login_engine is good. But there are two things about that I “dislike”.
I’ve
been thinking of develop a patch for them, but I’d like some sense that
the
patch goals are agreed with, and thus making it likely to be accepted?
-
Sending out the password in email is just plain bad. I know I can
probably
replace the view, but I’d rather see it as an configuration option. -
When a password is forgotten, a secondary authentication token is
email to
the user. As near as I can tell, that authentication token does general
authentication, until it expires. I much prefer a model where that
token is
necessary to change the password, and that’s all it is good for. And
when
the password is changed the token is invalidated.
Should I make patch, or just fork it?
David