Project

General

Profile

feature request #7275

[DISCUSS] Require email address for Users

Added by Andreas Kohlbecker over 1 year ago. Updated 15 days ago.

Status:
Feedback
Priority:
New
Category:
cdmlib
Target version:
Start date:
02/16/2018
Due date:
% Done:

0%

Severity:
major
Tags:

Description

Providing a valid email address in user entities should be required.

Without email address password recovery is not possible: #6161
In the context of password recovery it seems also a requirement to make the email address unique in the UserAccount table.
In order to recover a password the user can usually either supply the login or email address. #7276


Related issues

Related to Edit - feature request #6161: Service and webservice to recover forgotten passwords New 10/25/2016
Related to Edit - feature request #6327: Providing the admin email for each server instance somehow New 01/12/2017
Copied to Edit - feature request #7276: Make User.email a unique field. Feedback 02/19/2018

History

#1 Updated by Andreas Kohlbecker over 1 year ago

#2 Updated by Andreas Kohlbecker over 1 year ago

#4 Updated by Andreas Kohlbecker over 1 year ago

  • Description updated (diff)

#5 Updated by Andreas Müller about 1 year ago

  • Subject changed from require email address for Users to [DISCUSS] Require email address for Users
  • Target version changed from Release 5.1 to CDM UML 5.0

As password recovery is not necessarily a feature needed for all CDM instances the necessity of obligatory email needs to be discussed.
Disadvantage is that sometimes a valid email is not yet known at times when a user account is created.

Maybe we could require it only for user creation via browser (vaadin) and implement validation via user interface.

#6 Updated by Andreas Müller about 1 year ago

#7 Updated by Andreas Müller about 1 year ago

  • Description updated (diff)

#8 Updated by Andreas Kohlbecker about 1 year ago

Andreas Müller wrote:

As password recovery is not necessarily a feature needed for all CDM instances the necessity of obligatory email needs to be discussed.
Disadvantage is that sometimes a valid email is not yet known at times when a user account is created.

Maybe we could require it only for user creation via browser (vaadin) and implement validation via user interface.

Password recovery will be a functionality offered by a service class and the according web service controller. These components may only be needed for specific cdm instances and could therefore be made optional (enable via spring profile?)
On other point to take into consideration is that instances enabled password recovery will also allow self registration (sign in) of new users. In self registrations workflows usually a confirmation email is sent to the user.

Suggestion:

Self registration and password recovery will be provided by spring service beans and web service controllers which are only active in a specific spring profile (user-self-registration). The profile can be enabled per cdm instance, that is the spring profiles to be enabled must defined in a configuration file per instance. Enabling this profile will activate a bean which makes email addresses mandatory.

#9 Updated by Andreas Müller about 1 year ago

  • Assignee changed from Andreas Müller to Andreas Kohlbecker

How to procede. This is not a model change ticket anymore. Should we open a new ticket with new label and close this one or move this one simply to another milestone?

#10 Updated by Andreas Müller about 1 year ago

  • Status changed from New to Feedback

#11 Updated by Andreas Müller about 1 year ago

  • Target version changed from CDM UML 5.0 to CDM UML 5.5

#12 Updated by Andreas Müller 15 days ago

  • Target version changed from CDM UML 5.5 to CDM UML 5.8

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)