login_engine is good. But there are two things about that I “dislike”.
been thinking of develop a patch for them, but I’d like some sense that
patch goals are agreed with, and thus making it likely to be accepted?
Sending out the password in email is just plain bad. I know I can
replace the view, but I’d rather see it as an configuration option.
When a password is forgotten, a secondary authentication token is
the user. As near as I can tell, that authentication token does general
authentication, until it expires. I much prefer a model where that
necessary to change the password, and that’s all it is good for. And
the password is changed the token is invalidated.
Should I make patch, or just fork it?