Summary

The forgotpwd cube provides an easy way to generate a new password for a user, e.g. the common I forgot my password functionality.

It is unobtrusive and easy to plug in.

Usage

This cube creates a new entity type called Fpasswd. This is an internal entity: managers and users can't read/delete or modify this kind of entity.

The workflow for password recovery is defined below :

  1. ask for a new password, the user must have a valid primary email address associated to his account.

  2. An email has been sent. This email contains a generated URL associated to a user. This link is valid during a short period of time. This duration can be configured in the all-in-one.conf file:

    [FORGOTPWD]
    revocation-limit=30 # minutes
    
  3. If the link is valid, the user can change his password in a new form.

There is an automatic task that periodically deletes all old Fpasswd entities which are stored in the database. This task is started at the launch of the application.

source repositorycubicweb-forgotpwd repository
test environmentforgotpwd env
owned byadimascio
may be discussed on<not specified>
use license<not specified>