Cellule
commented
9 years ago Assigned @mathieumg because he is more familliar with this module
Closed logiad closed 9 years ago
Cellule
commented
9 years ago Assigned @mathieumg because he is more familliar with this module
mathieumg
commented
9 years ago What was the rationale behind not leveraging https://github.com/my-koop/module.user/blob/rc/components/PasswordChangeForm.jsx?
mathieumg
commented
9 years ago Code-wise CR done, haven't been able to test it yet as I'm currently not on my development setup.
I was wondering however, isn't there a problem with the current password reset flow? If I know of another user's email address, I can trigger a reset of his password whenever I want and as many times as I want.
logiad
commented
9 years ago Didnt see any similarity between PasswordUpdateForm and this component,
mathieumg
commented
9 years ago My bad, I actually meant to link to https://github.com/my-koop/service.website/blob/rc/components/PasswordRecoveryPage.jsx .
logiad
commented
9 years ago Indeed that would have been good. I didnt look because this component was very simple, a text input and a submit button.
logiad
commented
9 years ago About the flow, this is the simplest password reset process. Further improvements could be made such as, as you pointed out, preventing any user from resetting other user's password, asking additional information before resetting or sending a reset link by email.
This is a valid concern but I dont think it warrants modifying the flow.
logiad
commented
9 years ago Changes done.
mathieumg
commented
9 years ago CR #2 done.
Cellule
commented
9 years ago Ready to review
mathieumg
commented
9 years ago CR 3 done.
mathieumg
commented
9 years ago CR done. Should be good to merge after changing/discussing the bind call.
User enters his email and submit. A new password is generated and hashed. User table entry for this user is updated. Password is sent by email to the user.