We have the problem about password that has sent in activation email. How to change it to activation link instead and force the user change the password when click it ?
4 Answer(s)
-
0
Hi,
It's sending a temporary password and you can force user to change the password. Example:
[attachment=0:16t8m8vm]Clipboard02.png[/attachment:16t8m8vm]
In this screenshot, it sets a random password, sends an activation email including this password and forcing to change in first login. So, the password here is actually a one time activation code. I think that makes what you want.
-
0
Yes, I know that. But now we got complain from pen test about password vulnerability in html file. How we can avoid this procedure ?
Can I customize activation email from one-time password to onetime activation link to reset password URL ?
-
0
Hi
I would suggest the following approach:
- generate temp password when creating the user account with should change password at next login checked
- put in mechanism to track if account has been activated. (I extended the AbpUsers table to include a new field named ActivatedOn)
- take note users may request email activation if not receiving email from login screen
- when activation link is clicked, route the user to Reset Password screen to enter a new password.
Yes, the above involved customising the Account Controlle class file.
/tommy
-
0
Thanks @tteoh,
Your approach seems to be nice :)
