Opened 6 months ago

Closed 6 months ago

#2278 closed enhancement (fixed)

Improvements to login page for better extensions

Reported by: Nicklas Nordborg Owned by: everyone
Priority: major Milestone: BASE 3.19.3
Component: web Version:
Keywords: Cc:

Description (last modified by Nicklas Nordborg)

The login page can to some extents be modified by extensions but there are some improvements that can be made:

  1. The possibility to execute scripts before the login information is submitted. This could for example, be implemented as a custom event that is sent to the form before the form is submitted. Event handlers can do their processing and may also cancel the submission if needed.
  1. The possibility to add extra attributes to the login form and/or fields. We already have the DynamicActionsAttributes interface for this and it should be very easy to add support for it.
  1. The error message section should always be included in the HTML, but it should be hidden if there is no current message. Extensions should be able to display error messages.
  1. It should be possible to store session settings in the SessionControl even if a user is not logged in. This would, for example, be useful for the WebAuthn implementation (https://baseplugins.thep.lu.se/wiki/net.sf.basedb.webauthn) that need to store information between two requests.
  1. Scripts and style sheets that are added by extensions may interfere with each other. Since only one login form can be active it would be nice if only the scripts/style sheets defined by that extension are added to the page. When a different login form is selected the page is reloaded with the new scripts/style sheets.
  1. More...?

Change History (9)

comment:1 Changed 6 months ago by Nicklas Nordborg

In 8035:

References #2278: Improvements to login page for better extensions

Implemented a custom event before-login that is sent to the <form> element on the login page just before it is about to be submitted. Extensions may register for this event and may call event.preventDefault() to prevent the submission. A new method Login.submitLoginForm() can be called to submit the form without any more questions.

comment:2 Changed 6 months ago by Nicklas Nordborg

In 8036:

References #2278: Improvements to login page for better extensions

Added support for dynamic attributes to the LoginFormBean and FieldInfo classes.

comment:3 Changed 6 months ago by Nicklas Nordborg

In 8037:

References #2278: Improvements to login page for better extensions

Added a <div id="login-error"> that is always included in the HTML but hidden if there is no current error message.

comment:4 Changed 6 months ago by Nicklas Nordborg

In 8038:

References #2278: Improvements to login page for better extensions

Sessions settings are now stored directly in the SessionControl which doesn't require that a user is logged in.

comment:5 Changed 6 months ago by Nicklas Nordborg

Description: modified (diff)

comment:6 Changed 6 months ago by Nicklas Nordborg

In 8039:

References #2278: Improvements to login page for better extensions

It is now possible to track scripts and stylesheets that are added to the JspContext and only activate those that are added by the a given extension. This is used on the login page to so that only the scripts and stylesheets that are needed for currently active login form are included in the generated HTML.

comment:7 Changed 6 months ago by Nicklas Nordborg

In 8040:

References #2278: Improvements to login page for better extensions

Added a verifyOnly flag to the LoginRequest class which means that the login procedure is aborted after the login information has been verified. This also works when a user is logged in and is needed for the "Switch user" functionality with the first step of the WebAuthn authentication.

comment:8 Changed 6 months ago by Nicklas Nordborg

In 8041:

References #2278: Improvements to login page for better extensions

Updated some developer documentation.

comment:9 Changed 6 months ago by Nicklas Nordborg

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.