Rob Weir wrote:
On Thu, Dec 8, 2011 at 5:02 PM, Andrea Pescetti<pescetti@...> wrote:
This means that extension publishers can be contacted only through their
@openoffice.org address; the first thing to do in the possible future clones
of the Extensions and Templates site would thus be to disable the
single-sign-on (unfortunately) and send out password reset links before the
@openoffice.org addresses and the single-sign-on expire, otherwise extension
publishers will lose access to the website.
A password reset doesn't fix it. We need users to specify a
different email address, right? Is that even possible? Does the app
have a separate user-id and email address field? Or does it assume
they are always the same?
I was skipping some steps. Again, I don't have access to the code, but
the standard way of implementing in Drupal what the Extensions site does
would be:
- All passwords are validated on the OOo single-sign-on in Kenai
- Upon successful validation, a local user is created on the Extensions
site (i.e., after I login correctly as pescetti@ooo the user "pescetti"
is created on the Extensions site, with e-mail set to pescetti@ooo; of
course this is only done at the first login).
- I assume that passwords are not stored in the local database, since
anyway they are always validated on the single-sign-on. But other user
data are persistent.
Steps to do would thus be:
1) Disconnect Extensions from single-sign-on ; all users will still be
there, but we only have their @openoffice.org e-mail address; so user
"pescetti" will still exist, with the e-mail field set to pescetti@ooo
and the password set to something meaningless.
2) Send a password reset link to all users; this will be notified to
them through their @openoffice.org address and would include information
on how to reset both the password and the e-mail address; possibly, the
form validation would forbid to leave the e-mail address set to
[email protected]
3) People will then be able to login with the username they are using
now (like "pescetti") and the new password.
This can only be done until OpenOffice.org addresses are in place.
As asked by Dave, I'll send a link to this thread in the one where Gavin
is discussing migration, so it doesn't get lost.
Regards,
Andrea.
