Hi all,
Trying to get authentication sorted on trunk and 1.4, I've come across the following finding and don't know how we want to deal with it.
The issue at hand is that both the login page at
login.pl and
setup.pl's login page use a JS script to validate user credentials. Our expectations from the code are different in the
setup.pl vs the
login.pl cases, though:
1.
setup.pl: if the user and password are valid, but the company provided isn't, we want success to be reported (so we can create the company)
2.
login.pl: if the user and password are valid, but the company isn't, we want failure to be reported, to deny logon.
Of course, I could add some query parameter to the authentication and make the validation dependent on it. Is that the best solution?
--
Bye,
Erik.
Robust and Flexible. No vendor lock-in.