Better message when denying login and keeping track of most recent failed ids
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
django-openid-auth |
New
|
Undecided
|
Unassigned |
Bug Description
Taking into account the following scenario:
* Creation of new accounts set to False
* User openid currently not mapped to any website user
Then, the outcome of the login process could be a bit more explicative (at least if DEBUG was on). For example, it could say:
The id <openid-url> is not mapped to any account in this website. If you think this is an error, please contact the adminstrator.
This way the user can contact the adminstrator of the site with an URL that could be mapped to his/her account.
Otherwise, the information is hard to retrieve for services like Google -- I mean, you must know what you are doing to find out this information.
Optionally and if you find viable, a table of "denied" openid-urls could be kept with some sort of information from those like time, username and e-mail address. This could also allow the administrator to:
a) Check if people is trying to authenticate with invalid ids to often and who these people are
b) Associate a denied id with an existing account to enable that id to be used for a particular user