Opened 7 years ago

Last modified 7 years ago

#4907 assigned Feature/Enhancement Request

Email field for password reset for all email accounts in red

Reported by: https://id.mayfirst.org/ross Owned by: https://id.mayfirst.org/ross
Priority: Medium Component: Tech
Keywords: red default-email Cc: jamie@…
Sensitive: no

Description

Having worked with the current system for creating email accounts, it has become clear that there should be a way for individual users to add an email address for password resets. While this shouldn't be a requirement, it would be helpful for managing passwords for hosting orders with many email accounts.

The workflow:

On password reset, red checks to see if a default email address has been entered into the database associated with the user. If it has, red sends an email to that user instead of the primary contact of the member.

I will take a stab at implementing this with jamie's help (scheduled for sometime next Thursday).

~/ross

Change History (5)

comment:1 Changed 7 years ago by https://id.mayfirst.org/ross

  • Status changed from new to assigned

We decided at the last face 2 face that email addresses are likely not an agreeable solution to the problem. However, we did not work out what an acceptable solution is for password resets.

comment:2 Changed 7 years ago by https://id.mayfirst.org/jamie

I think we are down to two options:

  • alt-email: Each user account can specify one or more email addresses that will be used to send a password reset link. The advantage of this approach is that it is easy for users. The disadvantage is that it compromises our security. If people put their gmail account they are effectively providing gmail access to their account.
  • alt-user-account: Each user account can specify one or more MFPL user accounts that may reset their password. This creates a higher bar for MFPL members - but it also produces a useful social dynamic by encouraging intra MFPL collaboration.

The general coding infrastructure for both is somewhat similar, leading me to think we could start building the more security-conservative "alt-user-account" approach. We can later re-code to use email addresses if we decide.

jamie

comment:3 Changed 7 years ago by https://id.mayfirst.org/ross

  • Keywords f2f added

comment:4 Changed 7 years ago by https://id.mayfirst.org/jamie

We did more thinking through on how this could work.

Users can designate zero or more MFPL user accounts that have permission to reset their passwords via the control panel (their "buddies"). If a user specifies a user account that doesn't exist, they get an error message. Otherwise, they are given a firm confirmation message. The user has a list of their buddies. They can add or delete buddies at any time.

When a user who has made such a designation loses their password, they contact any of their buddies. They ask their buddy to login to the control panel and click on the a link that says: reset password for buddy (or something like that). The buddy is not provided with a list of user accounts that they can reset. Instead, they have to correctly type the user account's login (we don't want to enumerate the list of user accounts to avoid having one compromised account be able to compromise other ones).

If they type in a user account that they have been designated a buddy of... they get a reset link.

jamie

comment:5 Changed 7 years ago by https://id.mayfirst.org/joseph

  • Keywords f2f removed

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.