Feature proposal #5680
open
Improve forgot login
Description
Separate forgot login into forgot password and forgot username pages respectively. No longer require username for forgot password. In the case of generated passwords it would just email them their new password, but in the case of user supplied DO NOT DO THIS (bad security to send plaintext passwords in email!) instead send a URL that when used gives them a page to supply their new password.
Updated by krileon over 8 years ago
- Target version changed from CB 2.0.13 to CB 2.1
Updated by krileon about 8 years ago
- Priority changed from Normal to Urgent
- Target version changed from CB 2.1 to CB 2.0.14
This should function like Joomla using the reset token. We also should support the force password reset parameter and test for it on login attempt.
Updated by beat about 8 years ago
Of course agree for not reseting password before sending first mail.
But I am not hot of having 2 separate pages for username and password forgotten. That means 2 links in the login module, and thus on all pages of the site. Not great UX-wise imho.
Updated by beat almost 8 years ago
- Target version changed from CB 2.0.14 to CB 2.0.15
Updated by beat over 7 years ago
- Target version changed from CB 2.0.15 to CB 2.1
Updated by krileon over 7 years ago
- Target version changed from CB 2.1 to CB 2.2
Updated by krileon almost 6 years ago
- Target version changed from CB 2.2 to CB 2.8