Yo mean "page" or "wave" ? If user be allowed to reset password - it can be done in wave.
On Oct 28, 11:06 am, James Purser <[email protected]> wrote: > Okay I think out best bet for the money is to start from the bottom and work > our way up. > > First draft user page should allow the user to manually change their > password, and see how many waves they have. > > Once we have that nailed down then we start looking at things like email > reminders and so on. > > Start simple then build up. > > James Purser > Mob: 0406 576 552 > Twitter: purserj > Wave: [email protected] > > On 28/10/2010, at 7:17 PM, Vega <[email protected]> wrote: > > > > > There's still no way for admin to verify user identity to avoid scam. > > Moreoever, if user can't access her WIAB account, how will she ask > > admin for password reset? > > Regarding automatic password reset via email - in fact it is a lot > > easier than implementing admin privileges logics + UI for admin page. > > > What I suggest will work like this: > > -User click on password recovery link > > -Password recovery form is served where user enters username and > > email. If they match WIAB sends POST request to MailHandlerServlet > > that is running on other server (with access to mail server). The > > request contains the recipient address and message text (with new > > password). > > -The both sides need to setup OAuth to trust each other. > > -MailHandlerServlet (in simplest case - App Engine domain) sends the > > requested email to recipient. > > > The design is easy and sending email using App Engine mail server is > > very easy. The architecture also allows to use other (non App Engine) > > mail server as the communication is done via HTTP. It also escapes the > > need to user verification. > > Regarding user details update - I still think that the best way to do > > it is based on WIAB services - like Settings Wave with profile gadget. > > > On Oct 28, 8:42 am, Alex North <[email protected]> wrote: > >> Good points, thanks for thinking about this. We don't have a design, no. > > >> I think your ideas about email addresses for verification are good, but > >> adding email sending to WIAB will be a significant piece of work. Let's > >> implement something really simple first, just enough to make WIAB usable. > > >> How about: > >> - Some users are admins (add this to the user store). Possibly the first > >> user to register is automatically an admin, others are not by default > >> - An admin can grant admin access to other users, change passwords, and > >> generally create and edit user records > >> - User's can't reset their own passwords - they need to ask an admin > > >> I know that's no way to run a production service, but it's enough to get us > >> over the hump of being able to admin the user store. > > >> On 28 October 2010 17:34, Vega <[email protected]> wrote: > > >>> By the way, when you talk about account management for admin - do you > >>> have some design? > >>> Firstly, in order to think about account management - WIAB should > >>> support some notion of privileged accounts. I am not aware of such > >>> functionality in WIAB. > >>> Secondly, given that there will be functionality to to authorize some > >>> user as admin and given that admins would have access to a page that > >>> would allow to reset passwords - they still would need some > >>> verification mechanism for password reset to avoid scam. Usually it > >>> is done by sending email with password to verified email address - but > >>> WIAB doesn't have mail server, and doesn't store email addresses or > >>> has the functionality to verify email addresses. > > >>> I think the easiest solution for password recovering would be like > >>> this: > >>> -User will provide email address on registration > >>> -WIAB will store the email along with user credentials > >>> -Whenever user enters incorrect password - login page will be present > >>> a link to password recovery page where the user should enter the > >>> registered email. > >>> -If username matches the email address, WIAB will automatically reset > >>> the password and send it to registered email using Google AppEngine > >>> mail server. > > >>> On Oct 28, 1:34 am, Alex North <[email protected]> wrote: > >>>> Building features on top of Wave itself is definitely something we like > >>> to > >>>> do. User profiles, settings, avatars etc fit well here (it's what Google > >>>> Wave does too). > > >>>> However I agree with James we probably need some basic infrastructure > >>>> outside of waves to bootstrap such a system. Basic password resetting is > >>> a > >>>> good example, as is some admin functionality like account management. > > >>>> Implementing profile waves is a big task, but password reset and user > >>>> management pages sound feasible. Go for it! > > >>>> Alex > > >>>> On 28 October 2010 08:28, Vega <[email protected]> wrote: > > >>>>> I am not sure how much effort would take to support gadgets in WIAB - > >>>>> probably not too much. Implementation of admin gadget should not be > >>>>> too hard, if needed I can do it. > > >>>>> On Oct 27, 3:31 pm, x00 <[email protected]> wrote: > >>>>>> Content management could work through extensions, and ultimately a > >>>>>> fully blown wave application framework. But I don't see that as the > >>>>>> remit of WIAB at the moment. > > >>>>>> Potentially in the future all content could be float atop of wave > >>> like > >>>>>> services, bar the infrastructure itself. > > >>>>> -- > >>>>> You received this message because you are subscribed to the Google > >>> Groups > >>>>> "Wave Protocol" group. > >>>>> To post to this group, send email to [email protected]. > >>>>> To unsubscribe from this group, send email to > >>>>> [email protected]<wave-protocol%2bunsubscr...@goog > >>>>> legroups.com> > >>> <wave-protocol%2bunsubscr...@goog legroups.com> > >>>>> . > >>>>> For more options, visit this group at > >>>>>http://groups.google.com/group/wave-protocol?hl=en. > > >>> -- > >>> You received this message because you are subscribed to the Google Groups > >>> "Wave Protocol" group. > >>> To post to this group, send email to [email protected]. > >>> To unsubscribe from this group, send email to > >>> [email protected]<wave-protocol%2bunsubscr...@goog > >>> legroups.com> > >>> . > >>> For more options, visit this group at > >>>http://groups.google.com/group/wave-protocol?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Wave Protocol" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/wave-protocol?hl=en. -- You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en.
