Simple login method for local/demo databases


(Sergi Almacellas Abellana) #1

Rational

There are some cases where we want to allow users to autenticate without any password. For example this will be usefull for development environment or public demo servers.

Proposal

Implement a trust login method, that returns the valid id if the user exists on the database without checking anything else.
This option should be disabled by default and we should document that is not encouraged to use it on production systems, as it is done for example in the PostgreSQL Documentation

Although this can be implemented by a third party module, I think it’s interesting to add it on the trytond server basically to give a good advice that this is not encouraged to run this method on production systems.

I also propose to use this authentication method on the demo server.


(Cédric Krier) #2

I do not think it should be a standard method. It gives a wrong message to have something in the core that should not be used.
But we could have a module that we just drop on the demo server because I do not even think such module should be published.


(Sergi Almacellas Abellana) #3

Ok, so we can defined it on a separate module, maybe named authentication_trust to follow the authenticate_sms module.

If we don’t publish it, it’s not usable on other servers and other people with the same needs will be forced to reinvent the wheel.


(Cédric Krier) #4

For me, it is a misleading name because it gives the feeling we can trust. I would prefer authentication_none.

No, they could just get it from the repository. By the way, I think the repository should be under tpf to clearly shows it is unsupported and not standard.


(Sergi Almacellas Abellana) #5

Here is something similare developed by the calidae guys: https://bitbucket.org/calidae/trytond-authentication_dummy