incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carl Hagenmaier (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JSPWIKI-159) Getting an new password is only possible for one user per mail address
Date Tue, 07 Oct 2008 21:36:44 GMT

    [ https://issues.apache.org/jira/browse/JSPWIKI-159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12637662#action_12637662
] 

Carl Hagenmaier commented on JSPWIKI-159:
-----------------------------------------

I think the wikiName rather than the loginName is displayed in the edit history.  At least
that's how my local wiki seems to behave.  

A user "record" has seven variables, four of which are relevant here:
loginName, e.g., "carl" 
wikiName, e.g., "CarlHagenmaier" 
fullName, e.g., "Carl Hagenmaier" 
email, e.g., "carl@xxxx.com"

A user profile has three of these, omitting the wikiName, which is algorithmically generated
from the fullName.

Let's see if we can reverse engineer where each is used (and please correct me where I don't
have this correct):

loginName-- used for login; can be used in group definition and ACL; displayed only in profile
and not visible to other users
wikiName--can be used in group definition and ACL; displayed in lots of places and visible
to other users (e.g., page history)
fullName--can be used in group definition and ACL; displayed only in profile and not visible
to other users
email-- displayed only in profile and not visible to other users

I would propose the following:

Login credentials must be unique, not public.  They should be used for login, profile management
(including password reset), and any other activity related to user identity.

Display names must be unique and public.  They should be used for group management and ACL
but not for login, profile management, etc.



> Getting an new password is only possible for one user per mail address
> ----------------------------------------------------------------------
>
>                 Key: JSPWIKI-159
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-159
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication&Authorization
>            Reporter: Florian Holeczek
>
> If there's more than one user with a given email address, it's only possible for one
of these users to get a new password via email.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message