incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrea Pescetti <>
Subject Re: (Draft) Email forwarding public announcement
Date Fri, 09 Dec 2011 09:03:32 GMT
Rob Weir wrote:
> On Thu, Dec 8, 2011 at 5:02 PM, Andrea Pescetti<pescetti@...>  wrote:
>> This means that extension publishers can be contacted only through their
>> address; the first thing to do in the possible future clones
>> of the Extensions and Templates site would thus be to disable the
>> single-sign-on (unfortunately) and send out password reset links before the
>> addresses and the single-sign-on expire, otherwise extension
>> publishers will lose access to the website.
> A password reset doesn't fix it.    We need users to specify a
> different email address, right?  Is that even possible?  Does the app
> have a separate user-id and email address field?  Or does it assume
> they are always the same?

I was skipping some steps. Again, I don't have access to the code, but 
the standard way of implementing in Drupal what the Extensions site does 
would be:
- All passwords are validated on the OOo single-sign-on in Kenai
- Upon successful validation, a local user is created on the Extensions 
site (i.e., after I login correctly as pescetti@ooo the user "pescetti" 
is created on the Extensions site, with e-mail set to pescetti@ooo; of 
course this is only done at the first login).
- I assume that passwords are not stored in the local database, since 
anyway they are always validated on the single-sign-on. But other user 
data are persistent.

Steps to do would thus be:

1) Disconnect Extensions from single-sign-on ; all users will still be 
there, but we only have their e-mail address; so user 
"pescetti" will still exist, with the e-mail field set to pescetti@ooo 
and the password set to something meaningless.

2) Send a password reset link to all users; this will be notified to 
them through their address and would include information 
on how to reset both the password and the e-mail address; possibly, the 
form validation would forbid to leave the e-mail address set to

3) People will then be able to login with the username they are using 
now (like "pescetti") and the new password.

This can only be done until addresses are in place.

As asked by Dave, I'll send a link to this thread in the one where Gavin 
is discussing migration, so it doesn't get lost.


View raw message