[feature-proposal] Forgot password improvements
Antonio Terceiro
terceiro at colivre.coop.br
Wed Nov 6 17:51:55 BRST 2013
On Wed, Nov 06, 2013 at 04:10:47PM -0300, Rodrigo Souto wrote:
> Aurelio Heckert escreveu isso ai:
> > Em 05-11-2013 19:45, Ewout ter Haar escreveu:
> > >On Tue, Nov 5, 2013 at 7:46 PM, Rodrigo Souto <rodrigo at colivre.coop.br> wrote:
> > >
> > >>The user A has a cpf 123 and the user B as an rg 123. There is the
> > >>plugin X that includes de verification by cpf and the plugin Y that
> > >>includes the verification on rg. When the user A try to recover his
> > >>password, he might, depending on the inner logics, be confused with the
> > >>user B.
> > Right! This is a big problem, but my proposal is to let the admin to
> > select the search columns. We can believe the human eye will not
> > make the conflict as the blind plugins... or not. :-p
>
> I don't see how this solves the problem. I have plugin X and Y on my
> environment and they inevitably conflict with each other (rg and cpf).
> The admin would just remove one plugin's field from the search
> regardless the fact that he might want people to recover their password
> by both fields?
>
> > >If the logic than sends two reset-emails, one to user A and one to
> > >user B, the worst that can happen is that user B will be annoyed, or
> > >confused.
>
> No, in fact the user B would change the password of the user A.
only if the password recovery is not adjusted to avoid doing such a stupid thing
something like this should be enough:
users = User.find_by_whatever_criteria
users.each do |user|
user.send_password_recovery_email
end
i.e. each user would receive password recovery instructions that are
_specific_ to their own account, instead of sending the same password
recovery instructions for different users.
--
Antonio Terceiro <terceiro at colivre.coop.br>
Colivre - Cooperativa de Tecnologias Livres
http://www.colivre.coop.br/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20131106/8b709985/attachment-0001.pgp>
More information about the Noosfero-dev
mailing list