1) Perhaps there is no need for a new template, just make it possible for an admin-registered user to follow a link to log in. Yes, a password with registration is a bad idea. Which methods are available for a user to log in without knowing their password if not sent by the admin? My bank sends verification codes via email, so I suppose there must be some way to use email securely.
2) I think the base url is enough, the same as the application.base.url key in configuration. On Thu, Sep 2, 2021 at 3:33 AM Maxim Solodovnik <[email protected]> wrote: > There is no such thing as temporary password > > From security perspective it is not good idea to send login and password > via same channel > And extremely bad idea to send them in same message > > I'm ready to add some changes to the registration template :) > Since email is being sent while registering > > 1) Do we need a separate template? > 2) Shall we add server URL to the current template? > > > On Sat, 28 Aug 2021 at 10:50, Lee But <[email protected]> > wrote: > >> I was just thinking; does the template need a line with the temporary >> password in it? >> >> *Your temporary password is <password>. You should change it when you >> complete your registration.* >> >> On Thu, Aug 26, 2021 at 8:39 AM Ali Alhaidary < >> [email protected]> wrote: >> >>> >>> On 8/26/21 8:46 AM, Maxim Solodovnik wrote: >>> >>> I would call it: security issue :) >>> IMO such destructive action like purging user should be very much >>> secured .... >>> >>> Admins periodically review user list and remove old, not fully >>> registered or not verified users. Also, a user needs to remove his contact >>> information if the application keeps interacting with him by email for >>> example, however, OM does not do that. >>> >>> >>> On Thu, 26 Aug 2021 at 12:44, Lee But <[email protected]> >>> wrote: >>> >>>> Isn't there a way to send an ID key in the invitation email that can >>>> automatically remove the record that matches the key. Or, match the email >>>> address? >>>> >>>> On Thu, Aug 26, 2021 at 5:36 AM Maxim Solodovnik <[email protected]> >>>> wrote: >>>> >>>>> >>>>> >>>>> On Thu, 26 Aug 2021 at 12:18, Lee But <[email protected]> >>>>> wrote: >>>>> >>>>>> Hello Maxim, >>>>>> >>>>>> The <application.base.url> is just to point to the website that >>>>>> openmeetings is on so that the user can recognise it. Example, Maxim >>>>>> Solodonvik at www.openmeetings.apache.org has invited you to join >>>>>> their online meeting room(s). >>>>>> Perhaps, it would be better if the admin could create an >>>>>> 'organisation name' and have that in the invitation instead. >>>>>> >>>>>> The <URL>, would point directly to a page to change the password and >>>>>> complete registration. >>>>>> >>>>> >>>>> Well >>>>> Actually both URLs will be >>>>> https://om.alteametasoft.com/openmeetings/signin >>>>> This is why I'm asking :) >>>>> >>>>> >>>>>> What I mean by 'deregister' is to remove the information that the >>>>>> admin created: names, password and email address. That may not be clear. >>>>>> >>>>>> I suppose it could read, 'If you have received this invitation in >>>>>> error or do not wish to join the meeting room(s), please *click here* to >>>>>> deregister your information shown in this email.' >>>>>> >>>>> >>>>> As I wrote before >>>>> this is impossible without successful login >>>>> which impossible without "change the password and complete >>>>> registration" >>>>> So the footer looks useless to me :( >>>>> >>>>> >>>>>> >>>>>> On Thu, Aug 26, 2021 at 4:59 AM Maxim Solodovnik < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Thanks for the templates :) >>>>>>> >>>>>>> I'll do the following: >>>>>>> >>>>>>> 1) will create the key `send.invite.to.user.created.by.admin` >>>>>>> 2) will use "Formal version" to create the template >>>>>>> (you can modify it any time as described here >>>>>>> https://openmeetings.apache.org/EditTemplates.html) >>>>>>> >>>>>>> Couple of questions: >>>>>>> 1) why do we need both "<application.base.url>" and "<URL>"? >>>>>>> 2) why do we need this "If you have received this invitation in >>>>>>> error, please *click here* to deregister." footer? the only way to >>>>>>> de-register is to complete registration then to delete themselves .... >>>>>>> >>>>>>> >>>>>>> On Wed, 25 Aug 2021 at 20:39, Ali Alhaidary < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Nice :-) >>>>>>>> >>>>>>>> Ali >>>>>>>> On 8/25/21 3:07 PM, Lee But wrote: >>>>>>>> >>>>>>>> Hello Maxim, >>>>>>>> >>>>>>>> Here are two templates. One is