Forgot password feature in hst

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Forgot password feature in hst

Jerome Mirc
Hi,

I am trying to implement the forgot my password feature which allows a user to ask the site to generate a new password. After generated, the new password needs to replace the previous password of the hst:users.

My problem is that the sitewriter user doesn't have the right access to update it.

Could you tell me what is the permission that the user needs to have in order to be able to update the password.

Thanks.

Jérôme
Reply | Threaded
Open this post in threaded view
|

Re: Forgot password feature in hst

Jerome Mirc
Any helps!!!!!
Ard
Reply | Threaded
Open this post in threaded view
|

Re: Forgot password feature in hst

Ard
Hello Jérôme,

I do not know which domain or role to adjust for this, but I have
asked the person who knows most about this to try to find some time
slot to help you out. He is quite occupied. Hope you can wait a bit
more

Regards Ard

On Wed, Apr 25, 2012 at 3:45 PM, jmirc <[hidden email]> wrote:
> Any helps!!!!!
>
> --
> View this message in context: http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7499409.html
> Sent from the Hippo CMS 7 mailing list archive at Nabble.com.
> _______________________________________________
> Hippo-cms7-user mailing list and forums
> http://www.onehippo.org/cms7/support/forums.html



--
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
Boston - 1 Broadway, Cambridge, MA 02142

US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
www.onehippo.com
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
Reply | Threaded
Open this post in threaded view
|

Re: Forgot password feature in hst

Jerome Mirc
Hello Ard,

Thanks for your answer. At this point I put the user into the admin group so I can update the password.
I am not happy with this decision for security reasons but it works.

Regards,

Jérôme

Le 26 avril 2012 02:23, Ard [via Hippo] <[hidden email]> a écrit :
Hello Jérôme,

I do not know which domain or role to adjust for this, but I have
asked the person who knows most about this to try to find some time
slot to help you out. He is quite occupied. Hope you can wait a bit
more

Regards Ard

On Wed, Apr 25, 2012 at 3:45 PM, jmirc <[hidden email]> wrote:
> Any helps!!!!!
>
> --
> View this message in context: http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7499409.html
> Sent from the Hippo CMS 7 mailing list archive at Nabble.com.
> _______________________________________________
> Hippo-cms7-user mailing list and forums
> http://www.onehippo.org/cms7/support/forums.html



--
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
Boston - 1 Broadway, Cambridge, MA 02142

US <a href="tel:%2B1%20877%20414%204776" value="+18774144776" target="_blank">+1 877 414 4776 (toll free)
Europe <a href="tel:%2B31%280%2920%20522%204466" value="+31205224466" target="_blank">+31(0)20 522 4466
www.onehippo.com
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html



If you reply to this email, your message will be added to the discussion below:
http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7501745.html
To unsubscribe from Forgot password feature in hst, click here.
NAML

Ard
Reply | Threaded
Open this post in threaded view
|

Re: Forgot password feature in hst

Ard
On Thu, Apr 26, 2012 at 12:46 PM, jmirc <[hidden email]> wrote:
> Hello Ard,
>
> Thanks for your answer. At this point I put the user into the admin group
> so I can update the password.
> I am not happy with this decision for security reasons but it works.

I completely agree. It is possible to do this way more fine-grained,
but unfortunately, it is quite a bit away from my knowledge field.
Hope someone else more knowledgeable in this area can chime in

Regards Ard

>
> Regards,
>
> Jérôme
>
> Le 26 avril 2012 02:23, Ard [via Hippo] <
> [hidden email]> a écrit :
>
>> Hello Jérôme,
>>
>> I do not know which domain or role to adjust for this, but I have
>> asked the person who knows most about this to try to find some time
>> slot to help you out. He is quite occupied. Hope you can wait a bit
>> more
>>
>> Regards Ard
>>
>> On Wed, Apr 25, 2012 at 3:45 PM, jmirc <[hidden email]<http://user/SendEmail.jtp?type=node&node=7501745&i=0>>
>> wrote:
>> > Any helps!!!!!
>> >
>> > --
>> > View this message in context:
>> http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7499409.html
>> > Sent from the Hippo CMS 7 mailing list archive at Nabble.com.
>> > _______________________________________________
>> > Hippo-cms7-user mailing list and forums
>> > http://www.onehippo.org/cms7/support/forums.html
>>
>>
>>
>> --
>> Amsterdam - Oosteinde 11, 1017 WT Amsterdam
>> Boston - 1 Broadway, Cambridge, MA 02142
>>
>> US +1 877 414 4776 (toll free)
>> Europe +31(0)20 522 4466
>> www.onehippo.com
>> _______________________________________________
>> Hippo-cms7-user mailing list and forums
>> http://www.onehippo.org/cms7/support/forums.html
>>
>>
>> ------------------------------
>>  If you reply to this email, your message will be added to the discussion
>> below:
>>
>> http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7501745.html
>>  To unsubscribe from Forgot password feature in hst, click here<
>> .
>> NAML<
http://hippo.2275632.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>>
>
>
> --
> View this message in context: http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7502431.html
> Sent from the Hippo CMS 7 mailing list archive at Nabble.com.
> _______________________________________________
> Hippo-cms7-user mailing list and forums
> http://www.onehippo.org/cms7/support/forums.html



