You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (Jira)" <ji...@apache.org> on 2019/09/22 13:05:00 UTC

[jira] [Commented] (OFBIZ-11206) Edit the user login security question from party profile

    [ https://issues.apache.org/jira/browse/OFBIZ-11206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16935305#comment-16935305 ] 

Jacques Le Roux commented on OFBIZ-11206:
-----------------------------------------

Hi Nicolas,

I reviewed and tested. Things looks good to me. I just changed 2 things:
* trivial changes in labels
* prevent an user to access the security question when it's not own

I attach the patch  [^OFBIZ-11206.patch]  for that

Also  in OFBIZ-4361 I wrote:

bq. It's about UserLoginSecurityQuestion not Password Hint. BTW I wonder if Password Hint is not confusing and should not be removed? tend) where an user is created and make it mandatory?

Actually when testing I realised that the security question is just a mean to refresh your mind about your password hint. I have still to check that reading OFBIZ-4983 closer. If it's really that then the the security question alone does not help: you need to have a password hint set too. So then we need to force user to set a password hint when they set a security question. Still to be confirmed, but 90% sure.


> Edit the user login security question from party profile
> --------------------------------------------------------
>
>                 Key: OFBIZ-11206
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11206
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: party
>    Affects Versions: Trunk
>            Reporter: Nicolas Malin
>            Assignee: Nicolas Malin
>            Priority: Major
>         Attachments: OFBIZ-11206.patch, OFBIZ-11206.patch
>
>
> Currenlty we have a system  to call a password hints when you lost your password with answer to a security question linked to the userLogin.
> The problem that you can only set this security question at the user login creation and never create or edit it after.
> I add with this issue: service, form, and label to edit it on the ProfileEditUserLogin [1] page.
> [1] https://localhost:8443/partymgr/control/ProfileEditUserLogin?partyId=admin&userLoginId=admin



--
This message was sent by Atlassian Jira
(v8.3.4#803005)