Pepperminty-Wiki icon indicating copy to clipboard operation
Pepperminty-Wiki copied to clipboard

Published 20 hours ago verified publisher icon sbrl

Self-service user account creation

Open SeanFromIT opened this issue 4 years ago • 2 comments

For public websites, looking for:

  1. Option to require login for commenting and/or editing
  2. Ability for visitors to create their own login, require email validation prior to being allowed to comment and/or edit
  3. Tracking of IPs along the way, for blocking bots, spam, etc.

Personally I'm also interested in social media logins instead of managing passwords in peppermint.json but that's more of a wish list.

SeanFromIT avatar Apr 16 '20 18:04 SeanFromIT

Hey, many thanks for opening the issue!

  1. You can control whether people need to be logged in to comment with the anonedits setting, but currently you have to be logged in to post a comment.
  2. That's definitely on the cards, and I've been making some progress towards this by laying some groundwork. Email validation will land in v0.21 (along with watchlists and other things). After that lands we can implement user registration for v0.22. It would also be nice to refactor the user credentials bit out of peppermint.json into their own file, but we'd then have the problem that web server configurations will need updating to block access to it (just as access is already blocked for peppermint.json)
  3. Tracking IPs would certainly be nice - i.e. tracking which IPs someone's logged in with etc. In theory this can be done already via your web server logs by looking for the relevant query strings, but it would be nice to have an "audit log" or "activity log" of what people have been doing (e.g. User X logs in from X.Y.Z.W). We wouldn't need to track page edits here though I don't think, since that's already done by recent changes. A key concern here would be privacy of the log file - i.e. it shouldn't be world-readable. This might require changes to web server configurations if it's enabled.

Social media logins would be really nice indeed too, but that requires implementing OAuth2 (which is very complicated). I could use a library here, but I'd need to find one that sufficiently lightweight that it's a single file - due to the way Pepperminty Wiki's module system works. If I can't find one, then we'd have to implement a more lightweight one ourselves (which would perhaps be preferable to keep the footprint down, but requires absorbing additional maintenance).

  • [x] Add anoncomments setting (disabled by default)
  • [ ] Add self-service user registration (disable by default)
  • [ ] Consider what to do about creating extra private files (e.g. activity log, external user DB)

sbrl avatar Apr 18 '20 11:04 sbrl

I haven't forgotten about this. Other changes I wanted to make for v0.22 ended up being larger than expected, so I'd like to release them on their own before moving forwards with this.

sbrl avatar Aug 16 '20 15:08 sbrl