Hi Mark, Thanks a lot! This is quick and in great detail. This is going to save me tons of work. Thanks again. I really appreciate it. I will update how this goes later.
On Tue, Feb 8, 2011 at 5:48 PM, Mark <[email protected]> wrote: > Here is a possible approach. > > Create a page called PasswordReset or when someone visits this page > with the secret code on the url, this page can figure out who they are > based on the code and reset their password by either letting them > change it or by emailing them a new one. Once this is done you have > the reset functionality in place. > > If you want them to be able to reset their password by clicking on a link > like: > www.example.com/PasswordReset/fjeivj57385kdjfs8574 > > Then you will need to grab the reset string off the url using something > like: > > public Object onActivate( String resetCode) { > boolean success = process(resetCode) > if(success) { > return "login"; > } > > //set error message > return null; > } > > You could use a PageActivationContext annotation instead of > onActivate, but I can't remember if that was added in 5.1 or after > that. > > > > Now create a page called EmailPasswordReset. This page needs to be > able to send email. See ChenilleKit for a nice wrapper to the JavaMail > functionality. When someone clicks on the reset my password from the > login page, this page should be loaded and ask for their email. When > they type in their email, it should generate a long random id to send > them. Perhaps a hash of their email address AND a random number to > help make sure it is unique and can't be generated outside the system. > > Ideally you'll want to send them a working link. To do that, use > something like this: > > Link link = > linkSource.createPageRenderLinkWithContext("ResetPassword",resetCode); > > You can get the AbsoluteURL including the http and domain by doing: > > link.toAbsoluteURI(); > > Thats probably what you want to put in your email for them to click on. > > Oh to get the linkSource, inject it into the page like so: > > @Inject > private PageRenderLinkSource linkSource ; > > Some other things to consider. You need the reset code to expire in > the not to distant future and you also need to delete it or mark it as > used once they actually use it to reset the password. > > Thats a very general overview that hopefully will get you started. > You might check the Shiro mailing list because I think they had some > discussion about how to handle password resets in the past. > > Mark > > On Tue, Feb 8, 2011 at 5:28 PM, Henry Chen <[email protected]> wrote: > > > > I know this is pretty standard but I've never done this before. Can > anyone > > share some experience of how this can be done in tapestry? Basically I > want > > to sent a link to the user so when clicked he will be brought to a page > and > > able to type in the new password. > > > > Thanks a lot. > > > > BTW, I'm using 5.1.0.5 > > -- > > View this message in context: > http://tapestry-users.832.n2.nabble.com/How-to-program-Self-service-password-reset-in-tapestry-tp6005906p6005906.html > > Sent from the Tapestry Users mailing list archive at Nabble.com. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Best, Henry Chen
