On 18/01/2017 14:13, Francesco Chicchiriccò wrote:
On 18/01/2017 11:59, Francesco Chicchiriccò wrote:
On 18/01/2017 11:38, Tech wrote:
Hello,
we faced something that could be a bug in version 2.0.1 and version
2.0.2.
We created a SecurityQuestion from the Admin interface and the user is
prompted to enter one during the creation of his account.
The SecurityQuestion is correctly stored into the DB.
We "forget" the password and we try to recover it using the interface,
but we cannot reset it.
This is happening both for existing and new users.
Could you please double-check?
I assume you have already checked
https://syncope.apache.org/docs/reference-guide.html#password-reset
to understand how the password reset process is expected to work.
A fundamental part for the outlined procedure to be effective, is to
have the notifications in place; see
https://syncope.apache.org/docs/reference-guide.html#e-mail-configuration
for details.
After that user has provided the correct answer to security question
via EndUser UI, a notification e-mail based on the
'requestPasswordReset' template is sent; as you can see from the
template, an URL for accessing the EndUser UI (containing the unique
token generated for such request) is contained in the e-mail.
Once clicked there, the process can continue with input of the new
password value.
Finally, another notification e-mail based on the
'confirmPasswordReset' template is sent out.
FYI I have updated the password reset information with the further
comments above; see
https://ci.apache.org/projects/syncope/reference-guide.html#password-reset
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
