#4205 - Add temporary_plain password compatibility scheme
-
By Chris Graham
- Added
- 2 views
| Identifier | #4205 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | Add temporary_plain password compatibility scheme |
| Status | Open |
| Handling member | Deleted |
| Addon | welcome_emails |
| Description | We support 'temporary' (forced-to-change) passwords and 'plain' (non-hashed) passwords, but we don't support the combination together.
The combination has a use for people setting up new accounts and wanting to reference the password in an immediate welcome e-mail. This is what we would need to do: 1) Make sure any code referencing 'temporary' also supports 'temporary_plain'. 2) Make sure any code referencing 'plain' also supports 'temporary_plain'. 3) If the hidden 'no_password_hashing' option is set, the add-new-member form should create a 'temporary_plain' member not a 'temporary' member if the 'Force temporary password' checkbox is ticked (checked). 4) Add a new 'added_accounts_password_compat_scheme' hidden option for setting the default for, or hiding, the aforementioned checkbox (so the admin can ensure that all new accounts are temporary [or not]). It should take these possible values: i) '' for showing the checkbox defaulted to unticked (unchecked) ii) 'default_temporary' for showing the checkbox defaulted to ticked (checked) iii) 'default_temporary_plain' for the above, but behind-the-scenes it sets 'temporary_plain' not 'temporary' iv) 'force_standard' for not showing the checkbox and forcing the standard ('') hashed password scheme v) 'force_temporary' for not showing the checkbox and forcing the 'temporary' password scheme vi) 'force_temporary_plain' for not showing the checkbox and forcing the 'temporary_plain' password scheme If this is all done right, the webmaster will be able to: a) Set the new 'added_accounts_password_compat_scheme' hidden option to 'force_temporary_plain' to force new manually added accounts to have 'temporary_plain' passwords b) Set a welcome e-mail to include something like this in the text... \{+START,IF,\{$EQ,{m_password_compat_scheme},temporary_plain\}\}Your temporary password is: \{m_pass_hash_salted\}\{+END\} (the slashes are needed to defer Tempcode parsing until after the variable substitution happens, necessary for Tempcode checks to work upon that data) The above would need testing as a part of this issue. |
| Steps to reproduce | |
| Additional information | See https://compo.sr/forum/topicview/browse/designing/help-with-account.htm?post_id=6591&topic_id=1712×tamp=1587700593&redirected=1#post_6591 |
| Related to | #4206 - Support for sending an e-mail when you add a member manually |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
There have been no comments yet