[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Two scenarios for login.pl?action=authenticate

Hi all,

Trying to get authentication sorted on trunk and 1.4, I've come across the following finding and don't know how we want to deal with it.

The issue at hand is that both the login page at login.pl and setup.pl's login page use a JS script to validate user credentials. Our expectations from the code are different in the setup.pl vs the login.pl cases, though:

1. setup.pl: if the user and password are valid, but the company provided isn't, we want success to be reported (so we can create the company)
2. login.pl: if the user and password are valid, but the company isn't, we want failure to be reported, to deny logon.

Of course, I could add some query parameter to the authentication and make the validation dependent on it. Is that the best solution?



http://efficito.com -- Hosted accounting and ERP.
Robust and Flexible. No vendor lock-in.
Ledger-smb-devel mailing list