gustafn
committed
on 31 Aug 24
documented command result
openacs-4/.../xml/kernel/ext-auth.xml (+2 -2)
133 133           <seg>EXT-AUTH-38</seg>
134 134           <seg>A</seg>
135 135           <seg>ad_form complain feature</seg>
136 136         </seglistitem>
137 137         <seglistitem>
138 138           <seg>EXT-AUTH-19</seg>
139 139           <seg>A</seg>
140 140           <seg>Rewrite password recovery to use API</seg>
141 141         </seglistitem>
142 142         <seglistitem>
143 143           <seg>EXT-AUTH-21</seg>
144 144           <seg>A</seg>
145 145           <seg>Rewrite email verification with API</seg>
146 146           </seglistitem>
147 147         <seglistitem>
148 148           <seg>EXT-AUTH-28</seg>
149 149           <seg>A</seg>
150 150           <seg>Username is email switch</seg>
151 151         </seglistitem>
152 152       </segmentedlist>
153         <para>Users will log in using a username, a authority, and a
  153       <para>Users will log in using a username, an authority, and a
154 154       password.  The authority is the source for user/password
155 155       verification.  OpenACS can be an authority itself. </para>
156 156      
157 157       <para>Each user in OpenACS will belong to exactly one authority, which
158 158 can either be the "local" OpenACS users table, in which case the
159 159 password column is used, or it can be some external authority,
160 160 which will be communicated with using some protocol, as implemented
161 161 by an authentication driver.</para>
162 162       <para>Username will be separate from email address. It can be an
163 163 email address, it can look like an email address but not be the
164 164 name of an actual email mailbox, or it can be something else
165 165 entirely.</para>
166 166       <para>We&#39;re assuming that user information (name, email, etc.) will
167 167 either already be in the users table through a batch
168 168 synchronization job, or that the relevant authentication
169 169 implementation supports real-time synchronization of user data.
170 170 Specifically, if you want remote users who haven&#39;t yet logged-in to
171 171 OpenACS to show up in user searches, you&#39;ll have to do the batch
172 172 synchronization.</para>
173 173       <para>All in all, the login box will be an includeable template and
 
384 384       <para>After having authenticated using the relevant authority driver,
385 385 we&#39;ll look for the username/authority pair in the users table.</para>
386 386       <para>If we don&#39;t find any, that means that we&#39;re either not doing
387 387 batch synchronizing, or that the user has been added since the last
388 388 sync. In that case, we&#39;ll try to do a real-time synchronization, if
389 389 the driver supports it. If it does, it&#39;ll return email,
390 390 first_names, last_name, and other relevant information, and we&#39;ll
391 391 create a row in the local users table using that
392 392 information.</para>
393 393       <para>If that doesn&#39;t work, we&#39;ll tell the user that their account
394 394 isn&#39;t yet available, and the driver will supply a message for us,
395 395 which could say "The account should be available tomorrow. If not,
396 396 contact X."</para>
397 397     </sect3>
398 398
399 399     <sect3 id="Account_Registratio"><title>Account
400 400 Registration</title>
401 401       <para>If a user doesn&#39;t have an account, the site-wide
402 402 configuration can allow the user to register for one, as defined in
403 403 the configuration discussed above. This section is about normal
404   account registration through a authority driver.</para>
  404 account registration through an authority driver.</para>
405 405       <para>The account creation service contract implementation will
406 406 need to tell us which information to ask the user for:</para>
407 407       <itemizedlist>
408 408         <listitem><para>Required Fields: A list of fields which are
409 409           required.</para></listitem>
410 410         <listitem><para>Optional Fields: A list of fields which are
411 411           optional.</para></listitem>
412 412       </itemizedlist>
413 413       <para>The fields to choose from are these:</para>
414 414       <itemizedlist>
415 415         <listitem><para>Username</para></listitem>
416 416         <listitem><para>First names</para></listitem>
417 417         <listitem><para>Last name</para></listitem>
418 418         <listitem><para>Email</para></listitem>
419 419         <listitem><para>URL</para></listitem>
420 420         <listitem><para>Password</para></listitem>
421 421         <listitem><para>Secret question</para></listitem>
422 422         <listitem><para>Secret answer</para></listitem>
423 423       </itemizedlist>
424 424       <para>It should return the following:</para>