[feature-proposal] Forgot password improvements
Ewout ter Haar
ewout at usp.br
Tue Nov 5 21:14:27 BRST 2013
On Tue, Nov 5, 2013 at 9:01 PM, "Aurélio A. Heckert" <
aurelio at colivre.coop.br> wrote:
> Em 05-11-2013 19:45, Ewout ter Haar escreveu:
>
> On Tue, Nov 5, 2013 at 7:46 PM, Rodrigo Souto <rodrigo at colivre.coop.br> <rodrigo at colivre.coop.br> wrote:
>
>
> The user A has a cpf 123 and the user B as an rg 123. There is the
> plugin X that includes de verification by cpf and the plugin Y that
> includes the verification on rg. When the user A try to recover his
> password, he might, depending on the inner logics, be confused with the
> user B.
>
> Right! This is a big problem, but my proposal is to let the admin to
> select the search columns. We can believe the human eye will not make the
> conflict as the blind plugins... or not. :-p
>
I would much rather permit all columns. If I store an id_number and CPF, I
would like to permit my users to recover their password with either one. In
any case, how can the admin know whether there could be conflict?
>
>
> If the logic than sends two reset-emails, one to user A and one to
> user B, the worst that can happen is that user B will be annoyed, or
> confused.
>
> With "User.first", only the first found will receive the e-mail.
>
So don't use User.first
>
>
> Maybe not too bad a price to pay for increased usability?
>
> We may write a note to the admin on the controller to set "
> env.recover_passwd_columns" to guarantee a safe and simple interface to
> the common user.
>
As I said, how can the admin know beforehand which columns may lead to
conflict?
Ewout
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20131105/03c72ec2/attachment.html>
More information about the Noosfero-dev
mailing list