[openstreetmap/openstreetmap-website] Re-arrange login and signup screens as discussed in #4128 (PR #4455)
Milan Cvetkovic
notifications at github.com
Mon Jan 15 16:53:30 UTC 2024
@milan-cvetkovic commented on this pull request.
> + <h1><%= t ".title" %></h1>
+ </div>
+ <div class='header-illustration new-user-arm d-none d-md-block'></div>
+<% end %>
+
+<div class="auth-container">
+ <div class="text-muted col-sm form-container">
+
+ <h4><%= t ".welcome" %></h4>
+
+ <%= bootstrap_form_for current_user, :url => { :action => "create_association" } do |f| %>
+ <%= hidden_field_tag("referer", h(@referer)) unless @referer.nil? %>
+ <%= f.hidden_field :auth_provider %>
+ <%= f.hidden_field :auth_uid %>
+
+ <% if current_user.errors[:email].empty? %>
Hm, interesting. I thought that it may be a good idea to verify user's password as it is known to OSM. But maybe it is a valid assumption, at least when we trust 3rd party platform about the email address.
What do we do if we don't trust the email address (github, wikipedia, raw openid)? This would mean that user can create an account on github with someone elses email, then use that to login to OSM. Assuming github does not verify emails, this would allow hijacking OSM account...
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4455#discussion_r1452597544
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/4455/review/1822033965 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20240115/22138be7/attachment.htm>
More information about the rails-dev
mailing list