--
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
Boston - 1 Broadway, Cambridge, MA 02142

US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
www.onehippo.com
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
Reply | Threaded
Open this post in threaded view
|

Re: Forgot password feature in hst

b.vanderschans@onehippo.com
In reply to this post by Jerome Mirc
Hi,

You might also want to look at:

https://wiki.onehippo.com/display/CMS7/Repository+Authorization+and+Permissions
(also note the "Tips" section at bottom)

Regards,
Bart

On Thu, Apr 26, 2012 at 12:46 PM, jmirc <[hidden email]> wrote:

> Hello Ard,
>
> Thanks for your answer. At this point I put the user into the admin group
> so I can update the password.
> I am not happy with this decision for security reasons but it works.
>
> Regards,
>
> Jérôme
>
> Le 26 avril 2012 02:23, Ard [via Hippo] <
> [hidden email]> a écrit :
>
>> Hello Jérôme,
>>
>> I do not know which domain or role to adjust for this, but I have
>> asked the person who knows most about this to try to find some time
>> slot to help you out. He is quite occupied. Hope you can wait a bit
>> more
>>
>> Regards Ard
>>
>> On Wed, Apr 25, 2012 at 3:45 PM, jmirc <[hidden email]<http://user/SendEmail.jtp?type=node&node=7501745&i=0>>
>> wrote:
>> > Any helps!!!!!
>> >
>> > --
>> > View this message in context:
>> http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7499409.html
>> > Sent from the Hippo CMS 7 mailing list archive at Nabble.com.
>> > _______________________________________________
>> > Hippo-cms7-user mailing list and forums
>> > http://www.onehippo.org/cms7/support/forums.html
>>
>>
>>
>> --
>> Amsterdam - Oosteinde 11, 1017 WT Amsterdam
>> Boston - 1 Broadway, Cambridge, MA 02142
>>
>> US +1 877 414 4776 (toll free)
>> Europe +31(0)20 522 4466
>> www.onehippo.com
>> _______________________________________________
>> Hippo-cms7-user mailing list and forums
>> http://www.onehippo.org/cms7/support/forums.html
>>
>>
>> ------------------------------
>>  If you reply to this email, your message will be added to the discussion
>> below:
>>
>> http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7501745.html
>>  To unsubscribe from Forgot password feature in hst, click here<
>> .
>> NAML<
http://hippo.2275632.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>>
>
>
> --
> View this message in context: http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7502431.html
> Sent from the Hippo CMS 7 mailing list archive at Nabble.com.
> _______________________________________________
> Hippo-cms7-user mailing list and forums
> http://www.onehippo.org/cms7/support/forums.html



--
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
Boston - 1 Broadway, Cambridge, MA 02142

US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
www.onehippo.com
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
Reply | Threaded
Open this post in threaded view
|

Re: Forgot password feature in hst

Mohammad Nour
Hi Jermoe...

   Using the information sent to you by Bart, what you can do is creating another security domain which gives write access on such nodes specifically to sitewriter, this way you limit the sitewrite not to have all privileges and admin has, which impose better control over who gets what, also you limit to which nodes you want the sitewriter to gave write access to and at the sametime this solve the write access problem

On Thu, Apr 26, 2012 at 1:42 PM, Bart van der Schans <[hidden email]> wrote:
Hi,

You might also want to look at:

https://wiki.onehippo.com/display/CMS7/Repository+Authorization+and+Permissions
(also note the "Tips" section at bottom)

Regards,
Bart

On Thu, Apr 26, 2012 at 12:46 PM, jmirc <[hidden email]> wrote:
> Hello Ard,
>
> Thanks for your answer. At this point I put the user into the admin group
> so I can update the password.
> I am not happy with this decision for security reasons but it works.
>
> Regards,
>
> Jérôme
>
> Le 26 avril 2012 02:23, Ard [via Hippo] <
> [hidden email]> a écrit :
>
>> Hello Jérôme,
>>
>> I do not know which domain or role to adjust for this, but I have
>> asked the person who knows most about this to try to find some time
>> slot to help you out. He is quite occupied. Hope you can wait a bit
>> more
>>
>> Regards Ard
>>
>> On Wed, Apr 25, 2012 at 3:45 PM, jmirc <[hidden email]<http://user/SendEmail.jtp?type=node&node=7501745&i=0>>
>> wrote:
>> > Any helps!!!!!
>> >
>> > --
>> > View this message in context:
>> http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7499409.html
>> > Sent from the Hippo CMS 7 mailing list archive at Nabble.com.
>> > _______________________________________________
>> > Hippo-cms7-user mailing list and forums
>> > http://www.onehippo.org/cms7/support/forums.html
>>
>>
>>
>> --
>> Amsterdam - Oosteinde 11, 1017 WT Amsterdam
>> Boston - 1 Broadway, Cambridge, MA 02142
>>
>> US <a href="tel:%2B1%20877%20414%204776" value="+18774144776">+1 877 414 4776 (toll free)
>> Europe <a href="tel:%2B31%280%2920%20522%204466" value="+31205224466">+31(0)20 522 4466
>> www.onehippo.com
>> _______________________________________________
>> Hippo-cms7-user mailing list and forums
>> http://www.onehippo.org/cms7/support/forums.html
>>
>>
>> ------------------------------
>>  If you reply to this email, your message will be added to the discussion
>> below:
>>
>> http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7501745.html
>>  To unsubscribe from Forgot password feature in hst, click here< >> .
>> NAML<
http://hippo.2275632.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>>
>
>
> --
> View this message in context: http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7502431.html
> Sent from the Hippo CMS 7 mailing list archive at Nabble.com.
> _______________________________________________
> Hippo-cms7-user mailing list and forums
> http://www.onehippo.org/cms7/support/forums.html



--
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
Boston - 1 Broadway, Cambridge, MA 02142

US <a href="tel:%2B1%20877%20414%204776" value="+18774144776">+1 877 414 4776 (toll free)
Europe <a href="tel:%2B31%280%2920%20522%204466" value="+31205224466">+31(0)20 522 4466
www.onehippo.com
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html



--
Thanks
Mohammad Nour


_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
Reply | Threaded
Open this post in threaded view
|

Re: Forgot password feature in hst

Bert Leunis
In reply to this post by b.vanderschans@onehippo.com
If you want to take a look at a working example: check out the GoGreen demo. For adding Reviews to the cms, the sitewriters group is allowed to write documents in only specific folders (e.g. /content/documents/hippogogreen/comments). The configuration for that can be found in the console at /hippo:configuration/hippo:domains/user-generated-content.
 
With kind regards/Met vriendelijke groet,
Bert Leunis



On Thu, Apr 26, 2012 at 1:42 PM, Bart van der Schans <[hidden email]> wrote:
Hi,

You might also want to look at:

https://wiki.onehippo.com/display/CMS7/Repository+Authorization+and+Permissions
(also note the "Tips" section at bottom)

Regards,
Bart

On Thu, Apr 26, 2012 at 12:46 PM, jmirc <[hidden email]> wrote:
> Hello Ard,
>
> Thanks for your answer. At this point I put the user into the admin group
> so I can update the password.
> I am not happy with this decision for security reasons but it works.
>
> Regards,
>
> Jérôme
>
> Le 26 avril 2012 02:23, Ard [via Hippo] <
> [hidden email]> a écrit :
>
>> Hello Jérôme,
>>
>> I do not know which domain or role to adjust for this, but I have
>> asked the person who knows most about this to try to find some time
>> slot to help you out. He is quite occupied. Hope you can wait a bit
>> more
>>
>> Regards Ard
>>
>> On Wed, Apr 25, 2012 at 3:45 PM, jmirc <[hidden email]<http://user/SendEmail.jtp?type=node&node=7501745&i=0>>
>> wrote:
>> > Any helps!!!!!
>> >
>> > --
>> > View this message in context:
>> http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7499409.html
>> > Sent from the Hippo CMS 7 mailing list archive at Nabble.com.
>> > _______________________________________________
>> > Hippo-cms7-user mailing list and forums
>> > http://www.onehippo.org/cms7/support/forums.html
>>
>>
>>
>> --
>> Amsterdam - Oosteinde 11, 1017 WT Amsterdam
>> Boston - 1 Broadway, Cambridge, MA 02142
>>
>> US <a href="tel:%2B1%20877%20414%204776" value="+18774144776">+1 877 414 4776 (toll free)
>> Europe <a href="tel:%2B31%280%2920%20522%204466" value="+31205224466">+31(0)20 522 4466
>> www.onehippo.com
>> _______________________________________________
>> Hippo-cms7-user mailing list and forums
>> http://www.onehippo.org/cms7/support/forums.html
>>
>>
>> ------------------------------
>>  If you reply to this email, your message will be added to the discussion
>> below:
>>
>> http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7501745.html
>>  To unsubscribe from Forgot password feature in hst, click here< >> .
>> NAML<
http://hippo.2275632.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>>
>
>
> --
> View this message in context: http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7502431.html
> Sent from the Hippo CMS 7 mailing list archive at Nabble.com.
> _______________________________________________
> Hippo-cms7-user mailing list and forums
> http://www.onehippo.org/cms7/support/forums.html



