Ariel T. Glenn <> changed:

           What    |Removed                     |Added
                 CC|                            |

--- Comment #9 from Ariel T. Glenn <> ---
The extension that provides that functionality is and it needs to be
packaged and installed (as well as tested with the new version of RT).

There's another approach to password resets here:
and implemented here:
but this is not currently functional, since it's intended for 'external' (non
privileged) users only.  I could comment out the lines that make that check,
but I'd prefer to go with the other extension because of how password resets
are handled.

In the extension on github, the user requests a password reset by providing
their email address, is sent a url with a token, and after following that url,
enters the new password which is then validated and saved.  This I believe is
what was installed previously, at least it has the path referenced in comment

In the wikia code, the user requests a password reset the same way but RT
immediately sets the password to a random string and emails the user with that

I like the second approach less, since it permits someone other than the user
to actually change the password (even though the user is notified of the
change), and the password is sent via plaintext email.  Neither of those things
excite me very much.

You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to