I was just thinking; does the template need a line with the temporary password in it?
*Your temporary password is <password>. You should change it when you complete your registration.* On Thu, Aug 26, 2021 at 8:39 AM Ali Alhaidary <[email protected]> wrote: > > On 8/26/21 8:46 AM, Maxim Solodovnik wrote: > > I would call it: security issue :) > IMO such destructive action like purging user should be very much secured > .... > > Admins periodically review user list and remove old, not fully registered > or not verified users. Also, a user needs to remove his contact > information if the application keeps interacting with him by email for > example, however, OM does not do that. > > > On Thu, 26 Aug 2021 at 12:44, Lee But <[email protected]> > wrote: > >> Isn't there a way to send an ID key in the invitation email that can >> automatically remove the record that matches the key. Or, match the email >> address? >> >> On Thu, Aug 26, 2021 at 5:36 AM Maxim Solodovnik <[email protected]> >> wrote: >> >>> >>> >>> On Thu, 26 Aug 2021 at 12:18, Lee But <[email protected]> >>> wrote: >>> >>>> Hello Maxim, >>>> >>>> The <application.base.url> is just to point to the website that >>>> openmeetings is on so that the user can recognise it. Example, Maxim >>>> Solodonvik at www.openmeetings.apache.org has invited you to join >>>> their online meeting room(s). >>>> Perhaps, it would be better if the admin could create an 'organisation >>>> name' and have that in the invitation instead. >>>> >>>> The <URL>, would point directly to a page to change the password and >>>> complete registration. >>>> >>> >>> Well >>> Actually both URLs will be >>> https://om.alteametasoft.com/openmeetings/signin >>> This is why I'm asking :) >>> >>> >>>> What I mean by 'deregister' is to remove the information that the admin >>>> created: names, password and email address. That may not be clear. >>>> >>>> I suppose it could read, 'If you have received this invitation in error >>>> or do not wish to join the meeting room(s), please *click here* to >>>> deregister your information shown in this email.' >>>> >>> >>> As I wrote before >>> this is impossible without successful login >>> which impossible without "change the password and complete registration" >>> So the footer looks useless to me :( >>> >>> >>>> >>>> On Thu, Aug 26, 2021 at 4:59 AM Maxim Solodovnik <[email protected]> >>>> wrote: >>>> >>>>> Thanks for the templates :) >>>>> >>>>> I'll do the following: >>>>> >>>>> 1) will create the key `send.invite.to.user.created.by.admin` >>>>> 2) will use "Formal version" to create the template >>>>> (you can modify it any time as described here >>>>> https://openmeetings.apache.org/EditTemplates.html) >>>>> >>>>> Couple of questions: >>>>> 1) why do we need both "<application.base.url>" and "<URL>"? >>>>> 2) why do we need this "If you have received this invitation in error, >>>>> please *click here* to deregister." footer? the only way to >>>>> de-register is to complete registration then to delete themselves .... >>>>> >>>>> >>>>> On Wed, 25 Aug 2021 at 20:39, Ali Alhaidary < >>>>> [email protected]> wrote: >>>>> >>>>>> Nice :-) >>>>>> >>>>>> Ali >>>>>> On 8/25/21 3:07 PM, Lee But wrote: >>>>>> >>>>>> Hello Maxim, >>>>>> >>>>>> Here are two templates. One is formal, the other informal. I think it >>>>>> would be useful for admins to view default templates and create their own >>>>>> invitations as well. >>>>>> possible keys could be: >>>>>> >>>>>> send.formal.invite.to.user.created.by.admin >>>>>> send.casual.invite.to.user.created.by.admin >>>>>> send.custom.invite.to.user.created.by.admin >>>>>> >>>>>> In the examples below, the name order could be swapped according to >>>>>> the language being