----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Saturday, 22 August, 2015 3:31:56 AM
Subject: [keycloak-dev] refactored admin reset email and required actions
Admin console can send a reset password email to the user. Originally
it just executed update password. I changed this so that it sets an
Update Password required action on the User. The email link click runs
all required actions set for the user, then displays a message that the
Account has been updated.
The admin console could do either - set a password (and choose if it was temporary or not)
as well as send a reset password link
When I get back, I'm also going to change the admin console behavior and
look too. Instead of a "Reset Password Email" button on Credentials
tab, there will be a button next to the Required Actions selection box
on user detail, something like "Email Required Actions" (I need a
better name). Clicking on this button will send an email to user
This isn't the correct approach IMO. What we used to have was the ability for an admin
to send an email to a user to allow the user to recover the password. It wasn't a
required action, just something the user could do if they needed to. I think how it worked
before was much clearer to end users, also credentials tab is the correct place for
"recovering password".
"Your adminstrator has requested that you update and/or reset some of
your account settings. Please click the link below to perform these
actions."
We do it this way because there may be multiple credentials the admin
wants the user to reset. These credentials may be custom authenticators.
Also I refactored the CONFIG_TOTP, UPDATE_PROFILE, and UPDATE_PASSWORD
required actions. They are now fully encapsulated under the required
actions SPI and are not hardcoded with any special cases. I still need
to refactor verify email. Ran out of time.
Finally, I need to add a check to user-initiated Reset Credentials. I
haven't put back in the cookie check to make sure not to log in the user
if its not the same browser.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev