Forget Password


Forgotten Password Process :


The forgotten password process works as follows:


  • Users browse to the forgotten password form. Users enter their e-mail address (or username) and submit the form.



  • The ForgotPasswordHandler does the following:


  1. Locates the user’s profile. If the servlet cannot find the user, an error message is displayed stating ‘No user information for email@address.com.”
  2. Generates a new password by calling the PasswordGenerator component.
  3. Updates the password property in the profile with the new value.
  4. Flags the profile as having a generated password.
  5. Constructs and sends the e-mail message using TemplateEmailSender.



  • Users receive an email including their login name and the new password based on the given template. A link is provided to the login form based on the given template.
  • Users either click the e-mail link or browse to the site, and then log in with the new credentials.
  • The server sets the transient passwordExpired flag in the user profile to true, thereby requiring the user to change the password immediately.


Generated passwords are not saved to the Previous N passwords list.
Note that the Forgotten Password logic replaces the password value in the user profile, so the old password is no longer valid.



Enabling the Forgotten Password Features


  • To enable and configure the forgotten password features, complete the following steps:
  • Create a form that allows the user to submit a known value, for example e-mail address.
  • Configure the SMTP server. Set the Email Handler Host to your SMTP server. The Email Handler Port is usually set to port 25.
  • Override or edit the Nucleus component /atg/userprofiling/ForgotPasswordEmailInfo and set the following properties:


# The URL of the email template jsp/jhtml page
templateURL=

# Subject field of the email
messageSubject=Forgot Password Email

# From field of the email
messageFrom^=/atg/dynamo/service/SMTPEmail.defaultFrom

# MessageContentProcessor responsible for processing the content
contentProcessor=/atg/userprofiling/email/
HtmlContentProcessor


Customize the email template.


Note: if your template JSP/JHTML page contains links to other URLs on your site, you must specify them as absolute URLs in order for the email recipients to be able to access the linked pages. Use the full <code>http://server:port/...</code> form of the URL.

An example follows:

<p>Here is your login information with a new passord.
<p>Login: <dsp:valueof bean="Profile.login"/>
<p><b>New password: <%=request.getParameter("newpassword")%></b>

No comments :

Post a Comment

Subscribe to: Posts ( Atom )