On 18/01/2017 11:59, Francesco Chicchiriccò wrote:
On 18/01/2017 11:38, Tech wrote:
Hello,
we faced something that could be a bug in version 2.0.1 and version
2.0.2.
We created a SecurityQuestion from the Admin interface and the user is
prompted to enter one during the creation of his account.
The SecurityQuestion is correctly stored into the DB.
We "forget" the password and we try to recover it using the interface,
but we cannot reset it.
This is happening both for existing and new users.
Could you please double-check?
I assume you have already checked
https://syncope.apache.org/docs/reference-guide.html#password-reset
to understand how the password reset process is expected to work.
A fundamental part for the outlined procedure to be effective, is to
have the notifications in place; see
https://syncope.apache.org/docs/reference-guide.html#e-mail-configuration
for details.
After that user has provided the correct answer to security question via
EndUser UI, a notification e-mail based on the 'requestPasswordReset'
template is sent; as you can see from the template, an URL for accessing
the EndUser UI (containing the unique token generated for such request)
is contained in the e-mail.
Once clicked there, the process can continue with input of the new
password value.
Finally, another notification e-mail based on the 'confirmPasswordReset'
template is sent out.
HTH
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
