Re: PROPOSAL: register user with e-mail activation

Tue, 03 Apr 2007 15:08:06 -0700 

I just committed this work to the trunk.
I also updated the proposal to reflect the final design.

http://cwiki.apache.org/confluence/display/ROLLER/Proposal+Account+Activation+via+Email

- Dave




On 4/3/07, Allen Gilliland <[EMAIL PROTECTED]> wrote:



Dave wrote:
> On 4/3/07, Allen Gilliland <[EMAIL PROTECTED]> wrote:
>> Are those properties supposed to be in the runtime config?  The proposal
>> doesn't specify.
>
> They are in the starup config and email activation defaults to true.
>
> The "user.account.activation.enabled" and
> "user.account.activation.mail.from" should probably be runtime configs
> instead and default to disabled, like our other email notification
> settings.
>
> What do others think?

I think they should all be runtime config properties.  We should
probably have a section in the runtime config for "User Registration"
which has 2 existing properties for enabling/disabling registration and
specifying a 3rd party registration url, plus all these new properties
for the email activation.

  and i agree that they should be disabled by default.


>
>
>> Also, is there a reason why the activation code needs to be 255
>> characters?  I would think something much smaller would suffice, like 64?
>
> Currently, the length is configurable and defaults to 128. The code
> generation logic looks like this:
>
>    private String generateActivationCode() {
>        int length = RollerConfig
>                .getIntProperty("user.account.activation.code.length");
>        if (length < 32) {
>            length = 32;
>        } else if (length > 255) {
>            length = 255;
>        }
>        char[] chars = new char[length];
>        for (int i = 0; i < length; i++) {
>            int randNumber = (int) (Math.random() * 16);
>            switch (randNumber) {
>                case 0:
>                    chars[i] = '0';
>                    break;
>                case 1:
>                    chars[i] = '1';
>                    break;
>                case 2:
>                    chars[i] = '2';
>                    break;
>     etc.
>
> Might be better to use the Java 5 UUID generator instead.

definitely.  that looks like a mess, i think we can definitely have an
easier way to do it.  i also don't think there is any reason for the
admin to choose the length of the activation code, we should just use a
standard length and use that.  why would someone need to have a 255
character activation code?

i suggest we just do a reasonable number like 48 and use that.

-- Allen


>
> Both of those changes are pretty easy for me to make in my workspace.
>
> - Dave

Reply via email to