17 Aug
2007
17 Aug
'07
11:32 a.m.
Good point. I was thinking more along the model point
of view,
something like:
PPaswordManager>>changePassword
self confirmUserWantsChangeElse: [ ^ self ].
passwordHash := self encrypt: (self askPassword).
The model can be displayed by the different schemes, one way would be
to use mail. Or maybe one view would do it directly in the site, not
requiring email.
Maybe we could even use the call:/answer: system to ask the password.
That would probably work whether an HTTP get happens between, or an
email conversation, no? :)
What I do and what is very easy to do is to create a secret
continuation key that does the login of the requested user. This URL
is not displayed in the browser, but sent by mail. Clicking on the
URL enables the user to login and to change its password. The
potentially dangerous link eventually expires when Seaside cleans up
the Session.
Lukas
--
Lukas Renggli
http://www.lukas-renggli.ch