Plone password reset tool

The "password reset tool" performs 2 functions:

1. When asked by the system, it generates a password reset request. This is a combination of a long unguessable random string and a user id and a time stamp. At the time this is requested, the tool stores this information in the ZODB, keyed by the random string.

2. When a user returns to a password reset form and sets their password, the tool is called to actually do the resetting. It will fail if the random string is invalid or the user id doesn't match the random string, or if the request has expired. Upon success, the tool removes the
request created in #1 above.

As far as I can tell, Plone will call #1 above in these circumstances:

-- User self registers
-- Admin registers a user
-- Admin asks for user's password to be reset.
-- User clicks on "Forgot your password?" and then enters their user name (Note NOT their email).

All of the above cause an email to be generated with the random string in the URL.

So, the bottom line for our use with batches of users:

The batch user add tool does not call #1 to ask for a password reset. It could be modified to do this, presumably.

If no request is generated (#1), then there's no way way to simulate one after the fact (e.g. doing #2 without #1).

Code for this is here:

eggs/Products.PasswordResetTool-1.1-py2.4.egg/Products/PasswordResetTool

There are also a couple of settings in the ZMI under "portal_password_reset".

The overview page also tells you how many requests are outstanding.

The tool will automatically remove requests that are more than 10 days old.

Document Actions

Print this

Plone password reset tool

Document Actions

Personal tools