Hi, Just to clarify,
Let's say admin types an email address. For some reason he misses a character or two. And still let's say that email is a valid email of some one. Then when we add the user, an email will be sent to that mail adress. Even though that is not the intended user. If that unknown user clicks the link he can reset the password in and login to the user portal rit? This can be a rare situuation. Is this a scenario we should be concerned of? or is it already handled in some layer? Thanks On Tue, Mar 21, 2017 at 12:33 PM, Dinali Dabarera <[email protected]> wrote: > Hi, > > For the above-mentioned scenario, > > - We are going to send the link of the default password reset page to > the user, with that we will send a random generated code to identify the > user, and it will expire after a given time period. > - We are not going to lock the user since we use a random password > when storing the user in DB and it will be over written by the user > password update. > - As Sagara mentioned, we will add meaning full sentences in the UI so > that user experience will increase. > > Thanks. > > On Tue, Mar 21, 2017 at 10:07 AM, Godwin Shrimal <[email protected]> wrote: > >> Correction >> >> 1. As Isura mentioned we don't need to lock the account since we are >> creating the user with random password no one knows it. >> >> On Tue, Mar 21, 2017 at 10:06 AM, Godwin Shrimal <[email protected]> wrote: >> >>> Hi Dinali, >>> >>> Please see my feedback below. >>> >>> 1. As Isura mentioned we don't to lock the account since we are creating >>> the user with random password on one knows it. >>> 2. Can't we use name User store (or what ever the term use in C5) other >>> than Domain, its not user friendly and end users will not aware what is >>> Domain. >>> 3. I guess combo box with available option is not user friendly and what >>> about having option buttons which shows available options at once to user ? >>> >>> >>> Thanks >>> Godwin >>> >>> >>> On Mon, Mar 20, 2017 at 5:53 PM, Dinali Dabarera <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> I am going to implement User Onboarding - Ask Password with email >>>> verification according to the User story [1].The wire-frame given by the UX >>>> team is [2]. >>>> >>>> According to these, >>>> >>>> *In admin side,* >>>> >>>> - The admin creates a user and put his email and click on Add user. >>>> - Then an email is sent to the user's given email address. >>>> - The admin will redirect to the List user page. >>>> >>>> *In users side*, >>>> >>>> - The user will get a link to set a password. >>>> - The User can click on it and add a password. >>>> >>>> *There are two main concerns that am bothering about,* >>>> >>>> 1. *When the user clicks the link, I think we can redirect to the >>>> change password page in user portal. Is this fine or Do we need to use a >>>> custom page for that?* >>>> 2. *I think we need to lock the account of that user Until he adds >>>> a password. Is this necessary?* >>>> >>>> >>>> [1] https://redmine.wso2.com/issues/5749 >>>> [2]https://github.com/wso2-dev-ux/product-is/blob/master/Wir >>>> eframes/admin-portal/v3/3.5%20Add%20user%20with%20email%20ve >>>> rification.png >>>> >>>> Thank you! >>>> >>>> -- >>>> *Dinali Rosemin Dabarera* >>>> Software Engineer >>>> WSO2 Lanka (pvt) Ltd. >>>> Web: http://wso2.com/ >>>> Email : [email protected] >>>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >>>> Mobile: +94770198933 <+94%2077%20019%208933> >>>> >>>> >>>> >>>> >>>> <https://lk.linkedin.com/in/dinalidabarera> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> *Godwin Amila Shrimal* >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94772264165* >>> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >>> twitter: https://twitter.com/godwinamila >>> <http://wso2.com/signature> >>> >> >> >> >> -- >> *Godwin Amila Shrimal* >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> mobile: *+94772264165* >> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >> twitter: https://twitter.com/godwinamila >> <http://wso2.com/signature> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > *Dinali Rosemin Dabarera* > Software Engineer > WSO2 Lanka (pvt) Ltd. > Web: http://wso2.com/ > Email : [email protected] > LinkedIn <https://lk.linkedin.com/in/dinalidabarera> > Mobile: +94770198933 <+94%2077%20019%208933> > > > > > <https://lk.linkedin.com/in/dinalidabarera> > > > > > > > > > > > > > > -- Denuwanthi De Silva Senior Software Engineer; WSO2 Inc.; http://wso2.com, Email: [email protected] Blog: https://denuwanthi.wordpress.com/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
