Password update feature


(Adam Beers) #1

I think there should be a password update feature, instead of just the option to send an email under preferences.

I’ve created a Discourse Android app and one of the big features that I need is a password update/reset option via http JSON.


(Jeff Atwood) #2

This is not currently on our roadmap in any form.


(Adam Beers) #3

What does it take to get a feature added or on a roadmap?


(Sam Saffron) #4

App should use user API like the official app does. Not sure why the app would really deal with passwords


(Felix Freiberger) #5

Independently of his use case, I think that it’s really strange that you cannot change your password without a mail-based reset. I cannot think of any popular service that does this… :no_mouth:


(Jeff Atwood) #6

Why is that strange? It’s the “enter your password again before we allow you to change your password” step. In this case your password is that you control the current email address. If you don’t, you won’t be able to change the password, whereas if we let anybody with a valid login cookie change the password…


(Felix Freiberger) #7

But I cannot enter my password, I have to receive an email?


(Jeff Atwood) #8

Think of it as two factor auth.


(Felix Freiberger) #9

Wait, let me count again…

  1. control over mail address

Sorry, I cannot find the second factor :frowning:


(Jeff Atwood) #10

The second factor is the new password you will set :stuck_out_tongue_winking_eye: or the cookie you already hold, yes?


(Felix Freiberger) #11

:stuck_out_tongue_closed_eyes:

Either way, not allowing the classical three-box password change ritual feels weird – almost no service omits it.


(Blake Erickson) #12

The extra security is a +1 in my book.


(Adam Beers) #13

I’m not aware of the official app. Is it Android based? Where is it? Is it the “work in progress” app that I stumbled upon in another thread here, in Discourse · GitHub?


(Rafael dos Santos Silva) #14

(Adam Beers) #15

So, this is the same app that I looked at previously. The ReactActivity is new to me. Never seen it before and a quick search didn’t reveal much beyond references to facebook. Can someone help me understand it? Doesn’t seem like a standard app. I can’t follow it but that’s just because the ReactActivity is new to me.

I have a beautiful app for Android that I’ve created. I’m happy to show anyone who wants to help test it also.

Attached a screenshot.


(Adam Beers) #16

Sam, could you explain the “user API like the official app does”? How does the official app do a sign-in?