Password login improvements

e-valuation / EvaP

a university course evaluation system written in Python using Django

Other

95 stars 146 forks source link

Password login improvements #2155

Closed richardebeling closed 2 months ago

richardebeling commented 3 months ago

disallow password login while OIDC login is active
aggressively assert that the used login mechanism is intended to be active
update password login test
warn if we happen to have users in the database with usable passwords (which we don't expect to happen)

In the long run, it might make sense to completely ditch the password field from the database, and also enforce some kind of mocked OIDC login on development setups

niklasmohrin commented 3 months ago

In the long run, it might make sense to completely ditch the password field from the database, and also enforce some kind of mocked OIDC login on development setups

that would be cool!