Personal tools
You are here: Home Products Password Reset Tool
Document Actions

Password Reset Tool

RSS Feed Category: Auth and User Management — Other products by this author
If a Plone site stores passwords encrypted, it is not possible to use the "mail my password" feature to recover forgotten passwords: the user will be sent a big ugly string which will neither make sense nor work. Password Reset Tool changes this into a "reset my password" facility. This product is a must-have if you store passwords encrypted. Plone 2.5 and later include this functionality.

Current release: Password Reset Tool 1.1

Released Mar 26, 2008 — tested with Plone 3.1, Plone 3.0

Minor bugfix release.

List all releases… Full release announcement…

Get Password Reset Tool for all platforms (23.2 kB)

PasswordResetTool-1.1.tar.gz

Experimental releases

There are no experimental releases available at the moment.

Project Description

Password Reset Tool
Project resources

The Password Reset Tool hooks into the standard mechanisms for password mailing provided by the CMF in the Registration Tool and certain skins and replaces this with a facility for resetting passwords with email authentication.

This is useful not only to keep passwords out of cleartext email and is absolutely necessary if you choose to encrypt your passwords (and you should.)

Note, of course, that you must have a working MailHost to send email!

This tool has been made with customization in mind. There are several customization points in the code that should allow you to change certain policies simply by subclassing the tool and overriding one or two methods.

The Password Reset Sequence from the User's Point of View

The user will observe the following steps.

  • User forgets a password and
  • clicks "Forgot your password?", which
  • goes to a form that asks for a username. User fills this in and clicks a button to proceed, which
  • goes to a form explaining that an email has been sent.
  • User receieves an email with a URL containing a random, unguessable key and opens it in a web browser.
  • This is a form that asks for username and password, which goes to
  • a form reporting success (or failure, if expired or illegitimate.)
by J. Cameron Cooper last modified August 3, 2007 - 16:45

For any issues with the web site functionality, please file a ticket.

Please consult the policy on plone.org content if you want your content published on this site.

Servers and hosting by