[feature-proposal] Forgot password improvements

Tue Nov 5 19:46:10 BRST 2013

Hey guys,

I thought about this option as well and didn't like the option of using
a select_field for the user but I encontered a big problem with this
option. Now that the plugin may add extra fields to be used in the
verification, we might have false positive matches. If you already
undestood the problem skip the following example:

The user A has a cpf 123 and the user B as an rg 123. There is the
plugin X that includes de verification by cpf and the plugin Y that
includes the verification on rg. When the user A try to recover his
password, he might, depending on the inner logics, be confused with the
user B.

Due to this problem, I decided that the select_field was kind of
obrigatory after the hotspot.

Bráulio Bhavamitra escreveu isso ai:
> Nice aurium, I like your solution. I would just propose to use a list of
> named_scope instead of fields
> 
> 
> On Tue, Nov 5, 2013 at 2:48 PM, "Aurélio A. Heckert" <
> aurelio at colivre.coop.br> wrote:
> 
> >  I like Daniel's code.
> >
> > We can improve it, by allowing the admin to set the profiles table
> > columns to make the search.
> >
> > env.recover_passwd_columns = ['login', 'email', 'usp_id']
> > ...
> > condition_columns = env.recover_passwd_columns.map{|c| c+'=?' }.join(' OR
> > ')
> > conditions = ["environment_id = ? AND (#{condition_columns})",
> > environment_id]
> > env.recover_passwd_columns.length.times{ conditions << login }
> > User.first :conditions => conditions
> >
> > That will do the same search proposed by Daniel, but the admin can set any
> > collection of columns to find the user.
> >
> > All the problem with this example is: the "usp_id" is not a profilestable column.
> > Someone can do a clever code arround or we must consider Hstore to solve
> > all mankind problems. :-)
> > http://noosfero.org/Development/Hstore
> >
> >
> > Em 05-11-2013 13:05, daniel tygel escreveu:
> >
> > Hi Ewout and Caio,
> >
> > I already made a code for that. I don't see any problem to have the search
> > in the database look in email and user (with an OR). If it finds the data,
> > then it retrieves the information.
> >
> > My code doing that was here:
> >
> >   def self.find_by_login_or_email_and_environment_id(login, environment_id = nil)
> >
> >   +    environment_id ||= Environment.default.id
> >
> >   +    User.first :conditions => ['(login = ? OR email = ?) AND environment_id = ?', login, login, environment_id]
> >
> >   +  end
> >
> >
> >
> > https://github.com/dtygel/noosfero-ecosol/commit/eda29513d8fc1189fe3cac5586b3cb9195d16eee
> >
> > In the code above, plase ignore all the thousands changes in the .po
> > files. It was because I did what was told me to do (a script that messed up
> > all my po files).
> >
> > I see no need to check if the e-mail is well formatted or the username is
> > well formatted. If noosfero finds the user OR e-mail, than it sends the
> > message. If not, it echoes an error message, which can be made better,
> > explaining the user that he/she should be careful on which field he/she
> > remembers and wants to use to retrieve the password.
> >
> > thank you,
> >
> > daniel
> >
> >
> > Em 05-11-2013 09:47, Caio Tiago Oliveira escreveu:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On 11/04/2013 08:51 PM, Ewout ter Haar wrote:
> >
> >  Maybe this URL clarifies the context: http://alpha.colivre.coop.br/account/forgot_password
> >
> > The question is, what would be a good replacement for what we have
> > now : "Field"
> >
> >  Another option would be to have two different pages for that, one for
> > "Forgot password" and another for "Forgot user", with the field asking
> > for user and email, respectively.
> >
> > Asking for both on the same field is a bit harder to develop, but it
> > would be easier for the user.
