Delete account password field length

[Fastidious]

• Gitea version (or commit ref): Current
• Git version: N/A
• Operating system: N/A
• Database (use [x]): N/A
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL) https://try.gitea.io/user/settings/delete
  • No
  • Not relevant
• Log gist:

Description

Make delete account password field match the length of rest of the fields under settings.

Screenshots

Currently:

Make it like gogs (talking about the length, not the settings arrangement):

[bkcsoft]

I'm calling this a ui-bug 😄

[Fastidious]

@bkcsoft also, why is there a reason for a “Forgot password?” link there? To get to this, one must be logged in, am I missing something? Gogs, for example, do not have it there.

[bkcsoft]

I have no clue 😂

[lunny]

@Fastidious Since Gitea support login via Oauth2 then many people maybe didn't use their password many days. So when he want to delete himself he maybe forget his password.

[lunny]

And I don't think this is a bug, maybe it's an enhancement.

[Fastidious]

So when he want to delete himself he maybe forget his password.

@lunny, if anything, that’s an UX problem. Perhaps gitea should detect you are logging in with Oauth2, and allow account deletion under those conditions, perhaps asking “Are you sure?” with a little verbose stating that’s final — thus making the “Forgot password?” link irrelevant.

[lafriks]

Deleting account must ask for password for security reasons

[Fastidious]

@lafriks I think we all understand that. How do you propose asking for a password should happen, when using Oauth2 to login? Perhaps disable account deletion with Oauth2 logins, and only show it with local logins?

[lunny]

@Fastidious, in fact, OAuth2/OpenID is an linked account, you also has an related local account. This is different from LDAP/SMTP. Also, maybe we should change LDAP/SMTP like OAuth2 in future.

[lafriks]

No, LDAP should not be moved to linked account as in organizations LDAP will be primary account store and users should not be able to change/use different passwords for Gitea as than it can't be controlled by password policy etc.

[Fastidious]

@lunny yes, I understand that too. Yet, once you use OAuth2 there is no longer a need to remember the “other” local password.

[lafriks]

@Fastidious that is why there is Forgot password link ;)

[Fastidious]

@lafriks we are dancing in a loop, playing a broken record. Back to this track. Cheers!

[strk]

Password handling discussion should be in #1036, please continue it there.
This ticket is for an UI bug, keep that here.

[sondr3]

I can fix the password length field if no one else is working on it.

Edit: Seems I overlooked the comment about what to do with it regarding OAuth2 etc, scratch that.