Hi, Following the recent threads on notebook features, some thoughts on notebook account management:
* In Leiden we're setting up a notebook for use by students, and thought it would be useful to hand out pre-generated accounts while still allowing students to choose their own account names. To do this, we decided to make the account creation page open for anyone, but require an 'account token' to actually create an account. An account token is just a random large integer. At the start of a course, we can generate a large list of account tokens, and give each student one of those, thus allowing them to create an account themselves, choosing a username and associating it with an e-mail address (if the email feature is enabled). A preliminary patch for this is available at http://www.math.leidenuniv.nl/~wpalenst/sage/account_tokens.patch . It is a patch against 4.1.1 with tickets 4552 ('trac_4552-notebook_account_email.patch'), 6843, 6856 applied. (TODO: add doctests, implement token-generation page to the interface added by ticket 4135, allow enabling/disabling the token feature from that page too.) Comments are welcome :-) * The 'forgot password' feature (enabled by enabling the 'email' setting of the notebook) currently allows anyone to reset the password of anyone they know the email address of, since it currently directly resets the password and mails the new password to the email address associated with the account. It would probably be better to instead generate a second password for the account, that would only become permanent once it has been used once. Or, alternatively, to email a link with a secure token to a password-change-page. -Willem Jan --~--~---------~--~----~------------~-------~--~----~ To post to this group, send an email to [email protected] To unsubscribe from this group, send an email to [email protected] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---
