Closed (outdated)
Project:
Invite
Version:
master
Component:
Code
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
31 Mar 2007 at 00:30 UTC
Updated:
17 May 2020 at 08:36 UTC
Jump to comment: Most recent
I recently factored out parts of the Site Pass module into an API module that provides general functionality needed by modules that work with "login tickets" (= short, user_password()-generated passcodes plus expiration and associated user data). Today I uploaded this API module to drupal.org, it's called Login Ticket and serves as a base for my other module, Temporary Invitation. (Site Pass is not yet ported and seems to be maintained in a lazy way, the author is quite inactive with his issue list.)
Unfortunately I only noticed the existance of your project when drupal.org admin AjK placed a remark on my welcome-to-CVS message, which means I didn't look at your requirements when originally designing the API. Nevertheless, AjK thought it a good idea to converge towards a shared backend, so here I am asking for your thoughts on this issue, and what it would take for Invite to make use of the Login Ticket API.
Current differences in approaching the authentication issue:
- Invite expects the invited user to register after the invitation has been created, whereas Temporary Invitation directly creates a new user and login ticket when the inviter creates the invitation, and Site Pass creates a new user and login ticket when the anonymous user requests a ticket. That makes it easy for Temporary Invitation and Site Pass to associate a passcode with a login-able user, but clashes a bit when the user is not created at passcode creation time. In order to work with Invite, I removed the uniqueness of uids in the {loginticket} table, so it should be possible to store the inviter in the ticket instead of the invitee. You can't use the login function this way, but as far as I can see, you wouldn't have much use for it anyways.
- The Login Ticket API stores passcodes as MD5 hash for security reasons, and requires modules to notify the user right away, or else they have to store the plaintext passcodes themselves. On the other hand, Invite stores it as plaintext, but uses it only for instant notifying as well.
That's it, essentially. So the question is, are you interested to depend on the API as registration code backend? If there's problems with my module, I could certainly change it to accommodate your needs, as I'm currently the only user of the API. Maybe we could also move some code from Invite to Login Ticket, if it makes sense for general consumption.
What do you think? I'm eager to hear your input, if you like to you can contact me by email at jpetso [at] gmx [dot] at.
Thanks for the patience of reading all of this,
Sincerely,
Jakob
Comments
Comment #1
avpadernoI am closing this issue, since it's for a Drupal version no longer supported.