- Issue created by @antiorario
- Status changed to Needs review
9 months ago 3:21pm 7 October 2023 - ๐บ๐ธUnited States antiorario
I opened a MR with the proposed code changes (but I guess because I didnโt create a proper issue fork itโs not showing up on here ๐คท๐ผโโ๏ธ๐คฆโโ๏ธ): https://git.drupalcode.org/project/passwordless/-/merge_requests/9.
- ๐ณ๐ดNorway matsbla
I do understand it can be difficult to cater for everyone, but I hope it will be possible to find a way to keep configurable options so it is possible redirecting to a confirmation page!
- ๐ฉ๐ชGermany zcht
I have only just seen this issue and would like to write a few lines about it. I would actually extend the options instead of removing them completely.
At the moment I use a customised login and registration information page after the user has logged in or registered. It is part of good UX that the user is always informed about what has happened and receives further information.
I would even go so far as to implement templates and custom fields for all three points mentioned. In the configuration, you could then offer an image field, title and text, for example. This would tell the user what has happened and what to do next.
In my project, the link "What? No password?" is called up very often because many people don't understand how a registration or login is supposed to work without a password. Everything is explained there.
That's why I'm actually against the removal, but for a technical implementation for the three things: Configuration fields and templates, the module is supposed to help users and if the options are removed, it won't help at all. We would like to see a concept in which this becomes a standard and thus further promotes security.
PS: the current version of the module 2.0.0-beta2, has changed so much that you can't update it. the whole custom logic for help pages after login/registration is no longer supported, which is unfortunately not the right way for this module in my opinion.
- ๐ฆ๐บAustralia RichardGaunt Melbourne
Thanks for creating the issue for discussing passwordless configuration.
I uploaded a screenshot of the settings form for discussion so people can visualise.
The last release set a positive direction for the module, I personally liked the cleanup that happened within it.
Personally I think all of the current settings could be removed especially the settings that Drupal has systems for:
1. Include stylesheet on login page - people have control over stylesheets via theme, I dont think this is necessary anymore.
2. Passwordless help - I dont think a page for passwordless help is necessary, if people need a page they can create a page and link to it from the login form or a block on that page
3. Enable confirmation page - same as the help page, there are plenty of ways to implement this within core drupal and I think its cleaner to use Drupal systems.However, I do think there is functionality that could be added via settings:
1. Confirmation Page URL - if filled the user is redirected to a url where the confirmation page is located.
2. Help Page URL - if filled in a "What? No password?" link is added to the form in the way it is now - maybe the text of the link could be updated too.
3. Complete control over the messages that passwordless sends to the user when interacting. There is no way to easily replace user messages in Drupal.There are two messages that I can see passwordless sets:
User Login confirmation - "You have just used your one-time login link. It is no longer necessary to use this link to log in."
User Login submission - "If %identifier is a valid account, an email will be sent with a login link."It would be great to customise these via settings as it is not clean or easy to alter drupal messages.