS to show up in user searches, you'll have to do the batch |
| |
172 |
172 |
synchronization.</para> |
| |
173 |
173 |
<para>All in all, the login box will be an includeable template and |
|
| |
384 |
384 |
<para>After having authenticated using the relevant authority driver, |
| |
385 |
385 |
we'll look for the username/authority pair in the users table.</para> |
| |
386 |
386 |
<para>If we don't find any, that means that we're either not doing |
| |
387 |
387 |
batch synchronizing, or that the user has been added since the last |
| |
388 |
388 |
sync. In that case, we'll try to do a real-time synchronization, if |
| |
389 |
389 |
the driver supports it. If it does, it'll return email, |
| |
390 |
390 |
first_names, last_name, and other relevant information, and we'll |
| |
391 |
391 |
create a row in the local users table using that |
| |
392 |
392 |
information.</para> |
| |
393 |
393 |
<para>If that doesn't work, we'll tell the user that their account |
| |
394 |
394 |
isn't yet available, and the driver will supply a message for us, |
| |
395 |
395 |
which could say "The account should be available tomorrow. If not, |
| |
396 |
396 |
contact X."</para> |
| |
397 |
397 |
</sect3> |
| |
398 |
398 |
|
| |
399 |
399 |
<sect3 id="Account_Registratio"><title>Account |
| |
400 |
400 |
Registration</title> |
| |
401 |
401 |
<para>If a user doesn't have an account, the site-wide |
| |
402 |
402 |
configuration can allow the user to register for one, as defined in |
| |
403 |
403 |
the configuration discussed above. This section is about normal |
| |
404 |
|
account registration through a authority driver.</para> |
| |
|
404 |
account registration through an authority driver.</para> |
| |
405 |
405 |
<para>The account creation service contract implementation will |
| |
406 |
406 |
need to tell us which information to ask the user for:</para> |
| |
407 |
407 |
<itemizedlist> |
| |
408 |
408 |
<listitem><para>Required Fields: A list of fields which are |
| |
409 |
409 |
required.</para></listitem> |
| |
410 |
410 |
<listitem><para>Optional Fields: A list of fields which are |
| |
411 |
411 |
optional.</para></listitem> |
| |
412 |
412 |
</itemizedlist> |
| |
413 |
413 |
<para>The fields to choose from are these:</para> |
| |
414 |
414 |
<itemizedlist> |
| |
415 |
415 |
<listitem><para>Username</para></listitem> |
| |
416 |
416 |
<listitem><para>First names</para></listitem> |
| |
417 |
417 |
<listitem><para>Last name</para></listitem> |
| |
418 |
418 |
<listitem><para>Email</para></listitem> |
| |
419 |
419 |
<listitem><para>URL</para></listitem> |
| |
420 |
420 |
<listitem><para>Password</para></listitem> |
| |
421 |
421 |
<listitem><para>Secret question</para></listitem> |
| |
422 |
422 |
<listitem><para>Secret answer</para></listitem> |
| |
423 |
423 |
</itemizedlist> |
| |
424 |
424 |
<para>It should return the following:</para> |