Passwordless login

clarkwinkelmann

anthonyrossbach I'm not seeing any easy way to do it.

If I use the "default" way to send emails in Flarum (text only), then Pretty Mail will probably be able to customize it, but that's at the cost of losing all custom style for the button that's included in the current version. Plus, I'm running this extension on some websites where I don't want to install Pretty Mail if I can avoid it.

If you want to customize the template, the best course of action is probably to fork the extension, or register a custom path to another folder for blade email template using the Flarum extender. This is a lot less work than whatever I would have to do to make the email customizable in the extension itself.

clarkwinkelmann

Released version 1.3.0 with Flarum beta 16 compatibility.

clarkwinkelmann

Released version 1.4.0 with Flarum 1.0 compatibility.

idkwhatusername

Add option to make that login links will expire after they have been used or when expiration time has passed.

Now when you login, you can use the same link more times to login on various devices, there should be option that link will expire when you use it.

clarkwinkelmann

idkwhatusername or when expiration time has passed

This part should already be handled. The default is 5 minutes and can be customized in the admin panel.

idkwhatusername you can use the same link more times to login on various devices

Is this really an issue? I don't see how this could be abused since the links are only valid for a very short time. If a user really wanted to login on multiple devices at once, what good would it do to ask for multiple emails in a few minute's interval?

If I ever work on an update, I suppose I could add an option where a token is deleted after usage. If you need it sooner you could sponsor the feature. You can contact me via my website to discuss a quote. It's probably <=30min only so it would be best bundled with other features to meet my usual 2 hours sponsoring.

allen13

clarkwinkelmann There is a conflict with this plug-in

Two Factor
nearata/flarum-ext-twofactor
v2.0.1

https://github.com/Nearata/flarum-ext-twofactor

https://bbs.owoser.cn

clarkwinkelmann

allen13 thanks for the report!

Is there an error message, or can you describe at which point of the login process something doesn't work? Or is the problem that 2FA just gets bypassed?

The conflict is almost expected since there's no way to use 2FA with two factor without writing specific code to make the 2 extensions works together (would 2FA be asked before the login link is sent, or afterwards but before auto-login).

But since both extensions offer optional features (passwordless still allows password login, and 2FA is a user setting) it should at least be possible to make sure the normal, non-passwordless, non-2FA flow continues to work.

I'm not sure when I'll be able to investigate further. I have never used the 2 extensions together. If you need additional compatibility between the 2 extensions you could sponsor the work to make it possible.

allen13

clarkwinkelmann You can log in normally by logging in with a password
However, when you log in without password, you will be prompted with "incorrect login information"

allen13

clarkwinkelmann

allen13

clarkwinkelmann Where can I sponsor? Is it possible to use Alipay?

clarkwinkelmann

allen13 you can contact me through my website https://clarkwinkelmann.com/flarum or Discord. I usually do Paypal or credit card, and I might be able to do other methods offered via Stripe. Stripe seems to support Alipay but I've never used it so I'm not sure whether I have access to it.

It's probably half an hour of work to do the investigation, but depending on what I find it might take 1h total or a bit more to fix. There's a possibility that I need to push an update to both extensions, in which case I can make a PR for Nearata's extension if needed.

allen13

clarkwinkelmann I am in China and I cannot use overseas payment due to my job.

clarkwinkelmann

Version 1.5.0

Suggest user try signing up in error message when receiving invalid credentials error during passwordless login
Updated code to Webpack 5. Requires Flarum 1.2+

New version of the login modal with the improved error message

ShayBox

Is this extension for the new "Passwordless" login type that 1Password and Bitwarden are using, or just for email login without a password?
https://passwordless.dev

matteocontrini

ShayBox the second one, it just sends the "magic link" to login

clarkwinkelmann

Oh great, now we have multiple concepts with the same name 🤦‍♂️

I can confirm what was said by matteocontrini , this extension sends a one-time login link/token via email and works without any external service or hardware.

ShayBox

At a high level, they're both just ways to log in without a password, but at a technical level, they're different.
Passwordless uses key pairs and uses password managers to provide them, while the other sends an email link to confirm you have access to an email account.
One uses a private key as proof, the other uses an email account as proof.

But since Passwordless (now Bitwarden) has made the API free, should this be added to this extension, considering the name conflict and similar technology goal, or should this name be changed to avoid confusion and another extension created to fill in that gap?

clarkwinkelmann

This extension appears to be broken on Flarum 1.8 due to an unexpected/undocumented change. I will try to publish a fix later this weekend.

In the meantime, hold on to updating Flarum or disable the extension. Users will be unable to access the login modal if you enable this extension on Flarum 1.8.

clarkwinkelmann

Version 1.5.2

Fix for Flarum 1.8 compatibility
Cast every API parameter to string for extra security

Benzitczo

do not working why problem.

error said: Caramba! Something went wrong. Please reload the page and try again.

OfficialAudite

Benzitczo Logs?

clarkwinkelmann

Benzitczo my extension does not integrate with Turnstile. Either Turnstile will have no effect or it will cause an error.

If you have any PHP or javascript error message if would help knowing if that's the problem or something else.

« Previous Page Next Page »