> The problem with using a random password is that you can't answer the > question "does this account have a password set?". I need to be able > to answer that question because my OpenID implementation allows users > to associate mupltiple OpenIDs with a single account. I want to let > them delete associations as well, but prevent them from deleting the > very last association unless they have set a password for their > account (to stop them from locking themselves out).
A slightly offtopic maybe, but... So, the only way to know if the user is associated to an OpenID identifier is the fact that the password is not set? Seems to be a weak proof. If the User record can be without a password globally, what will stop someone to register a passwordless account without OpenID involved? What would be the username? Does the user knows the username of the User record associated with his OpenID set? Why not to prevent the user from deleting the last association when the association is actually *the last*? BTW, I watch Your Django/OpenId progress closely because I'm building the similar thing currently myself. We could cooperate if You're interested. Regards, Max --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
