Page MenuHomePhabricator

Reorder & Hide Login Modules on Main Login Page
Closed, DuplicatePublic

Description

Let me preface this buy saying I did a cursory search and couldn't find this request. I also have a work around for my environment so it is not something critical however I feel this could be good for the overall Phabricator UX design.

Currently, in my environment, I am using the LDAP Authentication module however I still have the Password module enabled for access to the main administrator account and create accounts that are not available within our LDAP provider. To that end, one of the complaints I have fielded is how the LDAP is not the first one and some even come to me with a "My password doesn't work" when they are trying to shove it in the password auth. Ultimately this is a a bit of a user education problem however in our environment (higher ed allowing students to use Phabricator when doing the capstone project) that is not always an option.

There are two features I can see coming out of this:

  1. Sorting of Authentication Providers
  2. Hiding of Authentication Providers from the global login controller

The way I envision something like the sorting working would be similar to the way Phabricator reorders the custom field definitions in Maniphest. Hiding could simply be a field in the Authentication Provider or in the Config that allows you to hide providers.

Allowing the reordering of the Authentication Providers from within the config would allow users to keep more of a "clean" code-base (less patching). The hiding of authentication providers is less useful as the recover command line option is available, however still could be beneficial in certain circumstances.

The workaround for my ordering right now is to add the "getLoginOrder" function to the LDAP command and report back "050" instead of the default "500". While this works, it would be much cleaner from a user perspective to have the original getLoginOrder call a DB/command line defined configuration setting instead.

Event Timeline

DanSheps created this task.Feb 2 2017, 5:07 PM
chad added a subscriber: chad.EditedFeb 2 2017, 5:12 PM

Please see Contributing Feature Requests for what we need in a feature request. Specifically this is missing a root problem, which is our bar for accepting requests.

Root problem would be it is not possible to currently reorder or hide authentication providers login forms from within the configuration on the main authentication page.

chad added a comment.Feb 2 2017, 5:20 PM

Why is that a problem?

chad added a comment.Feb 2 2017, 5:25 PM

The root problem sounds like users are confused by the UI, which can have multiple resolutions.

The problem of not being able to reorder providers is when logging in, users (most anyways) will normally gravitate to the first login box they see to attempt to login and not actually pay attention to additional login forms that are available.

If the first login form happens to be a form that they do not have an account setup under, they will not be able to login. This results in emails to/from staff in an attempt to resolve their "Can not login" problem which ultimately happens to be them not attempting to login with the right provider. Even if they do resolve this, it adds additional time attempting to login to a provider that might ultimately not work or is only for certain circumstances.

It is more of a visibility problem then a completely user problem. Since the predominant element is the User/Password authentication by default, that is the one users will mostly gravitate to. I understand this can be solved with additional user education as well, but user education time would better spent on "you are the exception, use the bottom box" then "you are the rule, use the bottom box".

Also, this would be along the same principle as to why Maniphest allows you to reorder columns, speed and efficiency. On my laptop, I am required to scroll to hit the login button for LDAP, whereas if it is reordered then I don't need to scroll.

chad added a comment.Feb 2 2017, 5:51 PM

Going to merge into T6117 for completeness. Mostly, I don't think re-ordering here is helpful and will probably explore alternatives first. I also want to add "whiteboxing" to the auth page as well to allow people to customize the login page to their organization, so that should be considered during that overhaul as well.