Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Self-service user account creation #181

Open
SeanFromIT opened this issue Apr 16, 2020 · 2 comments
Open

Self-service user account creation #181

SeanFromIT opened this issue Apr 16, 2020 · 2 comments
Labels
enhancement Let's make it better!

Comments

@SeanFromIT
Copy link
Contributor

For public websites, looking for:

  1. Option to require login for commenting and/or editing
  2. Ability for visitors to create their own login, require email validation prior to being allowed to comment and/or edit
  3. Tracking of IPs along the way, for blocking bots, spam, etc.

Personally I'm also interested in social media logins instead of managing passwords in peppermint.json but that's more of a wish list.
@sbrl sbrl added the enhancement Let's make it better! label Apr 18, 2020
@sbrl
Copy link
Owner

sbrl commented Apr 18, 2020
edited

Hey, many thanks for opening the issue!

  1. You can control whether people need to be logged in to comment with the anonedits setting, but currently you have to be logged in to post a comment.
  2. That's definitely on the cards, and I've been making some progress towards this by laying some groundwork. Email validation will land in v0.21 (along with watchlists and other things). After that lands we can implement user registration for v0.22. It would also be nice to refactor the user credentials bit out of peppermint.json into their own file, but we'd then have the problem that web server configurations will need updating to block access to it (just as access is already blocked for peppermint.json)
  3. Tracking IPs would certainly be nice - i.e. tracking which IPs someone's logged in with etc. In theory this can be done already via your web server logs by looking for the relevant query strings, but it would be nice to have an "audit log" or "activity log" of what people have been doing (e.g. User X logs in from X.Y.Z.W). We wouldn't need to track page edits here though I don't think, since that's already done by recent changes. A key concern here would be privacy of the log file - i.e. it shouldn't be world-readable. This might require changes to web server configurations if it's enabled.

Social media logins would be really nice indeed too, but that requires implementing OAuth2 (which is very complicated). I could use a library here, but I'd need to find one that sufficiently lightweight that it's a single file - due to the way Pepperminty Wiki's module system works. If I can't find one, then we'd have to implement a more lightweight one ourselves (which would perhaps be preferable to keep the footprint down, but requires absorbing additional maintenance).

  • Add anoncomments setting (disabled by default)
  • Add self-service user registration (disable by default)
  • Consider what to do about creating extra private files (e.g. activity log, external user DB)

@sbrl
Copy link
Owner

sbrl commented Aug 16, 2020

I haven't forgotten about this. Other changes I wanted to make for v0.22 ended up being larger than expected, so I'd like to release them on their own before moving forwards with this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Let's make it better!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sbrl @SeanFromIT