-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: Make it possible to set a password for guests #494
Comments
You can use the usual auth integrations + permission. Set it to limited and only users that are able to authenticate to a pad, can edit or see it. And sorry for the late response, we currently revisit all issues. |
Interesting idea: You can set one password for a pad in the permission section and everyone who would find a 403 right now, like Guest when a note is marked as "Limited", "Protected" or "Private" or users in case of a "Private" one, will be prompted for the password. And additional checkbox, besides the password field should toggle write access to for these users. It's a very basic feature, but should be enough. |
This would be very cool, would love to see this implemented or implement it myself |
From a UI perspective I did some experiments: Note implementationWith label at the bottom:Without at the bottom:With label but over the deletion in between:Without label but over the deletion in between:403-page implementationRight now, I didn't do any server-side implementation. So there is no branch for testing right now. I wonder what is preferred. Any additional/alternative ideas? |
I would add a submit button to the 403 page, since many people would expect this. |
regarding the different variants: I believe "note password" alone is not enough, it needs the extra label. Especially when something is already entered and the hint inside the input is no longer visible. Also, input and label needs some margins left and right. |
Is this better? 403 with buttonFor people who want to develop the backend part: Also an interesting question: Should the password be visible or not? Includes the question: do we store the password for the note as a real secret (hashed password) or as plaintext password |
Hints for the backend implementation: |
I have a few questions regarding the backend implementation:
Would love some feedback on these questions |
It's actually a good question how to store or save the password during this time. I didn't really think about that right now. In general, we should do this by passport as every other auth before. https://github.com/antgraf/passport-localapikey <-- seems to be good and maintained Our note password would be the API key in this case. Means, we need to implement the authentication strategy but not for the usual user accounts. This answers your question where to send the password. The usual I'm not sure if this works, but that's my idea for now. |
I had an idea on how to make this without another authentication mechanism: When a user sends the correct password for a note to the Could this be done or are there problems with saving this into the session variable? |
Sounds fine, too. Can you provide some example code? I'm not completely sure how the implementation looks like, feel free to surprise me ^^ |
If you can make it to land a PR until end of next week I'll review and merge it to 1.0.0-CE. Otherwise this Feature goes for next release |
Please push it back to a later release, have a lot assignements at university right now |
@miterion hey, how is it going? Still interested in doing this? |
@SISheogorath I do not think that I am able to work on this currently. If someone else wants to do it I would be really happy |
I feel this is also related to #138, perhaps this is a way to have some notes encrypted? |
Hi, are there any update on this feature, to protect certain pads by password? By the way, the current permissions, are mostly concerning edit permissions, only "private" states that only myself can view the pad. However the usecase for me is that I want to have a private pad, where only users with the password can view and edit, regardless if they authenticated/logged in or not. As I am using the service in a mass-installation (gwdg), I don't want to share some sensitive pads with the whole community. |
Absolutely agree with the suggestion! This is a necessary feature, especially in large installations (k-range). |
+1 |
Also expressing interest in this. |
This feature is really necessary for me |
+1 |
2 similar comments
+1 |
+1 |
We currently use etherpad with a custom pad manager so we can set a password to view/edit a pad. This way the links can be shared and not be edited by anyone. Would it be possible to add this to hackmd?
The text was updated successfully, but these errors were encountered: