Open yunohost-bot opened 7 years ago
What's the status of this issue ? Is it hard to implement, from a security perspective ?
No one has been working on yet.
Technically it's no extremely hard since it has been done a lot of time already but we have YunoHost specific questions for that (like if you lost you sso password ... that also happen to be your email password... sending you en email is a bit pointless etc...)
I understand. I was thinking of something that let users enable this feature. Enabling it would require the user to provide a recovery email which is not the yunohost one. It's something most users are used to, IMO.
(I'm surprised this issue is not requested more ^^)
(I'm surprised this issue is not requested more ^^)
People tend to use YunoHost for a small group of user or only themselves in general, it's quite new that we have bigger scale usage '-'
Note that the issue is imho not trivial to solve : many people don't have a working email stack (either because they don't care so much about it, because they didn't set up the DNS records properly, or because their ISP doesn't allow to open port 25, or ...)
So sending an email to an external adress is not guaranteed to work ...
One can imagine fallback solutions such as having some sort of custom relay hosted on yunohost's project infrastructure (with various constraints to limit abuses). Or just send an email to the admin of the instance to get the password resetted (assuming the admin reads emails). Or yunohost could simply disable the recovery password thing automatically if it's able to diagnose that the mail stack ain't properly working / configured.
(Supposedly ljf is working on this)
Exact, i am currently working on finding a way to specify a specific mail for recovery in ldap.
Hello @zamentur! Have you found something yet regarding this issue?
Initial exploration was done in https://github.com/YunoHost/yunohost/pull/1322 and the person working on it should have a look before jumping into work
In particular, the _smtp_is_secured_enough(..)
function at the very end of the diff
Original Redmine Issue: 878
Author Name: alexAubin
Continuation of https://github.com/YunoHost/SSOwat/issues/6