Feature proposal #5680
open
Added by krileon over 8 years ago.
Updated 6 months ago.
Start date:
21 December 2015
Description
Separate forgot login into forgot password and forgot username pages respectively. No longer require username for forgot password. In the case of generated passwords it would just email them their new password, but in the case of user supplied DO NOT DO THIS (bad security to send plaintext passwords in email!) instead send a URL that when used gives them a page to supply their new password.
- Target version changed from CB 2.0.13 to CB 2.1
- Priority changed from Normal to Urgent
- Target version changed from CB 2.1 to CB 2.0.14
This should function like Joomla using the reset token. We also should support the force password reset parameter and test for it on login attempt.
Of course agree for not reseting password before sending first mail.
But I am not hot of having 2 separate pages for username and password forgotten. That means 2 links in the login module, and thus on all pages of the site. Not great UX-wise imho.
- Target version changed from CB 2.0.14 to CB 2.0.15
- Target version changed from CB 2.0.15 to CB 2.1
- Target version changed from CB 2.1 to CB 2.2
- Target version changed from CB 2.2 to CB 2.8
- Target version changed from CB 2.8 to CB 2.8.1
- Target version changed from CB 2.8.1 to CB 2.8.2
- Target version changed from CB 2.8.2 to CB 2.9.0
- Target version changed from CB 2.9.0 to CB 2.9.2
Also available in: Atom
PDF
Updated by 
Updated by