Hi,
I am currently developing an UI for the sling usermgmt and found that
I can't realize a common use case:
- PW reset (manually by admin or automatically by user)
The old PW is always required but in the given use case it is most
likely that the PW is no longer available.
I would implement this on my own but the only two ways I see seem to
be suboptimal:
1) Create a new overwritePW which accepts only requests from admins.
However as I can not extend AbstractUserPostServlet
from my code, I have no access to the digestPassword method and
would have to copy code and even worse make sure, that the digest
algorithm
is then always configured the same on the create user? servlet and
the overwritePW servlet which is suboptimal.
2) Create a filter to provide the oldPW automatically to the changePW
servlet in case an admin overwrites a PW.
That won't work with the CryptedSimpleCredentials I guess.
So I am stuck. How to realize PW reset?
Thanks,
Markus
