[jira] Commented: (JSPWIKI-159) Getting an new password is only possible for one user per mail address

Tue, 07 Oct 2008 14:37:06 -0700 

    [ 
https://issues.apache.org/jira/browse/JSPWIKI-159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12637662#action_12637662
 ] 

Carl Hagenmaier commented on JSPWIKI-159:
-----------------------------------------

I think the wikiName rather than the loginName is displayed in the edit 
history.  At least that's how my local wiki seems to behave.  

A user "record" has seven variables, four of which are relevant here:
loginName, e.g., "carl" 
wikiName, e.g., "CarlHagenmaier" 
fullName, e.g., "Carl Hagenmaier" 
email, e.g., "[EMAIL PROTECTED]"

A user profile has three of these, omitting the wikiName, which is 
algorithmically generated from the fullName.

Let's see if we can reverse engineer where each is used (and please correct me 
where I don't have this correct):

loginName-- used for login; can be used in group definition and ACL; displayed 
only in profile and not visible to other users
wikiName--can be used in group definition and ACL; displayed in lots of places 
and visible to other users (e.g., page history)
fullName--can be used in group definition and ACL; displayed only in profile 
and not visible to other users
email-- displayed only in profile and not visible to other users

I would propose the following:

Login credentials must be unique, not public.  They should be used for login, 
profile management (including password reset), and any other activity related 
to user identity.

Display names must be unique and public.  They should be used for group 
management and ACL but not for login, profile management, etc.



> Getting an new password is only possible for one user per mail address
> ----------------------------------------------------------------------
>
>                 Key: JSPWIKI-159
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-159
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication&Authorization
>            Reporter: Florian Holeczek
>
> If there's more than one user with a given email address, it's only possible 
> for one of these users to get a new password via email.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to