Forgot your password?
New user?
Document Actions
Password Reset Tool
Category: Auth and User Management
—
Other products by this author
Current release: Password Reset Tool 1.1
Released Mar 26, 2008 — tested with Plone 3.1, Plone 3.0
Minor bugfix release.
Experimental releases
There are no experimental releases available at the moment.
Project Description
- Project resources
Documentation
Releases
Issue tracker
Code repositoryThe Password Reset Tool hooks into the standard mechanisms for password mailing provided by the CMF in the Registration Tool and certain skins and replaces this with a facility for resetting passwords with email authentication.
This is useful not only to keep passwords out of cleartext email and is absolutely necessary if you choose to encrypt your passwords (and you should.)
Note, of course, that you must have a working MailHost to send email!
This tool has been made with customization in mind. There are several customization points in the code that should allow you to change certain policies simply by subclassing the tool and overriding one or two methods.
The Password Reset Sequence from the User's Point of View
The user will observe the following steps.
- User forgets a password and
- clicks "Forgot your password?", which
- goes to a form that asks for a username. User fills this in and clicks a button to proceed, which
- goes to a form explaining that an email has been sent.
- User receieves an email with a URL containing a random, unguessable key and opens it in a web browser.
- This is a form that asks for username and password, which goes to
- a form reporting success (or failure, if expired or illegitimate.)
