Jump to content

better management for user login


thostr
 Share

Recommended Posts

thostr

I think the current login is kinda lackluster.

 

For users with no Emby Connect account, there is no way to handle password resets on their own.

There is a "Forgot password" link but since emal adresse is not registered, the email with reset password form does not arrive to user.

 

So my request is 2-parted:

1: Add the options to ad an email address for users without require to create an Emby Connect account.

2: Give to posibility to costumize the login page so I, as an admin could better help users that forgot their password.

Link to comment
Share on other sites

Hi, yes email is possible, but who will send out the email? That means you would have to configure an email server in order for your Emby Server to be able to send outgoing email.

Link to comment
Share on other sites

thostr

Oh, yeah you are correct.. :)

if option 1 is a alternative, I need to option to enter an SMTP server as well.

 

Nevertheless the current way is confusing for enduser. If they press "forgo" password" and enter email address, they expect to gen an email.

Link to comment
Share on other sites

Nevertheless the current way is confusing for enduser. If they press "forgo" password" and enter email address, they expect to gen an email.

 

But why would you enter an email address? You should be entering your local emby server user name.

Link to comment
Share on other sites

  • 1 month later...
yarez0

But why would you enter an email address? You should be entering your local emby server user name.

 

Hi Luke, 

 

I think thostr wants the possibility to add user email to send them links to password reset or anything else. If I'm right today emby mails are managed by the emby connect platform.

 

 

I want the same, if a user lost his passsword, I want him to reset it without my help.

 

Register a emby connect user for standard users is to hard, they don't understand what it is and how to use it. Had to explain them how connect, why... I prefer manage myself their secure connections to my server the easyest way possible. I did some tests and emby connect links generated are http, not https (because of certificates I think), so I had to reverse proxy emby links etc etc... to much work. I prefer send them https url, 443 port and certificate managed by myself.

 

 

Anyway, it would be nice to my user to receive "NEW MEDIA REPORT" by PLAYBACK REPORTING plugin for example but to do that I need to register their email addresses, and unfortunatly you have to integrate a POSTFIX or something else in emby.

 

that is what thostr means I think

Edited by yarez0
  • Like 1
Link to comment
Share on other sites

CChris

hm... for local emby users, this could work. But if you have connected an Active Directory / LDAP for your user-login, this could be a bit more complicated...
Emby should then be able to allow changes on the specific user profile, which needs to be communicated to your LDAP server.
Also, you still need a email server for sending the PW reset / passwort information.

Another thing:
I would not recommend, to ask for an email address, when a user just hit the "forgot my password"... this would open the door for possible attacks:
 

I try to login a user... does not exist, I specify an email where I want to get the pw restore email and then, I could just change the password for another user.

IF you want to send a password email, the email address should be part of the user profile, which needs to be given, when the user creates an account. (if you register a user).

  • Like 1
Link to comment
Share on other sites

yarez0

LDAP is another kind of management, you can't recover your password without your administrator, but for local user it would me nice.

 

recovery password do not have to ask you your email but your user login, mail will be sent based on user email configured only.

 

password will be not sent by email, but a secure url will be provided to create another one. as many websites, when you lost your password you receive an url to create a new one, you do not receive your password in clear text (for secure website management)

Link to comment
Share on other sites

CChris

Yes, I already know these systems.
I just wanted to highlight, that - if the login page will be reworked, it should be considered, how this could behave / should behave, if someone is using the LDAP plugin.
In this case, I think, it needs somehow to be identified if it's a local user or an LDAP user... and maybe, it should be communicated to the user, if he needs to contact the admin or not...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...