--
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
Boston - 1 Broadway, Cambridge, MA 02142

US <a href="tel:%2B1%20877%20414%204776" value="+18774144776">+1 877 414 4776 (toll free)
Europe <a href="tel:%2B31%280%2920%20522%204466" value="+31205224466">+31(0)20 522 4466
www.onehippo.com
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html


_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
Reply | Threaded
Open this post in threaded view
|

Re: Forgot password feature in hst

Jerome Mirc
Hi Bert,

The problem is not related to the sitewriters permission but related to the permission that the sitewriter user needs to have to be able to update the password property of a hipposys:user node.
Currently, only the current user is allowed to update his password. On solution, if the password is not hashed is to create a persistable session using the credential's user.

Jérôme. 

2012/5/3 Bert Leunis [via Hippo] <[hidden email]>
If you want to take a look at a working example: check out the GoGreen demo. For adding Reviews to the cms, the sitewriters group is allowed to write documents in only specific folders (e.g. /content/documents/hippogogreen/comments). The configuration for that can be found in the console at /hippo:configuration/hippo:domains/user-generated-content.
 
With kind regards/Met vriendelijke groet,
Bert Leunis



On Thu, Apr 26, 2012 at 1:42 PM, Bart van der Schans <[hidden email]> wrote:
Hi,

You might also want to look at:

https://wiki.onehippo.com/display/CMS7/Repository+Authorization+and+Permissions
(also note the "Tips" section at bottom)

Regards,
Bart

On Thu, Apr 26, 2012 at 12:46 PM, jmirc <[hidden email]> wrote:
> Hello Ard,
>
> Thanks for your answer. At this point I put the user into the admin group
> so I can update the password.
> I am not happy with this decision for security reasons but it works.
>
> Regards,
>
> Jérôme
>
> Le 26 avril 2012 02:23, Ard [via Hippo] <
> [hidden email]> a écrit :
>
>> Hello Jérôme,
>>
>> I do not know which domain or role to adjust for this, but I have
>> asked the person who knows most about this to try to find some time
>> slot to help you out. He is quite occupied. Hope you can wait a bit
>> more
>>
>> Regards Ard
>>
>> On Wed, Apr 25, 2012 at 3:45 PM, jmirc <[hidden email]<http://user/SendEmail.jtp?type=node&node=7501745&i=0>>
>> wrote:
>> > Any helps!!!!!
>> >
>> > --
>> > View this message in context:
>> http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7499409.html
>> > Sent from the Hippo CMS 7 mailing list archive at Nabble.com.
>> > _______________________________________________
>> > Hippo-cms7-user mailing list and forums
>> > http://www.onehippo.org/cms7/support/forums.html
>>
>>
>>
>> --
>> Amsterdam - Oosteinde 11, 1017 WT Amsterdam
>> Boston - 1 Broadway, Cambridge, MA 02142
>>
>> US <a href="tel:%2B1%20877%20414%204776" value="<a href="tel:%2B18774144776" value="+18774144776" target="_blank">+18774144776"><a href="tel:%2B1%20877%20414%204776" value="+18774144776" target="_blank">+1 877 414 4776 (toll free)
>> Europe <a href="tel:%2B31%280%2920%20522%204466" value="<a href="tel:%2B31205224466" value="+31205224466" target="_blank">+31205224466"><a href="tel:%2B31%280%2920%20522%204466" value="+31205224466" target="_blank">+31(0)20 522 4466

>> www.onehippo.com
>> _______________________________________________
>> Hippo-cms7-user mailing list and forums
>> http://www.onehippo.org/cms7/support/forums.html
>>
>>
>> ------------------------------
>>  If you reply to this email, your message will be added to the discussion
>> below:
>>
>> http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7501745.html
>>  To unsubscribe from Forgot password feature in hst, click here< >> .
US <a href="tel:%2B1%20877%20414%204776" value="<a href="tel:%2B18774144776" value="+18774144776" target="_blank">+18774144776"><a href="tel:%2B1%20877%20414%204776" value="+18774144776" target="_blank">+1 877 414 4776
(toll free)
Europe <a href="tel:%2B31%280%2920%20522%204466" value="<a href="tel:%2B31205224466" value="+31205224466" target="_blank">+31205224466"><a href="tel:%2B31%280%2920%20522%204466" value="+31205224466" target="_blank">+31(0)20 522 4466

www.onehippo.com
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html


_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html


If you reply to this email, your message will be added to the discussion below:
http://hippo.2275632.n2.nabble.com/Forgot-password-feature-in-hst-tp7498089p7523293.html
To unsubscribe from Forgot password feature in hst, click here.
NAML