stormpath-express-react-example icon indicating copy to clipboard operation
stormpath-express-react-example copied to clipboard
verified publisher icon stormpath

Usability Improvements

Open edjiang opened this issue 9 years ago • 1 comments

Hey -- I know you'll probably be updating this for the Client API soon, so I want to suggest two improvements:

  1. The "confirm your password" field in /profile is not clearly labeled as such. As such, it causes confusion.

  2. In server.js, there's this snippet of code:

  if (req.body.password) {
    var application = req.app.get('stormpathApplication');

    application.authenticateAccount({
      username: req.user.username,
      password: req.body.existingPassword
    }, function (err) {
      if (err) {
        return writeError('The existing password that you entered was incorrect.');
      }

      req.user.password = req.body.password;

      saveAccount();
    });
  } else {
    saveAccount();
  }

In pseudocode:

If a password is submitted
    Verify password

    If verified, save data
    else error
If password isn't submitted
    save data

The password check doesn't really accomplish any specific goal since it doesn't really gate anything in the API, and would confuse people learning from this example. Either enforce the password verification, or don't enforce it -- not both!

edjiang avatar Jan 05 '17 21:01 edjiang

I am lost on this one. I am trying to change the logic. Either

Require a password, check if it is good, if bad error, else saveAccount()

Or

Use a token to authenticate the user on form submit, if bad error else saveAccount() and remove the password field.

hoff11 avatar Jan 06 '17 20:01 hoff11