token454 / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

[Enhancement] Validation of Mobile Number before sending SMS token during activation. #256

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago

What is the expected output? What do you see instead?
For PWM it doesn't matter if the mobile number registered with the user is in 
correct international format or not. OR if it is a mobile number at all or not 
(like, it could be 2 digit number or 15) PWM attempts to send SMS anyway.

What version of PWM are you using?
I have tested this in PWM 1.6.1 and 1.6.2. I am using eDirectory 8.8 and Apache 
Tomcat 7.0.26

I have found a nice google java script library for sorting, checking and 
validating the phone numbers along with the country codes.
http://code.google.com/p/libphonenumber/
I was wondering if you can somehow use it for the feature of sending tokens via 
sms? It will sort the mobile number, validate it and it can even check if it is 
a mobile number or a land line. We wish that if the number is not correct or in 
the correct international format, PWM should notify the user.

Original issue reported on code.google.com by haqa...@gmail.com on 8 Aug 2012 at 10:02

GoogleCodeExporter commented 8 years ago
PWM forms now support regex expressions for input format checking.  This can be 
used on the new user registration or on the profile update to require correct 
formatting of the attribute value later used for SMS.  Will this meet your 
needs?

Original comment by jrivard on 17 Oct 2012 at 1:12

GoogleCodeExporter commented 8 years ago
I am afraid not. Because we are not using PWM for user registration or profile 
updates. We have already registered users, PWM is reading those from LDAP and 
sending them SMS. In other words the users who are getting activated or who are 
using the forgotten password options of PWM are not registered via PWM. 
Updating the profile is an option to be included but the users can't update 
their profiles before they have activated the accounts and again for account 
activation PWM will read the default mobile attribute from LDAP.

Original comment by haqa...@gmail.com on 17 Oct 2012 at 2:21

GoogleCodeExporter commented 8 years ago
Incorporating libphonenumber in PWM looks easy, technically. I'm less sure 
about licensing. PWM is distributed under GPL v2, while libphonenumber is 
distributed under Apache License 2, which according to both the Apache and GNU 
websites incompatible. I'm not a laywer, so I cannot tell how this works... Any 
ideas?

Another option would be to implement a phone number check using a configurable 
regex.

Regards,

Menno

Original comment by menno.pi...@gmail.com on 17 Oct 2012 at 4:14

GoogleCodeExporter commented 8 years ago

Original comment by menno.pi...@gmail.com on 26 May 2013 at 8:39

GoogleCodeExporter commented 8 years ago
Adding an Apache licensed library to PWM is okay.

I still don't get what this enhancement is asking for?  Shouldn't any 
validation of the number occur at the point of entry?  What's the point of 
doing it just before sending it.  If it's bad the gateway will reject it.  
Notifying the user doesn't do anything because they can't fix it at that point 
anyway.

Original comment by jrivard on 26 May 2013 at 8:46

GoogleCodeExporter commented 8 years ago
I agree that it should be checked during entry. That is what I would do. 
Libphonenumber is quite cool and powerful. I do not consider it high priority. 
Much of the requestor's wishes can already be implemented using regexes for the 
input fields.

Original comment by menno.pi...@gmail.com on 26 May 2013 at 9:39