On Tue, Mar 21, 2017 at 1:34 AM, Omindu Rathnaweera <[email protected]> wrote:
> +1 for using HTML mail templates. But do we have to consider mail clients > which doesn't support HTML ? If so, either the endpoint which accepts the > confirmation code should work for both GETs and POSTs or we have to use a > different approach to enter the confirmation code. Ex: a prompt to enter > the code. > I think we need to support both HTML based and non HTML based mail clients. Also password reset page we should support both GET and POST to cater this (email link and button submit). Also for non html emails, we can change the email template to send the confirmation code in body or URL, depending on system preference. In that case page returned from the given link should support both cases as below, - if confirmation code comes in url as query parameter, validate it and proceed to reset step. - otherwise prompt input field for user to fill the confirmation code that is sent in the email body, validate and proceed to reset step On Tue, Mar 21, 2017 at 12:33 PM, Dinali Dabarera <[email protected]> wrote: > We are not going to lock the user since we use a random password when > storing the user in DB and it will be over written by the user password > update. Why do we need a password at all, can't we create a user without a password? Is there any such restriction? Thanks! -Ayesha -- *Ayesha Dissanayaka* Senior Software Engineer, WSO2, Inc : http://wso2.com <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> 20, Palm grove Avenue, Colombo 3 E-Mail: [email protected] <[email protected]>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
