Login UI - drawpile/Drawpile GitHub Wiki

Step 1: username

images/login1.png

The first step in the login process is asking the user’s username.

Step 2a: password (if needed)

images/login2.png

If this username is reserved, a password is asked. There are two different types of passwords: server specific passwords and ext-auth passwords.

In the screenshot, a server specific password is being asked, because this username has been reserved locally in the server configuration.

In case of ext-auth, the header that is orange in the screenshot would be blue and the text would read “Log in with domain credentials”

Problem 1: It’s not clear to users why a application asks for a password. (Reason: because the username has been reserved on this server.)

Problem 2: The distinction between server passwords and ext auth passwords is not clear enough. A user should never use an ext-auth password as a server password!

Step 2b: Certificate error warning

images/login6.png

This page is shown if there is a problem with the server’s certificate.

The purpose of this page is to alert the user that someone is running a man-in-the-middle attack (or has otherwise replaced the server.) However, in practice the most common reason this page is seen is because the certificate has expired.

Now that LetsEncrypt provides free certs for everyone, Drawpile should better support traditional CA signed certs. Self-signed certs should be supported also, however.

Step 3: session selection (if needed)

images/login3.png

At this point, the user has authenticated and can now join a session. This page is skipped in the following situations:

  • When the user is hosting a new session
  • When the server only supports one session per server
  • When the user joined using an URL which included the session ID

Problem: The list of sessions is kind of cramped. However, making it bigger would mean the dialog would have to change size on its own, or there would be more blank space on the other pages.

Step 4: session password (if needed)

images/login4.png

This page is shown when the selected session is password protected.

Problem: purpose of this page might be unclear. Could be confused with the user account’s password prompt. Should emphasize that this is the session’s password that is being asked.

Step 5: catchuo

images/login5.png

At this point, the login process is complete. The purpose of this page is to indicate the progress of the session content download to make it seem faster to the user. It also actually makes it slightly faster by hiding the canvas while the actions are being played back and thus avoiding repaints. The user can click on the Ok button to close the dialog and see the progress live on the canvas.