Jump to content


Photo

better management for user login

request login

  • Please log in to reply
8 replies to this topic

#1 thostr OFFLINE  

thostr

    Advanced Member

  • Members
  • 49 posts
  • Local time: 02:25 AM
  • LocationCopenhagen, Denmark

Posted 25 June 2019 - 10:18 AM

I think the current login is kinda lackluster.

 

For users with no Emby Connect account, there is no way to handle password resets on their own.

There is a "Forgot password" link but since emal adresse is not registered, the email with reset password form does not arrive to user.

 

So my request is 2-parted:

1: Add the options to ad an email address for users without require to create an Emby Connect account.

2: Give to posibility to costumize the login page so I, as an admin could better help users that forgot their password.



#2 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 135740 posts
  • Local time: 08:25 PM

Posted 25 June 2019 - 01:16 PM

Hi, yes email is possible, but who will send out the email? That means you would have to configure an email server in order for your Emby Server to be able to send outgoing email.



#3 thostr OFFLINE  

thostr

    Advanced Member

  • Members
  • 49 posts
  • Local time: 02:25 AM
  • LocationCopenhagen, Denmark

Posted 26 June 2019 - 09:16 AM

Oh, yeah you are correct.. :)

if option 1 is a alternative, I need to option to enter an SMTP server as well.

 

Nevertheless the current way is confusing for enduser. If they press "forgo" password" and enter email address, they expect to gen an email.



#4 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 135740 posts
  • Local time: 08:25 PM

Posted 26 June 2019 - 02:53 PM

Nevertheless the current way is confusing for enduser. If they press "forgo" password" and enter email address, they expect to gen an email.

 

But why would you enter an email address? You should be entering your local emby server user name.



#5 yarez0 OFFLINE  

yarez0

    Advanced Member

  • Members
  • 50 posts
  • Local time: 02:25 AM

Posted 05 August 2019 - 08:57 AM

But why would you enter an email address? You should be entering your local emby server user name.

 

Hi Luke, 

 

I think thostr wants the possibility to add user email to send them links to password reset or anything else. If I'm right today emby mails are managed by the emby connect platform.

 

 

I want the same, if a user lost his passsword, I want him to reset it without my help.

 

Register a emby connect user for standard users is to hard, they don't understand what it is and how to use it. Had to explain them how connect, why... I prefer manage myself their secure connections to my server the easyest way possible. I did some tests and emby connect links generated are http, not https (because of certificates I think), so I had to reverse proxy emby links etc etc... to much work. I prefer send them https url, 443 port and certificate managed by myself.

 

 

Anyway, it would be nice to my user to receive "NEW MEDIA REPORT" by PLAYBACK REPORTING plugin for example but to do that I need to register their email addresses, and unfortunatly you have to integrate a POSTFIX or something else in emby.

 

that is what thostr means I think


Edited by yarez0, 05 August 2019 - 08:58 AM.

  • thostr likes this

#6 thostr OFFLINE  

thostr

    Advanced Member

  • Members
  • 49 posts
  • Local time: 02:25 AM
  • LocationCopenhagen, Denmark

Posted 05 August 2019 - 09:22 AM

Its exactly what I meant. Thank you for translating :)

#7 CChris OFFLINE  

CChris

    Advanced Member

  • Members
  • 316 posts
  • Local time: 02:25 AM

Posted 05 August 2019 - 10:09 AM

hm... for local emby users, this could work. But if you have connected an Active Directory / LDAP for your user-login, this could be a bit more complicated...
Emby should then be able to allow changes on the specific user profile, which needs to be communicated to your LDAP server.
Also, you still need a email server for sending the PW reset / passwort information.

Another thing:
I would not recommend, to ask for an email address, when a user just hit the "forgot my password"... this would open the door for possible attacks:
 

I try to login a user... does not exist, I specify an email where I want to get the pw restore email and then, I could just change the password for another user.

IF you want to send a password email, the email address should be part of the user profile, which needs to be given, when the user creates an account. (if you register a user).


  • yarez0 likes this

#8 yarez0 OFFLINE  

yarez0

    Advanced Member

  • Members
  • 50 posts
  • Local time: 02:25 AM

Posted 08 August 2019 - 09:50 AM

LDAP is another kind of management, you can't recover your password without your administrator, but for local user it would me nice.

 

recovery password do not have to ask you your email but your user login, mail will be sent based on user email configured only.

 

password will be not sent by email, but a secure url will be provided to create another one. as many websites, when you lost your password you receive an url to create a new one, you do not receive your password in clear text (for secure website management)



#9 CChris OFFLINE  

CChris

    Advanced Member

  • Members
  • 316 posts
  • Local time: 02:25 AM

Posted 08 August 2019 - 10:20 AM

Yes, I already know these systems.
I just wanted to highlight, that - if the login page will be reworked, it should be considered, how this could behave / should behave, if someone is using the LDAP plugin.
In this case, I think, it needs somehow to be identified if it's a local user or an LDAP user... and maybe, it should be communicated to the user, if he needs to contact the admin or not...







Also tagged with one or more of these keywords: request, login

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users