New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add files via upload #2302
Add files via upload #2302
Conversation
Removed unused authentication schemes and added 2-factor authentication. Changed user password verification as it does not work with 2-factor authentication it will break changing users password also changed the default time-out from 15 minutes to a day because typing your password and 2-factor code every 15 minutes feels insane, credit to the advice of Andreas Böhler on this.
What's the reason that this should be merged into core? This seems like a customization. |
It is a customization indeed. The default setting of time-out are 15 minutes which seems a little short when writing documentation. They will learn this after they write documentation and learn that when they want to save after an hour of work they have to log on again with a change of loosing some of the text they wrote. This also seems the case with 2-factor authentication. Why not change the default values for these things it seems unnecessary to keep old default values. So maybe we should set this values higher as default ? If you think this is foolish or not needed than please close this than I will keep these changes only for myself. |
Something else must be wrong with your setup as according to https://www.dokuwiki.org/config:auth_security_timeout:
|
So it is about semantics in tech. Why do you think there is something wrong with my setup ? |
I don't know for sure how it works but according to the documentation which I've linked above, this setting does not mean that people have to log in every 15 minutes. If that is the case with your setup, it is not working as intended, so something else must be wrong. 15 minutes is the default, and that default is also what it is set to on dokuwiki.org. But I only need to log into dokuwiki.org maybe once a year (probably even less). I have other DokuWiki instances, never changed that setting and never need to log in for at least a couple of months. |
Do you use 2-fa ? I will check this issue as it is on all my setups on 4 different machines. |
https://www.dokuwiki.org/plugin:authg2fa
|
So, it seems normal for that particular plugin, but still not normal for how DokuWiki intended that setting to be used. I wonder if it could be fixed within the plugin? Did you try the other 2FA plugins if they behave the same way? |
Good suggestion. |
The 2fa plugin should at least increase the setting for you. But ideally it would use some other mechanism to determine if 2fa credentials need to be reacquired (aka. remember this computer). I'm closing this because it's not a core issue and should be addressed in the plugin. |
Changed user password verification as it does not work with 2-factor authentication it will break changing users password also changed the default time-out from 15 minutes to a day because typing your password and 2-factor code every 15 minutes feels insane, credit to the advice of Andreas Böhler on this.