Logging in with no access
very low priority....
When you have LDAP configured and an LDAP user logs in with no access, there is no appropriate error message. The login form just refreshes. This confuses my test user base - they don't know if they failed to log in or if something happened.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Anton Gogolev on 28 Apr, 2015 06:57 PM
Radi, right?
This is a known "issue" that is somewhat related to HgLab responding with HTTP 404 when it should be responding with HTTP 403. To prevent information disclosure, HgLab does not tell a user that "there is indeed a project named "X", but you don't have access to it", nor does it give hints as to whether one has been granted sign in permissions.
This is not very intuitive and I think this will be changing in future versions.
2 Posted by Radi A. on 17 May, 2015 06:50 AM
Hi Anton,
from what I have seen of the product, I feel that it should open the dashboard and say that you have no projects, no access to create projects or something similar.
We have similar challenges in our own products with Windows Auth, I believe we handled this by giving a fake sub-status code, like "403.28" to prevent the ASP.NET MVC error handling. Unfortunately, I don't remember the details, but can check if needed.
Regards,
Radi A.