ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Brohl <michael.br...@ecomify.de>
Subject Re: improve workflow for request of password loss
Date Tue, 27 Feb 2018 15:13:44 GMT
Thanks Pierre,

I think we already have a Jira [1] for this and there are ongoing 
efforts to change this.

Please check if you like to add your proposal to the issue.

Thanks,

Michael Brohl
ecomify GmbH
www.ecomify.de


[1] https://issues.apache.org/jira/browse/OFBIZ-4361


Am 27.02.18 um 15:46 schrieb pierre.gaudin:
> I would like to make an evolution in the management of the request of 
> password loss.
>
> At present the stages are the following ones:
>   1 - Request of loss of password (by the user)
>   2 - Change of password by a temporary one (by the system)
>   3 - Send of an e-mail with a link to define a new password (by the 
> system)
>   4 - Set the new password (by the user)
>   5 - Recording of the new password (by the system)
>
> This workflow is problematic because the change of password is made as 
> soon as the person confirms the change of password (stage 2). It is 
> possible that the person who makes the change of password is not the 
> person associated with the account.
>
> Here is a proposal of modification of the workflow
>   1 - Request of loss of password (by the user)
>   2 - Recording of a request of lost of password associated with the 
> login (by the system)
>   3 - Send of an e-mail to confirm the request of change of password 
> with a link containing the reference of the request to change of 
> password (by the system)
>   4 - Connection of the user to the form to change the password and 
> seized with a new password (by the user)
>   5 - Check that the login and the request are associated
>   6 - Recording of the new password (by the system)
>
> What do you think about this change?
>
>
> Pierre
>



Mime
View raw message