formal, the other informal. I think >>>>>>>> it would be useful for admins to view default templates and create >>>>>>>> their >>>>>>>> own invitations as well. >>>>>>>> possible keys could be: >>>>>>>> >>>>>>>> send.formal.invite.to.user.created.by.admin >>>>>>>> send.casual.invite.to.user.created.by.admin >>>>>>>> send.custom.invite.to.user.created.by.admin >>>>>>>> >>>>>>>> In the examples below, the name order could be swapped according to >>>>>>>> the language being used. >>>>>>>> >>>>>>>> ***************** >>>>>>>> Formal version >>>>>>>> >>>>>>>> ***************** >>>>>>>> >>>>>>>> Dear <firstName> <lastName>, >>>>>>>> >>>>>>>> <adminFirstName> <adminLastName> at <application.base.url> has >>>>>>>> invited you to join their online meeting room(s). >>>>>>>> >>>>>>>> To complete your registration and use the room(s), please visit the >>>>>>>> link below and create a strong password. >>>>>>>> >>>>>>>> <URL> >>>>>>>> >>>>>>>> Your username for logging in is <username>. >>>>>>>> >>>>>>>> Thank you for joining our meeting rooms. >>>>>>>> >>>>>>>> Best regards, >>>>>>>> >>>>>>>> <adminFirstName> <adminLastName> >>>>>>>> >>>>>>>> >>>>>>>> If you have received this invitation in error, please *click here* >>>>>>>> to deregister. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ***************** >>>>>>>> Casual version >>>>>>>> >>>>>>>> ***************** >>>>>>>> >>>>>>>> Hi <firstName> <lastName>, >>>>>>>> >>>>>>>> <adminFirstName> <adminLastName> here from <application.base.url>. >>>>>>>> I’ve added you as a user to our online meeting room(s). >>>>>>>> >>>>>>>> To use the room(s), you need to complete your registration. Click >>>>>>>> the link below and create a strong password. >>>>>>>> >>>>>>>> <URL> >>>>>>>> >>>>>>>> Your username for logging in is <username>. >>>>>>>> >>>>>>>> Thanks for joining our meeting room(s). >>>>>>>> >>>>>>>> See you soon! >>>>>>>> >>>>>>>> <adminFirstName> >>>>>>>> >>>>>>>> >>>>>>>> If I’ve sent you this invitation by mistake, please *click here* >>>>>>>> to deregister. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Wed, Aug 25, 2021 at 6:13 AM Maxim Solodovnik < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Maybe you can help to create a template for such email (as text) >>>>>>>>> here? :) >>>>>>>>> and maybe propose a configuration key name? >>>>>>>>> >>>>>>>>> `send.email.when.created.by.admin`? Maybe better ideas? :)) >>>>>>>>> >>>>>>>>> On Wed, 25 Aug 2021 at 12:18, Lee But < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hello Maxim, >>>>>>>>>> >>>>>>>>>> I'm testing with my own email addresses until I am sure that I >>>>>>>>>> have everything right. >>>>>>>>>> I think that would be great. Also, a link to the login page would >>>>>>>>>> be useful, as without it, users don't know the URL of the website. >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Lee >>>>>>>>>> >>>>>>>>>> On Wed, Aug 25, 2021 at 2:53 AM Maxim Solodovnik < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hello Lee, >>>>>>>>>>> >>>>>>>>>>> this is by design >>>>>>>>>>> these email settings are for self-registration only >>>>>>>>>>> Password is not being sent for security reasons >>>>>>>>>>> >>>>>>>>>>> As workaround your users can click "Forget password" >>>>>>>>>>> enter login/email and change the password >>>>>>>>>>> >>>>>>>>>>> We can add some additional setting to send email to newly >>>>>>>>>>> created users with instructions above :) >>>>>>>>>>> WDYT? >>>>>>>>>>> >>>>>>>>>>> On Tue, 24 Aug 2021 at 23:07, Lee But < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hello, >>>>>>>>>>>> >>>>>>>>>>>> I turned off self-registering, and when I set up a user as >>>>>>>>>>>> admin, no verification email is sent despite the key being set to >>>>>>>>>>>> true. >>>>>>>>>>>> [image: image.png] >>>>>>>>>>>> >>>>>>>>>>>> Also, the email that contains the user's account details does >>>>>>>>>>>> not contain the password, nor a link to the openmeetings page, so >>>>>>>>>>>> they >>>>>>>>>>>> cannot log in. >>>>>>>>>>>> Here's the message: >>>>>>>>>>>> >>>>>>>>>>>> [image: image.png] >>>>>>>>>>>> >>>>>>>>>>>> Thank you, >>>>>>>>>>>> Lee >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Best regards, >>>>>>>>>>> Maxim >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Best regards, >>>>>>>>> Maxim >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Best regards, >>>>>>> Maxim >>>>>>> >>>>>> >>>>> >>>>> -- >>>>> Best regards, >>>>> Maxim >>>>> >>>> >>> >>> -- >>> Best regards, >>> Maxim >>> >>> > > -- > Best regards, > Maxim >
