Hi,
On Tue, Mar 21, 2017 at 3:55 PM, Denuwanthi De Silva <denuwan...@wso2.com> wrote: > Hi, > > Just to clarify, > > Let's say admin types an email address. > For some reason he misses a character or two. And still let's say that > email is a valid email of some one. > Then when we add the user, an email will be sent to that mail adress. Even > though that is not the intended user. > If that unknown user clicks the link he can reset the password in and > login to the user portal rit? > > This can be a rare situuation. > Is this a scenario we should be concerned of? or is it already handled in > some layer? > It is a resposibility of administrator to enter the correct email address. BTW, we can reduce the human errors by having a new text box to confirm email addresss. Thanks Isura > > > Thanks > > On Tue, Mar 21, 2017 at 12:33 PM, Dinali Dabarera <din...@wso2.com> wrote: > >> Hi, >> >> For the above-mentioned scenario, >> >> - We are going to send the link of the default password reset page to >> the user, with that we will send a random generated code to identify the >> user, and it will expire after a given time period. >> - We are not going to lock the user since we use a random password >> when storing the user in DB and it will be over written by the user >> password update. >> - As Sagara mentioned, we will add meaning full sentences in the UI >> so that user experience will increase. >> >> Thanks. >> >> On Tue, Mar 21, 2017 at 10:07 AM, Godwin Shrimal <god...@wso2.com> wrote: >> >>> Correction >>> >>> 1. As Isura mentioned we don't need to lock the account since we are >>> creating the user with random password no one knows it. >>> >>> On Tue, Mar 21, 2017 at 10:06 AM, Godwin Shrimal <god...@wso2.com> >>> wrote: >>> >>>> Hi Dinali, >>>> >>>> Please see my feedback below. >>>> >>>> 1. As Isura mentioned we don't to lock the account since we are >>>> creating the user with random password on one knows it. >>>> 2. Can't we use name User store (or what ever the term use in C5) other >>>> than Domain, its not user friendly and end users will not aware what is >>>> Domain. >>>> 3. I guess combo box with available option is not user friendly and >>>> what about having option buttons which shows available options at once to >>>> user ? >>>> >>>> >>>> Thanks >>>> Godwin >>>> >>>> >>>> On Mon, Mar 20, 2017 at 5:53 PM, Dinali Dabarera <din...@wso2.com> >>>> wrote: >>>> >>>>> Hi All, >>>>> >>>>> I am going to implement User Onboarding - Ask Password with email >>>>> verification according to the User story [1].The wire-frame given by the >>>>> UX >>>>> team is [2]. >>>>> >>>>> According to these, >>>>> >>>>> *In admin side,* >>>>> >>>>> - The admin creates a user and put his email and click on Add user. >>>>> - Then an email is sent to the user's given email address. >>>>> - The admin will redirect to the List user page. >>>>> >>>>> *In users side*, >>>>> >>>>> - The user will get a link to set a password. >>>>> - The User can click on it and add a password. >>>>> >>>>> *There are two main concerns that am bothering about,* >>>>> >>>>> 1. *When the user clicks the link, I think we can redirect to the >>>>> change password page in user portal. Is this fine or Do we need to use >>>>> a >>>>> custom page for that?* >>>>> 2. *I think we need to lock the account of that user Until he adds >>>>> a password. Is this necessary?* >>>>> >>>>> >>>>> [1] https://redmine.wso2.com/issues/5749 >>>>> [2]https://github.com/wso2-dev-ux/product-is/blob/master/Wir >>>>> eframes/admin-portal/v3/3.5%20Add%20user%20with%20email%20ve >>>>> rification.png >>>>> >>>>> Thank you! >>>>> >>>>> -- >>>>> *Dinali Rosemin Dabarera* >>>>> Software Engineer >>>>> WSO2 Lanka (pvt) Ltd. >>>>> Web: http://wso2.com/ >>>>> Email : gdrdabar...@gmail.com >>>>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >>>>> Mobile: +94770198933 <+94%2077%20019%208933> >>>>> >>>>> >>>>> >>>>> >>>>> <https://lk.linkedin.com/in/dinalidabarera> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> Architecture@wso2.org >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Godwin Amila Shrimal* >>>> WSO2 Inc.; http://wso2.com >>>> lean.enterprise.middleware >>>> >>>> mobile: *+94772264165* >>>> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >>>> twitter: https://twitter.com/godwinamila >>>> <http://wso2.com/signature> >>>> >>> >>> >>> >>> -- >>> *Godwin Amila Shrimal* >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94772264165* >>> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >>> twitter: https://twitter.com/godwinamila >>> <http://wso2.com/signature> >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> *Dinali Rosemin Dabarera* >> Software Engineer >> WSO2 Lanka (pvt) Ltd. >> Web: http://wso2.com/ >> Email : gdrdabar...@gmail.com >> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >> Mobile: +94770198933 <+94%2077%20019%208933> >> >> >> >> >> <https://lk.linkedin.com/in/dinalidabarera> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > > -- > Denuwanthi De Silva > Senior Software Engineer; > WSO2 Inc.; http://wso2.com, > Email: denuwan...@wso2.com > Blog: https://denuwanthi.wordpress.com/ > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
