You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (Jira)" <ji...@apache.org> on 2019/09/22 13:05:00 UTC
[jira] [Commented] (OFBIZ-11206) Edit the user login security
question from party profile
[ https://issues.apache.org/jira/browse/OFBIZ-11206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16935305#comment-16935305 ]
Jacques Le Roux commented on OFBIZ-11206:
-----------------------------------------
Hi Nicolas,
I reviewed and tested. Things looks good to me. I just changed 2 things:
* trivial changes in labels
* prevent an user to access the security question when it's not own
I attach the patch [^OFBIZ-11206.patch] for that
Also in OFBIZ-4361 I wrote:
bq. It's about UserLoginSecurityQuestion not Password Hint. BTW I wonder if Password Hint is not confusing and should not be removed? tend) where an user is created and make it mandatory?
Actually when testing I realised that the security question is just a mean to refresh your mind about your password hint. I have still to check that reading OFBIZ-4983 closer. If it's really that then the the security question alone does not help: you need to have a password hint set too. So then we need to force user to set a password hint when they set a security question. Still to be confirmed, but 90% sure.
> Edit the user login security question from party profile
> --------------------------------------------------------
>
> Key: OFBIZ-11206
> URL: https://issues.apache.org/jira/browse/OFBIZ-11206
> Project: OFBiz
> Issue Type: Improvement
> Components: party
> Affects Versions: Trunk
> Reporter: Nicolas Malin
> Assignee: Nicolas Malin
> Priority: Major
> Attachments: OFBIZ-11206.patch, OFBIZ-11206.patch
>
>
> Currenlty we have a system to call a password hints when you lost your password with answer to a security question linked to the userLogin.
> The problem that you can only set this security question at the user login creation and never create or edit it after.
> I add with this issue: service, form, and label to edit it on the ProfileEditUserLogin [1] page.
> [1] https://localhost:8443/partymgr/control/ProfileEditUserLogin?partyId=admin&userLoginId=admin
--
This message was sent by Atlassian Jira
(v8.3.4#803005)