Not sure if we will get to this feature tonight but I'll try to keep one step ahead of our sessions so we are not wondering what is next.
Password Maintenance
As a user I need to be able to reset my password if I've forgotten what it is or whenever I would like to change it.
-
Key Is Created for forgotten Password
A key needs to be created that will be sent to the user in the form of a link. -
Key and New Password Required for Reset
If key does not match we will error out. -
New Password Will Be Encrypted
We never want to see the password so the new one will be encrypted. -
Email and New Password Will Validate User
If Email and New Password match the user will be valid. -
If User is Validated Password Can Change Without Key
If the user is logged in the key is not required for password reset.
I think this is doable in one session. If not it's not a big deal.
No comments:
Post a Comment