[Yanel-dev] [Bug 7164] handle forgotten passwords

[bugzilla at wyona.com]

http://bugzilla.wyona.com/cgi-bin/bugzilla/show_bug.cgi?id=7164





------- Comment #1 from pupreti at yahoo.com  2009-06-26 05:49 -------
I am adding this text after going through Guillaume's email(thoughts on
forgotten password handling ) dated June 16th.  

Listed below are summary of tasks I think are necessary to achieve this and
also open questions:

1.  User clicks on link that says "forgot password".  User gets a screen where
he/she can enter the email.  They enter the email. System verifies email
address exists and creates a URL to be sent via email.  The URL will have a
random generated id.  

question:  My understanding is yanel does not have a central config
database(could me wrong here). How can I access a single repository so that
multiple boxes can access the same data? I would like to have a central
repository where I can store random generated id, email, expiration date/time
to manage the forgot pw.


2.  User gets the link via email which is then clicked to get to the change pw
screen. There user enters the new pw 2 times.  When this is submitted, the
backend system will match the radom id with what is in the central repository
and implement the appropriate rule(encrpty and update pw).  

question:  Michael mentioned that the radomid link validation needs to be
configurable(12 hrs, 1 hr) etc.  Where is the best place to put that value? 
Also do we need admin UI to manage that data?

I would like to keep this simple straight forward for this phase. Once this is
stable then additional stuff.  

Please add your feedback. Thank you.


-- 
Configure bugmail: http://bugzilla.wyona.com/cgi-bin/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.