Bruno Busco wrote:
What about if someone wants to implement retrieving forgotten passwords through sms (short messaging service) instead of email? Are we going to add telephone number to userLogin entity? So my vote is to let forgotten password feature in applications or move the related entities to framework.One thing we need in the framework is the possibility to create a userLogin with an associated email address and have the possibility to have the password emailed if forgotten. This is actually done in public static String emailPassword(HttpServletRequest request, HttpServletResponse response) { that is located in LoginEvents.java in securityext.To get the email address, emailPassword(...) checks if the userLoginId exists, then find the related party, then find a related ContactMech with PRIMARY_MAIL purpose. To get the email body and other details, emailPassword(...) starts from a ProductStore and gets the related ProductStoreEmailSetting. So, being dependent from both party and product, emailPassword(...) service needs to be in applications/securityext and cannot be available in a framework-only distribution. Now, the emailPassword(...) sevice in the securityext is OK for the ecommerce application (that depends on party and product) but IMO is not the right implementation for the backoffice (and thus for the framework-only). I propose to do the following: 1) Put an email address in the userLogin entity. This would be used to retrieve the password.
Bilgin
