Password Reset Tool
- Warning
- This product has not had a release in over 1 year and may no longer be maintained.
If a Plone site stores passwords encrypted, it is not possible to use the "mail my password" feature to recover forgotten passwords: the user will be sent a big ugly string which will neither make sense nor work. Password Reset Tool changes this into a "reset my password" facility. This product is a must-have if you store passwords encrypted. Plone 2.5 and later include this functionality.
Project Description
The Password Reset Tool hooks into the standard mechanisms for password mailing provided by the CMF in the Registration Tool and certain skins and replaces this with a facility for resetting passwords with email authentication.
This is useful not only to keep passwords out of cleartext email and is absolutely necessary if you choose to encrypt your passwords (and you should.)
Note, of course, that you must have a working MailHost to send email!
This tool has been made with customization in mind. There are several customization points in the code that should allow you to change certain policies simply by subclassing the tool and overriding one or two methods.
The Password Reset Sequence from the User's Point of View
The user will observe the following steps.
- User forgets a password and
- clicks "Forgot your password?", which
- goes to a form that asks for a username. User fills this in and clicks a button to proceed, which
- goes to a form explaining that an email has been sent.
- User receieves an email with a URL containing a random, unguessable key and opens it in a web browser.
- This is a form that asks for username and password, which goes to
- a form reporting success (or failure, if expired or illegitimate.)
Current Release
Password Reset Tool 1.1
Released Mar 26, 2008 — tested with Plone 3
Minor bugfix release.
More about this release…
-
Get
Password Reset Tool
for
all platforms
- PasswordResetTool-1.1.tar.gz
- If you are using Plone 3.2 or higher, you probably want to install this product with buildout. See our tutorial on installing add-on products with buildout for more information.
All Releases
| Version | Released | Description | Compatibility | Status |
|---|---|---|---|---|
| 1.1 | Mar 26, 2008 | Minor bugfix release. More about this release… |
Plone 3
|
final |
| 1.0 | Aug 15, 2007 | This is the Plone 3.0 compatible release of PasswordResetTool. Older Plone versions are no longer supported. More about this release… |
Plone 3
|
final |
| 0.4.4 | Oct 08, 2007 | A release with minor user interface tweaks and bugfixes More about this release… |
Plone 2.5
Plone 2.1
|
final |
| 0.4.3 | Apr 28, 2007 | A release with minor user interface tweaks and bugfixes More about this release… |
Plone 2.5
|
final |
| 0.4.1 | Sep 28, 2006 | This release fixes insufficient security checks on the password reset method. This potentially allowed a malicious person to reset any user's password. More about this release… |
Plone 2.1
Plone 3
Plone 2.5
Plone 2.1.4
Plone 2.5.1
Plone 2.1.1
Plone 2.1.2
Plone 2.1.3
|
final |
| 0.4 | Apr 18, 2006 | Bug fixes, added features, i18n markup (and translations in PloneTranslations) and more. More about this release… |
Plone 2.5
Plone 2.1.2
Plone 2.1.1
Plone 2.1
|
final |
| 0.3.0 | Oct 07, 2005 | The previous 0.3 release appears not to follow exactly the 0.3 SVN tag. This release does, and represents the latest development. More about this release… |
Plone 2.1
Plone 2.0.5
|
final |
| 0.3 | Jul 28, 2005 | This is the third release of PasswordResetTool. It has compatibility fixes, a few bugs fixes, and a few new features. Though the version number is low, this is a mature piece of software. Previous releases were made on the Sourceforge Collective project. More about this release… |
Plone 2.0.5
|
final |
