Hi All, Are we planning to implement the account locking feature for 3.0.0 release? Since we had this in 2.5/2.2 and this is a feature that we always suggest to enable in order to eliminate some of the security threats (ie: Password guessing attacks). If we are going to implement 'forgot password' feature, its better to consider implementing this as well. WDYT?
On Tue, Aug 21, 2018 at 4:44 AM, Nuwan Dias <[email protected]> wrote: > I don't think we should decide the priority of the feature based on how > easy it is to implement. The priority should be decided based on its > importance. To me, someone forgetting a password is far more likely than > someone wanting to change it. So I would consider 'Forgot Password' as a > must have feature and 'Change Password' as a good to have one. > > The other reason this thread made me think about the 'Forgot Password' > feature is that if we implement that feature, we can address the change > password capability through the same feature. We don't have to implement > two features to address the two use cases. So, two birds with one stone. > Less code, less bugs and less work. > > On Tue, Aug 21, 2018 at 1:34 AM Ishara Cooray <[email protected]> wrote: > >> +1 to implement change password feature first as it is simpler than >> forgot password feature which involves user verification. >> Also for the forgot password feature we can either send an email with a >> temporary password or redirect to the change password. >> Even if we send a temporary password we will need to ask to change the >> password. >> >> Hi Vithursa, >> >> I would suggest having another required property call *retypeNewPassword >> *for new password verification. >> >> Thanks & Regards, >> Ishara Cooray >> Senior Software Engineer >> Mobile : +9477 262 9512 >> WSO2, Inc. | http://wso2.com/ >> Lean . Enterprise . Middleware >> >> On Mon, Aug 20, 2018 at 5:08 PM, roshan wijesena <[email protected]> >> wrote: >> >>> Do we have any send an email to user feature in apim 3 road map ? >>> >>> On Mon, Aug 20, 2018 at 7:56 PM Sanjeewa Malalgoda <[email protected]> >>> wrote: >>> >>>> Forgot password feature should comes with some sort of user >>>> verification(enter security question or send email verification, sms >>>> verification etc). >>>> That feature need to implement with some extensions as all are not >>>> using same verification process. >>>> So i think we can first complete this and come back to that feature. >>>> >>>> Thanks, >>>> sanjeewa. >>>> >>>> >>>> On Mon, Aug 20, 2018 at 11:42 AM Mushthaq Rumy <[email protected]> >>>> wrote: >>>> >>>>> +1. I too think that forgot password option is more important and it >>>>> is not yet implemented. I would prefer if we start on that first. >>>>> >>>>> Thanks & Regards, >>>>> Mushthaq >>>>> >>>>> On Mon, Aug 20, 2018 at 11:40 AM Nuwan Dias <[email protected]> wrote: >>>>> >>>>>> Do we have a forgot password option on the Store? I would think that >>>>>> is more important for an API Store than a change password functionality. >>>>>> >>>>>> On Mon, Aug 20, 2018 at 11:22 AM Vithursa Mahendrarajah < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi all, >>>>>>> I am working on $subject in APIM 3.0.0. Planned flow of >>>>>>> implementation is as follows: >>>>>>> >>>>>>> [image: new_password_mail.png] >>>>>>> We have SCIM API [1] for updating user-info. A separate REST API can >>>>>>> be implemented to provide the feature to change password by wrapping >>>>>>> mentioned SCIM API. The sample resource could be as, >>>>>>> >>>>>>> PasswordChangeRequest: >>>>>>> title: Request for changing password >>>>>>> required: >>>>>>> - username >>>>>>> - currentPassword >>>>>>> - newPassword >>>>>>> properties: >>>>>>> username: >>>>>>> type: string >>>>>>> currentPassword: >>>>>>> type: string >>>>>>> newPassword: >>>>>>> type: string >>>>>>> >>>>>>> Please provide your thoughts and feedback on this. >>>>>>> >>>>>>> Thanks, >>>>>>> Vithursa >>>>>>> -- >>>>>>> Vithursa Mahendrarajah >>>>>>> Software Engineer >>>>>>> WSO2 Inc. - http ://wso2.com >>>>>>> Mobile : +947*66695643* >>>>>>> >>>>>>> >>>>>>> * <http://wso2.com/signature> <http://wso2.com/signature> >>>>>>> <http://wso2.com/signature>* >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Nuwan Dias >>>>>> >>>>>> Director - WSO2, Inc. http://wso2.com >>>>>> email : [email protected] >>>>>> Phone : +94 777 775 729 >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>> >>>>> >>>>> -- >>>>> Mushthaq Rumy >>>>> *Senior Software Engineer* >>>>> Mobile : +94 (0) 779 492140 >>>>> Email : [email protected] >>>>> WSO2, Inc.; http://wso2.com/ >>>>> lean . enterprise . middleware. >>>>> >>>>> <http://wso2.com/signature> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>> >>>> >>>> -- >>>> *Sanjeewa Malalgoda* >>>> WSO2 Inc. >>>> Mobile : +94 712933253 >>>> >>>> <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda. >>>> blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/> >>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> > > > -- > Nuwan Dias > > Director - WSO2, Inc. http://wso2.com > email : [email protected] > Phone : +94 777 775 729 > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thilini Shanika Associate Technical Lead WSO2, Inc.; http://wso2.com 20, Palmgrove Avenue, Colombo 3 E-mail: [email protected]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
