Products.PasswordResetTool is a Plone product that hooks into the standard mechanisms for password mailing provided by the CMF in the Registration Tool and certain skins and replaces this with a facility for resetting passwords with email authentication.
This is useful not only to keep passwords out of cleartext email and is absolutely necessary if you choose to encrypt your passwords (and you should.)
See the INSTALL.txt file for details on installation, and the LICENSE.txt file for the license this Product is under.
Note, of course, that you must have a working MailHost to send email!
The Password Reset Sequence from the User's Point of View
The user will observe the following steps.
* User forgets a password and
* clicks "Forgot your password?", which
* goes to a form that asks for a username. User fills this in and clicks a button to proceed, which
* goes to a form explaining that an email has been sent.
* User receives an email with a URL containing a random, unguessable key and opens it in a web browser.
* This is a form that asks for username and password, which goes to
* a form reporting success (or failure, if expired or illegitimate.)
Configuration of the tool is done through the 'Overview' page in the ZMI. The options are explained there.
Reset requests are stored in a persistent dictionary in the tool. Removing the tool or uninstalling the product will destroy all reset requests.
A facility for clearing expired requests is not yet provided. It will be in the next release. This should be used occasionally to clear out the storage. A cron script using 'wget' or 'curl' (or the Windows equivalent) to automate the procedure is suggested.
* You can turn username entry off, if you so desire, as this will streamline the process. You SHOULD NOT DO THIS if you are concerned about account security. Not requiring re-entry of the user name allows trivial email-sniffing attacks and makes brute-forcing of the reset request keys possible (if unlikely). Only private portals should even consider this.
* The URL for the confirmation visit now uses traversal-style URL parameters to encode the key. The old get-parameter paths will still work, so don't worry about password reset request performed before an upgrade
The traversal_subpath urls (like passwordreset/123lkj43508) are now the default. If you like the old style, you'll have to modify the skins yourself.
* This tool replaces the built-in password mailing feature. This means that the first half of a "forgotten password transaction" depends on skin names set in CMF code.
However, it can be made independent, if you so desire. Simply provide an equivalent to:
o 'mail_password_form': Asks for your username, and provides instructions as to what's to come.
o 'mail_password': Receives the request from mail_password_form, calls 'requestReset' on the tool, and sends a message with the return URL however you care to construct it (usually in 'pwreset_constructURL', which depends on what the equivalent to 'passwordreset' is named.) Returns the equivalent of 'mail_password_response'.
o 'mail_password_template': Provides the text of the email.
o 'mail_password_response': Informs that the mail has been sent. Naturally, the methods and templates on the other side will need to be migrated over or have equivalents made as well. If outside the CMF, certain source changes will also be needed, such as overriding 'getValidUser'.
* This tool has been made with customization in mind. There are several customization points in the code that should allow you to change certain policies simply by subclassing the tool and overriding one or two methods.
What's New in This Release: [ read full changelog ]
· Be less sensitive for white space differences in tests. [maurits]
Download and use it now: Products.PasswordResetTool 2.0.8 free download
Related programsOur Recommendations
Zarafa is an application that allows you to easily share your Outlook calendars and email, evenDownload
collective.buildbot is a Plone product that provides a set of zc.buildout recipes that make it easyDownload
datastore is a simple, unified API for multiple data stores.datastore is a generic layer ofDownload
Folderview Screenlet is a GNOME dekstop widget designed to work like KDE4's folderviewDownload
Zence is a small program written in Postscript that generates random text.Word morphology and theDownload
Haze theme for Google Chrome browser that fits most resolutions.About Google ChromeGoogle Chrome isDownload
Nerdy Lines theme is based on the Kreski Lines icon theme. The main problem was that the originalDownload
Doget is a simple Python + GTK application like MemoBlock.Product's homepageHere are some keyDownload
Messa is an instant messager client and server. The client has a curses interface and works on theDownload
Top Downloadslast week
1. Phorum 5.2.17
2. DRBGuestbook 1.1.27
3. xVideoServiceThief 2.5.1
4. BitNami Tiki Wiki CMS Groupware Stack 12.0-1
5. Phoenix 1.7.5
6. Image Tools 1.0.7
7. shrink 1.0
8. One Piece Theme 1
9. Snort::Rule 1.07
10. Cryosleep 0.2