[Pidgin] #183: Authentication Failure Retry MISERY

Pidgin trac at pidgin.im
Fri Feb 15 10:44:48 EST 2008 

#183: Authentication Failure Retry MISERY
---------------------------+------------------------------------------------
  Reporter:  bmhkim        |       Owner:  rlaager
      Type:  defect        |      Status:  new    
  Priority:  minor         |   Milestone:  2.4.0  
 Component:  pidgin (gtk)  |     Version:  2.0    
Resolution:                |    Keywords:         
   Pending:  0             |  
---------------------------+------------------------------------------------
Comment (by eddyp):

 (please read on for a proposed resolution)

 This bug is annoying as hell. I, like may others, don't save passwords and
 I am utterly annoyed the the uselessness of the failed to login pop-up.



 Now, about the resolution, seems simple to my eyes, once you can dig what
 is the core of the problem: the password is saved *before* the
 authentication. This should not happen at all, and when I will retry,
 pidgin will ask again the password.

 So, talking about internals, I haven't looked, but I suspect the
 unintended "saves password"-like behaviour originates from the fact that
 the login information is held in the same container variable as it would
 be when reading it from the config file and there's no "origin"
 information attached to it, so there's no way to differentiate between
 "password was read from config" and "password was entered by user, which,
 by the way, doesn't want to save it".

 Proposed fixes:

 0 - add a fourth button "retry with another password" which is the default
 button
     (probably is more common for a human to type incorrectly a password,
 than to have a temporary failure on the server side)

 1 - keep the option "don't store the password" at hand
     zap the value of the password variable after an attempt to login, be
 it successful or not if the user doesn't store passwords

 2 - use a cache password variable for the password when trying to
 authenticate;
     zap it immediately after a login attempt, be it successful or not;
     before login, requiring the password is done like now, but after
 checking if the password is stored


 The last 2 solutions could be modified to:
     zap password if login failed (users of protocols that can expect temp
 failures *and* don't store passwords would probably expect to have to
 retype the password)
     keep the password for this session on success to prevent password
 typing if the connection breaks later, after login


 All solutions should be fine and probably 1 is better and more consistent
 with the "don't save passwords policy", while 0 would be simple to
 implement (since it ignores the "want to store password" option).

-- 
Ticket URL: <http://developer.pidgin.im/ticket/183#comment:7>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list