Hi Bob,
I've finally had chance to take a closer look at your requirements and
was able to spend some time looking at how such requirements could be
implemented in Syncope with as less modifications as possible.
Let's start from creation / activation process:
1. user gets created (someone calls UserController.create() via REST)
2. the workflow calls GenerateToken that (as you correctly reported in
SYNCOPE-90) generates but doesn't persist the token: I am going to apply
Sarris's patch ASAP and fix this issue
3. assuming that an appropriate notification is defined, an e-mail in
sent to the user just created with an activation link containing the
value of the token generated
4. user clicks the link that calls an activate() REST service
5. assuming that an appropriate notification is defined, a welcome
e-mail is sent to the user
AFAIU, (2) used to be problematic but Sarris and you found an easy fix,
while (4) is still problematic.
I've just fixed (you have to wait for Jenkis to deploy new artifacts)
our standard UserController.activate() in order to be effective; here it
goes the (fixed) flow:
1. UserController.activate() is called via REST: just be sure to call
this method with an UserTO object where you actually put the token as
provided by the user (UserTO.setToken()).
2. UserController.setStatus() is called with userTO.getToken() as
parameter - this is my fix
3. AbstractUserWorkflowAdapter.activate(user, token) is called, then
ActivitiUserWorkflowAdapter.doActivate()
4. at this point the workflow is triggered: the 'activate' task is
called, and the 'token' workflow variable now contains the value
originally provided by the user; hence you could write something like:
syncopeUser.checkToken(token)
or
syncopeUser.removeToken()
in your workflow XML. SyncopeUser.checkToken() will check if the token
is correct and still valid.
The whole idea is that you should not be required - except for very rare
and particular cases - to tweak UserController in order to implement
your custom workflow: it should be enough to customize the XML for this.
There is also a generic UserController.executeWorkflow() taking UserTO
and task name as parameters for this purpose.
Hope this helps.
Regards.
On 31/05/2012 09:10, Bob Lannoy wrote:
> Hi Francesco,
>
> just to keep you updated, I've attached my workflow.
> I'm able to send a token and call my own activate/{userId} REST method
> with the token from the mail.
>
> I'm unable to delete the user when the token has expired. I noticed
> that the Delete.java is nearly empty. I tried a userDAO.delete(user)
> in a custom delete class but the user stays visible in console (and is
> still in the database).
>
> I also started working on a password reset mechanism also based on the
> token approach but I'm still looking for the best way.
> For the moment I added a "pwreset" task which I also put into the
> workflow java classes and an additional rest-method to launch the
> task.
>
> regards
>
> Bob
>
>> Hi Bob,
>> I don't have time today, but I'll take a look at this tomorrow and I
>> hope I'll come back to you with something meaningful about workflow,
>> token and activate.
>>
>> Regards.
--
Francesco Chicchiriccò
ASF Member, Apache Cocoon PMC and Apache Syncope PPMC Member
http://people.apache.org/~ilgrosso/