used. >>>>>> >>>>>> ***************** >>>>>> Formal version >>>>>> >>>>>> ***************** >>>>>> >>>>>> Dear <firstName> <lastName>, >>>>>> >>>>>> <adminFirstName> <adminLastName> at <application.base.url> has >>>>>> invited you to join their online meeting room(s). >>>>>> >>>>>> To complete your registration and use the room(s), please visit the >>>>>> link below and create a strong password. >>>>>> >>>>>> <URL> >>>>>> >>>>>> Your username for logging in is <username>. >>>>>> >>>>>> Thank you for joining our meeting rooms. >>>>>> >>>>>> Best regards, >>>>>> >>>>>> <adminFirstName> <adminLastName> >>>>>> >>>>>> >>>>>> If you have received this invitation in error, please *click here* >>>>>> to deregister. >>>>>> >>>>>> >>>>>> >>>>>> ***************** >>>>>> Casual version >>>>>> >>>>>> ***************** >>>>>> >>>>>> Hi <firstName> <lastName>, >>>>>> >>>>>> <adminFirstName> <adminLastName> here from <application.base.url>. >>>>>> I’ve added you as a user to our online meeting room(s). >>>>>> >>>>>> To use the room(s), you need to complete your registration. Click the >>>>>> link below and create a strong password. >>>>>> >>>>>> <URL> >>>>>> >>>>>> Your username for logging in is <username>. >>>>>> >>>>>> Thanks for joining our meeting room(s). >>>>>> >>>>>> See you soon! >>>>>> >>>>>> <adminFirstName> >>>>>> >>>>>> >>>>>> If I’ve sent you this invitation by mistake, please *click here* to >>>>>> deregister. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Wed, Aug 25, 2021 at 6:13 AM Maxim Solodovnik < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Maybe you can help to create a template for such email (as text) >>>>>>> here? :) >>>>>>> and maybe propose a configuration key name? >>>>>>> >>>>>>> `send.email.when.created.by.admin`? Maybe better ideas? :)) >>>>>>> >>>>>>> On Wed, 25 Aug 2021 at 12:18, Lee But <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hello Maxim, >>>>>>>> >>>>>>>> I'm testing with my own email addresses until I am sure that I have >>>>>>>> everything right. >>>>>>>> I think that would be great. Also, a link to the login page would >>>>>>>> be useful, as without it, users don't know the URL of the website. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Lee >>>>>>>> >>>>>>>> On Wed, Aug 25, 2021 at 2:53 AM Maxim Solodovnik < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hello Lee, >>>>>>>>> >>>>>>>>> this is by design >>>>>>>>> these email settings are for self-registration only >>>>>>>>> Password is not being sent for security reasons >>>>>>>>> >>>>>>>>> As workaround your users can click "Forget password" >>>>>>>>> enter login/email and change the password >>>>>>>>> >>>>>>>>> We can add some additional setting to send email to newly created >>>>>>>>> users with instructions above :) >>>>>>>>> WDYT? >>>>>>>>> >>>>>>>>> On Tue, 24 Aug 2021 at 23:07, Lee But < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> I turned off self-registering, and when I set up a user as admin, >>>>>>>>>> no verification email is sent despite the key being set to true. >>>>>>>>>> [image: image.png] >>>>>>>>>> >>>>>>>>>> Also, the email that contains the user's account details does not >>>>>>>>>> contain the password, nor a link to the openmeetings page, so they >>>>>>>>>> cannot >>>>>>>>>> log in. >>>>>>>>>> Here's the message: >>>>>>>>>> >>>>>>>>>> [image: image.png] >>>>>>>>>> >>>>>>>>>> Thank you, >>>>>>>>>> Lee >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Best regards, >>>>>>>>> Maxim >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Best regards, >>>>>>> Maxim >>>>>>> >>>>>> >>>>> >>>>> -- >>>>> Best regards, >>>>> Maxim >>>>> >>>> >>> >>> -- >>> Best regards, >>> Maxim >>> >> > > -- > Best regards, > Maxim > >
