Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Catalyst: Dev

Resetting passwords ...

 

 

Catalyst dev RSS feed   Index | Next | Previous | View Threaded


kiffin.gish at planet

Feb 9, 2010, 7:23 AM

Post #1 of 4 (1417 views)
Permalink
Resetting passwords ...

For security reasons I need to force users to reset their passwords
every so often.

The most obvious way I would think, would be to do this in Root::auto,
first checking for logged in users, otherwise sending them to the login
page, or for logged in users whose passwords have expired to the users
change password page: /settings/user_id/password_reset.

$c->go doesn't work because it'll come through the auto again resulting
in recursive calls. $c->detach won't work either because
$c->stash->{user_rs} is set on the way down through Settings::base and
calling directly gives an empty user_rs.

Any suggestions on an elegant way to solve this?

--
Kiffin Gish <kiffin.gish [at] planet>
Gouda, The Netherlands


_______________________________________________
Catalyst-dev mailing list
Catalyst-dev [at] lists
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev


bobtfish at bobtfish

Feb 9, 2010, 7:47 AM

Post #2 of 4 (1323 views)
Permalink
Re: Resetting passwords ... [In reply to]

Kiffin Gish wrote:
> Any suggestions on an elegant way to solve this?

Don't use auto.

Use chained dispatch and have /noauth, /auth and /passwordreset (not
sure if the latter one is needed) top level path parts everything is
chained off of.

Also, this should be on the users list as it's nothing to do with
developing Catalyst itself (or Catalyst components), but a question
about your app.

Cheers
t0m


_______________________________________________
Catalyst-dev mailing list
Catalyst-dev [at] lists
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev


marcus at nordaaker

Feb 13, 2010, 11:15 AM

Post #3 of 4 (1297 views)
Permalink
Re: Resetting passwords ... [In reply to]

Also, I would not recommend forcing password resets on a regular basis
for security reasons. This almost always ends up in users either using
simpler pattern passwords or writing their passwords on a note taped
to the screen, thus reducing security.

***
Marcus Ramberg
Nordaaker ltd.
+47 934 17 508
http://nordaaker.com



On Tue, Feb 9, 2010 at 4:47 PM, Tomas Doran <bobtfish [at] bobtfish> wrote:
> Kiffin Gish wrote:
>>
>> Any suggestions on an elegant way to solve this?
>
> Don't use auto.
>
> Use chained dispatch and have /noauth, /auth and /passwordreset (not sure if
> the latter one is needed) top level path parts everything is chained off of.
>
> Also, this should be on the users list as it's nothing to do with developing
> Catalyst itself (or Catalyst components), but a question about your app.
>
> Cheers
> t0m
>
>
> _______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev [at] lists
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev
>

_______________________________________________
Catalyst-dev mailing list
Catalyst-dev [at] lists
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev


kiffin.gish at planet

Feb 13, 2010, 11:38 AM

Post #4 of 4 (1300 views)
Permalink
Re: Resetting passwords ... [In reply to]

You're correct on that issue. However, I still want to be able to let
user's who forgot their passwords to have their password reset. The
temporary password is immediately emailed to them with an embedded link.
The next time they login, they will always be redirected to the change
password page until they change it.

On Sat, 2010-02-13 at 20:15 +0100, Marcus Ramberg wrote:
> Also, I would not recommend forcing password resets on a regular basis
> for security reasons. This almost always ends up in users either using
> simpler pattern passwords or writing their passwords on a note taped
> to the screen, thus reducing security.
>
> ***
> Marcus Ramberg
> Nordaaker ltd.
> +47 934 17 508
> http://nordaaker.com
>
>
>
> On Tue, Feb 9, 2010 at 4:47 PM, Tomas Doran <bobtfish [at] bobtfish> wrote:
> > Kiffin Gish wrote:
> >>
> >> Any suggestions on an elegant way to solve this?
> >
> > Don't use auto.
> >
> > Use chained dispatch and have /noauth, /auth and /passwordreset (not sure if
> > the latter one is needed) top level path parts everything is chained off of.
> >
> > Also, this should be on the users list as it's nothing to do with developing
> > Catalyst itself (or Catalyst components), but a question about your app.
> >
> > Cheers
> > t0m
> >
> >
> > _______________________________________________
> > Catalyst-dev mailing list
> > Catalyst-dev [at] lists
> > http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev
> >
>
> _______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev [at] lists
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev


--
Kiffin Gish <Kiffin.Gish [at] planet>
Gouda, The Netherlands



_______________________________________________
Catalyst-dev mailing list
Catalyst-dev [at] lists
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev

Catalyst dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.