View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004205 | Composr | welcome_emails | public | 2020-04-24 03:36 | 2020-04-24 06:13 |
| Reporter | Chris Graham | Assigned To | |||
| Severity | Feature-request | ||||
| Status | non-assigned | Resolution | open | ||
| Product Version | |||||
| Fixed in Version | |||||
| Summary | 0004205: Add temporary_plain password compatibility scheme | ||||
| Description | We support 'temporary' (forced-to-change) passwords and 'plain' (non-hashed) passwords, but we don't support the combination together. The combination has a use for people setting up new accounts and wanting to reference the password in an immediate welcome e-mail. This is what we would need to do: 1) Make sure any code referencing 'temporary' also supports 'temporary_plain'. 2) Make sure any code referencing 'plain' also supports 'temporary_plain'. 3) If the hidden 'no_password_hashing' option is set, the add-new-member form should create a 'temporary_plain' member not a 'temporary' member if the 'Force temporary password' checkbox is ticked (checked). 4) Add a new 'added_accounts_password_compat_scheme' hidden option for setting the default for, or hiding, the aforementioned checkbox (so the admin can ensure that all new accounts are temporary [or not]). It should take these possible values: i) '' for showing the checkbox defaulted to unticked (unchecked) ii) 'default_temporary' for showing the checkbox defaulted to ticked (checked) iii) 'default_temporary_plain' for the above, but behind-the-scenes it sets 'temporary_plain' not 'temporary' iv) 'force_standard' for not showing the checkbox and forcing the standard ('') hashed password scheme v) 'force_temporary' for not showing the checkbox and forcing the 'temporary' password scheme vi) 'force_temporary_plain' for not showing the checkbox and forcing the 'temporary_plain' password scheme If this is all done right, the webmaster will be able to: a) Set the new 'added_accounts_password_compat_scheme' hidden option to 'force_temporary_plain' to force new manually added accounts to have 'temporary_plain' passwords b) Set a welcome e-mail to include something like this in the text... \{+START,IF,\{$EQ,{m_password_compat_scheme},temporary_plain\}\}Your temporary password is: \{m_pass_hash_salted\}\{+END\} (the slashes are needed to defer Tempcode parsing until after the variable substitution happens, necessary for Tempcode checks to work upon that data) The above would need testing as a part of this issue. | ||||
| Additional Information | See https://compo.sr/forum/topicview/browse/designing/help-with-account.htm?post_id=6591&topic_id=1712×tamp=1587700593&redirected=1#post_6591 | ||||
| Tags | No tags attached. | ||||
| Time estimation (hours) | 1.5 | ||||
| Sponsorship open | Open | ||||
| related to | 0004206 | resolved | Chris Graham | Support for sending an e-mail when you add a member manually |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-04-24 03:36 | Chris Graham | New Issue | |
| 2020-04-24 03:36 | Chris Graham | Category | content_reviews => welcome_emails |
| 2020-04-24 03:36 | Chris Graham | Sponsorship open | Open => Open |
| 2020-04-24 03:46 | Chris Graham | Description Updated | View Revisions |
| 2020-04-24 03:46 | Chris Graham | Sponsorship open | Open => Open |
| 2020-04-24 04:00 | Chris Graham | Additional Information Updated | View Revisions |
| 2020-04-24 04:00 | Chris Graham | Sponsorship open | Open => Open |
| 2020-04-24 04:02 | Chris Graham | Relationship added | related to 0004206 |
