search

crhume / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

Forgotten Password Festure Enhancement. #28

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. User enters email address (or some other attribute Value)
2. PWM sends a "special" link to the email address the user has on file
3. The user can then reset their password without using normal 
challenge-response 

What is the expected output? What do you see instead?
Often users of Web sites can/do not remember their answers.

Original issue reported on code.google.com by jwilleke on 31 Dec 2010 at 9:40

GoogleCodeExporter commented 9 years ago 
Beginning work by re-organizing configuration section to split up challenge 
policy and response policy.

Original comment by jrivard on 2 Jan 2011 at 10:06

GoogleCodeExporter commented 9 years ago 
Tested SVN revision 113. ForgottenPasswordServlet.java still checks for valid 
responses on line 144:

checkIfUserHasValidResponses(pwmSession, forgottenPasswordBean);

Verified that commenting out this line allows password reset with email token 
only.

Original comment by samuli.s...@gmail.com on 8 Mar 2011 at 10:13

GoogleCodeExporter commented 9 years ago 
Ahhh..  It looks like if you have responses, it will work okay.  It won't ask 
you for them, just wants to check if they are there.  Looking into it....

Original comment by jrivard on 8 Mar 2011 at 2:24

GoogleCodeExporter commented 9 years ago 
Needs testing again with svn revision 114

Original comment by jrivard on 9 Mar 2011 at 6:12

GoogleCodeExporter commented 9 years ago 
Tested again with revision r122, seems to be working well.  Closing issue.

Original comment by jrivard on 21 Mar 2011 at 3:56