Closed MadTiger2409 closed 4 years ago
MadTiger2409
commented
4 years ago But for admin it should be that when the account is blocked, admin can use his/her login and restore key. This will set that's account "pending" flag. Another admin needs to manually unblock this account. Rest stays the same (24h time limit etc).
MadTiger2409
commented
4 years ago For now I implemented this mechanism only for standard user. Admin will have different version of this, but I need to analyze and prototype a solution. So this one goes to separate issue.
MadTiger2409
commented
4 years ago It's good ;)
Every user has a restore key. Now it's time to implement the mechanism. User has one key. This key can be used to get back the access to the account.
It can be used only if the user mark his/her account as blocked (it can be "I forgot my password" button). Then he/she can use this key to unlock account. -> Mmaybe can send this key and new password together, just like in case when you change your password but instead of old password you send key. In response you just get "Ok". Then you are able to log in with new password.
After that key is no longer valid. User can generate new key after 24h from the last use.