Password Reset Tool

If a Plone site stores passwords encrypted, it is not possible to use the "mail my password" feature to recover forgotten passwords: the user will be sent a big ugly string which will neither make sense nor work. Password Reset Tool changes this into a "reset my password" facility. This product is a must-have if you store passwords encrypted. Plone 2.5 and later include this functionality.

Project Description

The Password Reset Tool hooks into the standard mechanisms for password mailing provided by the CMF in the Registration Tool and certain skins and replaces this with a facility for resetting passwords with email authentication.

This is useful not only to keep passwords out of cleartext email and is absolutely necessary if you choose to encrypt your passwords (and you should.)

Note, of course, that you must have a working MailHost to send email!

This tool has been made with customization in mind. There are several customization points in the code that should allow you to change certain policies simply by subclassing the tool and overriding one or two methods.

The Password Reset Sequence from the User's Point of View

The user will observe the following steps.

• User forgets a password and
• clicks "Forgot your password?", which
• goes to a form that asks for a username. User fills this in and clicks a button to proceed, which
• goes to a form explaining that an email has been sent.
• User receieves an email with a URL containing a random, unguessable key and opens it in a web browser.
• This is a form that asks for username and password, which goes to
• a form reporting success (or failure, if expired or illegitimate.)