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.22 (GNU/Linux)
> > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> >
> > iQIcBAEBAgAGBQJSeRMGAAoJEMzgGcmGlt4B8sgQAJAtNui8cy90m9/+XoKVylnX
> > /2NbyjDJdCeWFJWsaKKU0Ir4X7keaaVjXapfgnCTj7DWmyovVkMdH+l+XM3Wq0JP
> > 991yVI3WQDYCZUSAfIKWpWor4UNh7MKz34InH6olAQlm1onY3TfcIQf/V6WtcjxS
> > KKMKSMEWnGrawcnt0lkeYGNSGiZSVBjFVpZkme9aUD0jEjHXr4X2sC/I2tLWyZo5
> > 81Q4aN09tjemfSrdoCm4KCd+HcjJxg5/2sqHcZ10nnrEHxsRsmlJkOIYbUvrRaiJ
> > PxuSKh73DTcB819ZA8+3t1qdhqmS2A0RiKPaQYCBgCg3oFhSR6sMXny63iOt3izy
> > vafMmeHWp9lCIhpYVa5WiVGohqspdPeL6NffrECZ5ymchYvKHJ/hsRs7dB0jTlOo
> > ihvrqe0k35e4kjW+Tk/Y+/TK2Yr06MBU1YYerqdrMBI6hTehId7rx+DNydgADqxo
> > Jp7bn5IiJpr1b7DRKzR6D3qWBWTL2AYgMjOn/Br4E3ldprq9JywBGk9G8HotHmnp
> > Q9jtynLxW4REw5CIoZndzBd9f/9E0YjP+V24bCAghU0fgq229E5eE9UKLy+OWjFi
> > uGsluvpuOSVShcWt8DDMDmFpvV96QopIxLyQchDNmJVMdtcJa9PESqoj4/Q1+dBv
> > iQpiIjL0Ui3PHiU4+ZeM
> > =Oamd
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > Noosfero-dev mailing listNoosfero-dev at listas.softwarelivre.orghttp://listas.softwarelivre.org/cgi-bin/mailman/listinfo/noosfero-dev
> >
> >
> > --
> > (_.-~*´¨¯¨`*·~-.,-( •_•)-,.-~*´¨¯¨`*·~-._)
> >           .
> >     ,-. . |- ,-.          Educação,
> >     |-' | |  ,-|          Informação e
> >     `-' ' `' `-^          Tecnologia para
> >  http://eita.org.br       Autogestão
> >
> > (_.-~*´¨¯¨`*·~-.,-( •_•)-,.-~*´¨¯¨`*·~-._)
> >
> >
> >
> > _______________________________________________
> > Noosfero-dev mailing listNoosfero-dev at listas.softwarelivre.orghttp://listas.softwarelivre.org/cgi-bin/mailman/listinfo/noosfero-dev
> >
> >
> >
> > --
> >
> > *Aurélio A. Heckert (aka Aurium)*
> > http://softwarelivre.org/aurium
> > *COLIVRE — Coop. de Tecnologias Livres*
> > http://colivre.coop.br
> >
> > *Inkscape* — Desenhe Livremente
> > http://inkscapeBrasil.org
> >
> > _______________________________________________
> > Noosfero-dev mailing list
> > Noosfero-dev at listas.softwarelivre.org
> > http://listas.softwarelivre.org/cgi-bin/mailman/listinfo/noosfero-dev
> >
> >
> 
> 
> -- 
> "Lute pela sua ideologia. Seja um com sua ideologia. Viva pela sua
> ideologia. Morra por sua ideologia" P.R. Sarkar
> 
> EITA - Educação, Informação e Tecnologias para Autogestão
> http://cirandas.net/brauliobo
> http://eita.org.br
> 
> "Paramapurusha é meu pai e Parama Prakriti é minha mãe. O universo é meu
> lar e todos nós somos cidadãos deste cosmo. Este universo é a imaginação da
> Mente Macrocósmica, e todas as entidades estão sendo criadas, preservadas e
> destruídas nas fases de extroversão e introversão do fluxo imaginativo
> cósmico. No âmbito pessoal, quando uma pessoa imagina algo em sua mente,
> naquele momento, essa pessoa é a única proprietária daquilo que ela
> imagina, e ninguém mais. Quando um ser humano criado mentalmente caminha
> por um milharal também imaginado, a pessoa imaginada não é a propriedade
> desse milharal, pois ele pertence ao indivíduo que o está imaginando. Este
> universo foi criado na imaginação de Brahma, a Entidade Suprema, por isso
> a propriedade deste universo é de Brahma, e não dos microcosmos que também
> foram criados pela imaginação de Brahma. Nenhuma propriedade deste mundo,
> mutável ou imutável, pertence a um indivíduo em particular; tudo é o
> patrimônio comum de todos."
> Restante do texto em
> http://cirandas.net/brauliobo/blog/a-problematica-de-hoje-em-dia

> _______________________________________________
> Noosfero-dev mailing list
> Noosfero-dev at listas.softwarelivre.org
> http://listas.softwarelivre.org/cgi-bin/mailman/listinfo/noosfero-dev

-- 
Rodrigo Souto <rodrigo at colivre.coop.br> :: 55 71 8131-7714
Colivre - Cooperativa de Tecnologias Livres
http://www.colivre.coop.br/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20131105/8ae535b2/attachment.pgp>