Mailing List Archive: Resetting passwords ...

Resetting passwords ...

Feb 9, 2010, 7:23 AM

Post #1 of 4 (2542 views)

For security reasons I need to force users to reset their passwords
every so often.

The most obvious way I would think, would be to do this in Root::auto,
first checking for logged in users, otherwise sending them to the login
page, or for logged in users whose passwords have expired to the users
change password page: /settings/user_id/password_reset.

$c->go doesn't work because it'll come through the auto again resulting
in recursive calls. $c->detach won't work either because
$c->stash->{user_rs} is set on the way down through Settings::base and
calling directly gives an empty user_rs.

Any suggestions on an elegant way to solve this?

--
Kiffin Gish <kiffin.gish@planet.nl>
Gouda, The Netherlands

_______________________________________________
Catalyst-dev mailing list
Catalyst-dev@lists.scsys.co.uk
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev

Re: Resetting passwords ... [ In reply to ]

bobtfish at bobtfish

Feb 9, 2010, 7:47 AM

Post #2 of 4 (2436 views)

Permalink

Kiffin Gish wrote:
> Any suggestions on an elegant way to solve this?

Don't use auto.

Use chained dispatch and have /noauth, /auth and /passwordreset (not
sure if the latter one is needed) top level path parts everything is
chained off of.

Also, this should be on the users list as it's nothing to do with
developing Catalyst itself (or Catalyst components), but a question
about your app.

Cheers
t0m

_______________________________________________
Catalyst-dev mailing list
Catalyst-dev@lists.scsys.co.uk
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev

Re: Resetting passwords ... [ In reply to ]

marcus at nordaaker

Feb 13, 2010, 11:15 AM

Post #3 of 4 (2418 views)

Permalink

Also, I would not recommend forcing password resets on a regular basis
for security reasons. This almost always ends up in users either using
simpler pattern passwords or writing their passwords on a note taped
to the screen, thus reducing security.

***
Marcus Ramberg
Nordaaker ltd.
+47 934 17 508
http://nordaaker.com

On Tue, Feb 9, 2010 at 4:47 PM, Tomas Doran <bobtfish@bobtfish.net> wrote:
> Kiffin Gish wrote:
>>
>> Any suggestions on an elegant way to solve this?
>
> Don't use auto.
>
> Use chained dispatch and have /noauth, /auth and /passwordreset (not sure if
> the latter one is needed) top level path parts everything is chained off of.
>
> Also, this should be on the users list as it's nothing to do with developing
> Catalyst itself (or Catalyst components), but a question about your app.
>
> Cheers
> t0m
>
>
> _______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev@lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev
>

_______________________________________________
Catalyst-dev mailing list
Catalyst-dev@lists.scsys.co.uk
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev

Re: Resetting passwords ... [ In reply to ]

kiffin.gish at planet

Feb 13, 2010, 11:38 AM

Post #4 of 4 (2419 views)

Permalink

You're correct on that issue. However, I still want to be able to let
user's who forgot their passwords to have their password reset. The
temporary password is immediately emailed to them with an embedded link.
The next time they login, they will always be redirected to the change
password page until they change it.

On Sat, 2010-02-13 at 20:15 +0100, Marcus Ramberg wrote:
> Also, I would not recommend forcing password resets on a regular basis
> for security reasons. This almost always ends up in users either using
> simpler pattern passwords or writing their passwords on a note taped
> to the screen, thus reducing security.
>
> ***
> Marcus Ramberg
> Nordaaker ltd.
> +47 934 17 508
> http://nordaaker.com
>
>
>
> On Tue, Feb 9, 2010 at 4:47 PM, Tomas Doran <bobtfish@bobtfish.net> wrote:
> > Kiffin Gish wrote:
> >>
> >> Any suggestions on an elegant way to solve this?
> >
> > Don't use auto.
> >
> > Use chained dispatch and have /noauth, /auth and /passwordreset (not sure if
> > the latter one is needed) top level path parts everything is chained off of.
> >
> > Also, this should be on the users list as it's nothing to do with developing
> > Catalyst itself (or Catalyst components), but a question about your app.
> >
> > Cheers
> > t0m
> >
> >
> > _______________________________________________
> > Catalyst-dev mailing list
> > Catalyst-dev@lists.scsys.co.uk
> > http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev
> >
>
> _______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev@lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev

--
Kiffin Gish <Kiffin.Gish@planet.nl>
Gouda, The Netherlands

_______________________________________________
Catalyst-dev mailing list
Catalyst-dev@lists.scsys.co.uk
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev