[Yanel-dev] [Bug 7164] handle forgotten passwords
Guillaume Déflache
guillaume.deflache at wyona.com
Fri Jun 26 09:52:29 CEST 2009
bugzilla at wyona.com schrieb:
> http://bugzilla.wyona.com/cgi-bin/bugzilla/show_bug.cgi?id=7164
>
>
>
>
>
> ------- Comment #1 from pupreti at yahoo.com 2009-06-26 05:49 -------
> I am adding this text after going through Guillaume's email(thoughts on
> forgotten password handling ) dated June 16th.
>
> Listed below are summary of tasks I think are necessary to achieve this and
> also open questions:
>
> 1. User clicks on link that says "forgot password". User gets a screen where
> he/she can enter the email. They enter the email. System verifies email
> address exists and creates a URL to be sent via email. The URL will have a
> random generated id.
>
> question: My understanding is yanel does not have a central config
> database(could me wrong here). How can I access a single repository so that
> multiple boxes can access the same data? I would like to have a central
> repository where I can store random generated id, email, expiration date/time
> to manage the forgot pw.
You could use the data repository of the realm your resource-type is
running in, see org.wyona.yanel.core.Resource.getRealm().getRepository().
Or maybe as was said as the info really does not need to be persisted
long-term we could use the HTTP session if we can bear that
session-replication would have to be activated in a clustered setup just
for that.
WDYOT?
> 2. User gets the link via email which is then clicked to get to the change pw
> screen. There user enters the new pw 2 times. When this is submitted, the
> backend system will match the radom id with what is in the central repository
> and implement the appropriate rule(encrpty and update pw).
Correct, whereas as said we should be able to reuse/refactor the
existing backend code for the change password feature, so you should not
have to care about the details.
> question: Michael mentioned that the radomid link validation needs to be
> configurable(12 hrs, 1 hr) etc. Where is the best place to put that value?
It should probably be a resource-type property, as e.g.
"show-collections-only" in
http://yanel.org/yanel/resource-types/^http^3a^2f^2fwww.wyona.org^2fyanel^2fresource^2f1.0::lookup/yanel/doc/index.html
is.
> Also do we need admin UI to manage that data?
I'd say we don't as it's not going to change often once projects are
humming happily.
> I would like to keep this simple straight forward for this phase. Once this is
> stable then additional stuff.
Sure, let's try to keep things simple.
Cheers,
Guillaume
More information about the Yanel-development
mailing list