[feature-proposal] Forgot password improvements

Caio Tiago Oliveira caiotiago at colivre.coop.br
Tue Nov 5 23:37:58 BRST 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/05/2013 08:14 PM, Ewout ter Haar wrote:
> Right! This is a big problem, but my proposal is to let the admin
> to select the search columns. We can believe the human eye will
> not make the conflict as the blind plugins... or not. :-p
> 
> 
> I would much rather permit all columns. If I store an id_number and
> CPF, I would like to permit my users to recover their password with
> either one. In any case, how can the admin know whether there could
> be conflict?

One must simple validate the union of the domains to be uniquely
validated. For instance, using CPF, email and username (restricted to
not start with number wither contain an @), their intersection is in
empty and you could always check which field are you referring to when
validating.

RG is also validated, but each emissor has its own schema[1] and it
would be possible to have an RG to collide with a CPF. But you must be
aware that one always could use an internal ID number equal to a valid
CPF or RG.

>> If the logic than sends two reset-emails, one to user A and one
>> to user B, the worst that can happen is that user B will be
>> annoyed, or confused.
> With "User.first", only the first found will receive the e-mail.
> 
> 
> So don't use User.first

If the intersection is not empty (the sets aren't disjoint), the only
way to avoid sending multiple emails in case of conflicts is to ask
for the combination of field and value.



1 - each SSP has one and there are other emissors in Brasil, for
example the armed forces.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSeZ12AAoJEMzgGcmGlt4B6Y0QAIVNdhwrhl9ouesWAWK9lzcT
wMTuNSsDpGokMmXDU9Atc+XpPD6Ak83vE0Dk78bEEn9hN9lTGiwzby3AtGuRzU27
oO42je88Vcu0UKYrn6220UhGwc2eV8TvktHEQayanPqUDrYe++VML+cZIXZvUrjp
vkSF/i/BFAMyRXAdX+VF7AXrr6jcOJ5uq/cMA108a9DoF2+/w9KbuZyJ159kOBJ3
L3AbxFiC8BNH76K6By7HBZuBz9n2dzV7nM+plyoNsPqZIFSPqH7gBSDExrYUwuoJ
TbpkaW/gO5ZknUZ714CnZq1gmGFcvIsIIZ4hwSIExECeAJe7yc1hdqCEsRocIqb0
+jhzNXpaZIZ63ePIfwk105yETvdfC8Pk7c3Cmu583ZEZVmLA1vNuy6yXES3usBxr
FElbPSCNyHZjxLPKiJoqLgbXl+ewros1lGSUn5eqn6XODu1G3Zf0fIz+/z1IPnJ8
j/zz1QAc+cBsWMBQH02nDGWQuo4I+0+8zb4u8keQJbPXSNDFwKmkvmokIFGOgM7p
S65CGD6EPNtsJNWGOMaD8KYRzznQrh2+PGyGDKeJ8wKGfYbLPvGed8yTLPudTpYV
cnc5c7fu34vQ7g/NsPUk5eoL5xRWOV1ORXjq4bRYNyZWJ1/kOcI7JTrj5Rr8CwAN
67P0rL7u24YlBHNhypiy
=3CvN
-----END PGP SIGNATURE-----

More information about the Noosfero-dev mailing list