feature request #7275
open[DISCUSS] Require email address for Users
0%
Description
Providing a valid email address in user entities should be required.
Without email address password recovery is not possible: #6161
In the context of password recovery it seems also a requirement to make the email address unique in the UserAccount table.
In order to recover a password the user can usually either supply the login or email address. #7276
For users not providing an email see comment 16 (#7275#note-16)
Related issues
Updated by Andreas Kohlbecker over 6 years ago
- Related to feature request #6161: Service and webservice to recover forgotten passwords added
Updated by Andreas Kohlbecker over 6 years ago
- Related to feature request #6327: Providing the admin email for each server instance somehow added
Updated by Andreas Müller over 6 years ago
- Subject changed from require email address for Users to [DISCUSS] Require email address for Users
- Target version changed from Release 5.1 to CDM UML 5.0
As password recovery is not necessarily a feature needed for all CDM instances the necessity of obligatory email needs to be discussed.
Disadvantage is that sometimes a valid email is not yet known at times when a user account is created.
Maybe we could require it only for user creation via browser (vaadin) and implement validation via user interface.
Updated by Andreas Müller over 6 years ago
- Copied to feature request #7276: Make User.email a unique field. added
Updated by Andreas Kohlbecker over 6 years ago
Andreas Müller wrote:
As password recovery is not necessarily a feature needed for all CDM instances the necessity of obligatory email needs to be discussed.
Disadvantage is that sometimes a valid email is not yet known at times when a user account is created.Maybe we could require it only for user creation via browser (vaadin) and implement validation via user interface.
Password recovery will be a functionality offered by a service class and the according web service controller. These components may only be needed for specific cdm instances and could therefore be made optional (enable via spring profile?)
An other point to take into consideration is that instances enabled password recovery will also allow self registration (sign in) of new users. In self registration workflows usually a confirmation email is sent to the user.
Suggestion:
Self registration and password recovery will be provided by spring service beans and web service controllers which are only active in a specific spring profile (user-self-registration). The profile can be enabled per cdm instance, that is the spring profiles to be enabled must be defined in a configuration file per instance. Enabling this profile will activate a bean which makes email addresses mandatory.
Updated by Andreas Müller about 6 years ago
- Assignee changed from Andreas Müller to Andreas Kohlbecker
How to procede. This is not a model change ticket anymore. Should we open a new ticket with new label and close this one or move this one simply to another milestone?
Updated by Andreas Müller about 6 years ago
- Status changed from New to Feedback
Updated by Andreas Müller about 6 years ago
- Target version changed from CDM UML 5.0 to CDM UML 5.5
Updated by Andreas Müller about 5 years ago
- Target version changed from CDM UML 5.5 to CDM UML 5.15
Updated by Andreas Müller about 4 years ago
- Target version changed from CDM UML 5.15 to CDM UML 5.45
Updated by Andreas Müller almost 3 years ago
- Copied to deleted (feature request #7276: Make User.email a unique field.)
Updated by Andreas Müller almost 3 years ago
- Blocks feature request #7276: Make User.email a unique field. added
Updated by Andreas Müller almost 3 years ago
- Description updated (diff)
- Status changed from Feedback to In Progress
- Assignee changed from Andreas Kohlbecker to Andreas Müller
- Priority changed from New to Highest
Updated by Andreas Kohlbecker over 2 years ago
i am removing the last comment as this was misplaced here. This comment is a duplicate of #7276#note-11
Updated by Andreas Kohlbecker over 2 years ago
in #7276#note-11 we decided for the strategy to adding default dummy-email addresses to replace null values.