Opened 12 years ago
Last modified 2 years ago
#10762 new enhancement
Lost password procedure should send username
| Reported by: | MarcR | Owned by: | |
|---|---|---|---|
| Priority: | highest | Component: | AccountManagerPlugin |
| Severity: | normal | Keywords: | login password reset |
| Cc: | Trac Release: |
Description
MarcR on 05.01.2013 16:20 (translation, original was in German):
Btw, it would be helpful for the password reset (means: 'lost password procedure'), if one could get the username sent - if someone has it forgotten, bad chance. The own email address is regularly known.
Attachments (0)
Change History (18)
comment:1 Changed 12 years ago by
| Cc: | Ryan J Ollos added; anonymous removed |
|---|---|
| Reporter: | changed from Steffen Hoffmann to MarcR |
comment:2 follow-ups: 3 5 Changed 12 years ago by
Especially in forum solutions like UBB Threads you have 2 possibilities:
- reset your password (if you know your usersame and email),
- get your username sent to your registered email address (in case you do not remember your exact username). I would a procedure like this. It would help if you can't remember your exact user name spelling for example.
comment:4 Changed 11 years ago by
| Summary: | Lost password procedure should sent username → Lost password procedure should send username |
|---|
comment:5 Changed 10 years ago by
Replying to anonymous:
Especially in forum solutions like UBB Threads you have 2 possibilities:
- reset your password (if you know your usersame and email),
This is, what AccountModule always has been for.
- get your username sent to your registered email address (in case you do not remember your exact username).
Now this has been requested in #12026 as well.
comment:6 Changed 8 years ago by
| Owner: | Steffen Hoffmann deleted |
|---|
comment:7 Changed 5 years ago by
| Cc: | Ryan J Ollos removed |
|---|
comment:8 Changed 2 years ago by
Requested in #14157. Forgetting the user name permanently locks out access to the account.
There should probably always be a way to recover account access if you have email access.
Upgraded severity since forgetting user name is currently a non-recoverable showstopper.
(Noting that this issue has no owner and an empty cc list; maybe a brave soul is out there somewhere.)
comment:9 Changed 2 years ago by
| Severity: | normal → blocker |
|---|
comment:11 follow-up: 12 Changed 2 years ago by
| Priority: | normal → highest |
|---|---|
| Severity: | blocker → normal |
Best to use priority instead of severity.
comment:12 Changed 2 years ago by
Replying to figaro:
Best to use priority instead of severity.
Will do. I tried to guess which would be less presumptuous. Thank you.
comment:13 Changed 2 years ago by
If it's helpful, copying some discussion from newer duplicate #14157:
The email field may not be unique in Trac. Therefore, "forgot password" feature currently requires username and email.
Could a (disable-able) "forgot usernameS" feature make sense, that sends a list of all the user names owned by that email address?
Or perhaps a "forgot username" feature that only succeeds if the email address is indeed unique?
Note that I was unable to create a new account on the aforementioned site because it said my email address was already in use; so while I am not familiar with trac's configuration, there clearly appear to be setups where the email field is required to be unique. In those setups, then, non-uniqueness would not be a barrier to username retrieval.
Where "the aforementioned site" is https://trac.ffmpeg.org/, currently running trac 1.4.2.
(PS Preceding anonymous comment on this ticket was me.)
comment:14 follow-up: 15 Changed 2 years ago by
The current workaround is to reset the password in the shell:
htpasswd -c /var/www/trac/passwd Jason
and follow instructions from there.
comment:15 Changed 2 years ago by
Replying to figaro:
The current workaround is to reset the password in the shell:
htpasswd -c /var/www/trac/passwd Jasonand follow instructions from there.
Wouldn't that require knowing the user name?
comment:16 follow-up: 17 Changed 2 years ago by
Yes, the administrator would have to work with the user, since the given workaround requires root privileges.
comment:17 Changed 2 years ago by
Replying to figaro:
Yes, the administrator would have to work with the user, since the given workaround requires root privileges.
Hm, but the main issue is that the user name was forgotten (hence the desire for user name recovery), doesn't that mean the workaround isn't possible?
Note I'm not familiar with the administrative side of trac at all, so I might be missing something.
(PS Acknowledging that workarounds like this are for admins, not users; but that a user can still make use of them if they can find and contact a cooperative admin.)
comment:18 Changed 2 years ago by
Correct. Users are not (yet) a first class citizen in Trac. Potentially you can find users using the tag user, as follows:
- provided you have the TagsPlugin installed, go to
https://example.com/tags - then click on
userto arrive athttps://example.com/wiki/user.
Currently, the username - email pair is checked before triggering a password reset via
AccountModule. So you ment to (optionally) relax this check and sent the username back to the registered email address instead, right?