You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@allura.apache.org by Dave Brondsema <br...@users.sf.net> on 2014/08/18 23:24:36 UTC

[allura:tickets] #7585 Require password entry for changes to email settings

- **status**: code-review --> in-progress
- **QA**: Dave Brondsema
- **Comment**:

This works perfectly fine, but the UI is confusing I think.  We made some good improvements to the UI of this form a little while ago, so I'd like to continue making it better and not regress at all.  Its confusing because the claim & delete buttons are above the password field, so its not obvious you need to enter your password to use those buttons.

One idea would be to have the password hidden from the form until you submit it (delete, claim, or save button) and then pop up a dialog asking for password to confirm the action.  I don't know how tricky the JS would have to be to do that though.

Another theoretical idea would be to put the password field in a place that is clearly required for all the submit buttons.  All I can think of is putting it at the top of the form, but that might look odd too.  Perhaps it would be good enough if it also has the `required` attribute so that the browser tells you right away if you missed it, instead of waiting for the page submission. (That might even be good enough keeping the field at the bottom of the form too).  Would the `required` attribute work with the multiple submit buttons though?  Maybe need a bit of JS to enforce the password field is filled out.  Probably easier than the dialog idea above.



---

** [tickets:#7585] Require password entry for changes to email settings**

**Status:** in-progress
**Milestone:** forge-aug-8
**Labels:** 42cc 
**Created:** Wed Jul 23, 2014 03:43 PM UTC by Dave Brondsema
**Last Updated:** Thu Jul 31, 2014 02:47 PM UTC
**Owner:** Igor Bondarenko

Adding an email address, removing an email address or changing your primary address are important account operations and it would be good to require entering your password again to make those changes.  This will help avoid the possibility of someone gaining permanent access to an account that was left open, for example.


---

Sent from sourceforge.net because dev@allura.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.