Modify

Opened 12 years ago

Last modified 2 years ago

#10762 new enhancement

Lost password procedure should send username

Reported by: MarcR Owned by:
Priority: highest Component: AccountManagerPlugin
Severity: normal Keywords: login password reset
Cc: Trac Release:

Description

MarcR on 05.01.2013 16:20 (translation, original was in German):

Btw, it would be helpful for the password reset (means: 'lost password procedure'), if one could get the username sent - if someone has it forgotten, bad chance. The own email address is regularly known.

Attachments (0)

Change History (18)

comment:1 Changed 12 years ago by Steffen Hoffmann

Cc: Ryan J Ollos added; anonymous removed
Reporter: changed from Steffen Hoffmann to MarcR

Currently, the username - email pair is checked before triggering a password reset via AccountModule. So you ment to (optionally) relax this check and sent the username back to the registered email address instead, right?

comment:2 Changed 12 years ago by anonymous

Especially in forum solutions like UBB Threads you have 2 possibilities:

  1. reset your password (if you know your usersame and email),
  2. get your username sent to your registered email address (in case you do not remember your exact username). I would a procedure like this. It would help if you can't remember your exact user name spelling for example.

comment:3 in reply to:  2 Changed 12 years ago by marc.rawer@…

keep forgetting to change the "anonymous" to my mail address...

comment:4 Changed 11 years ago by Ryan J Ollos

Summary: Lost password procedure should sent usernameLost password procedure should send username

comment:5 in reply to:  2 Changed 10 years ago by Steffen Hoffmann

Replying to anonymous:

Especially in forum solutions like UBB Threads you have 2 possibilities:

  1. reset your password (if you know your usersame and email),

This is, what AccountModule always has been for.

  1. get your username sent to your registered email address (in case you do not remember your exact username).

Now this has been requested in #12026 as well.

comment:6 Changed 8 years ago by Ryan J Ollos

Owner: Steffen Hoffmann deleted

comment:7 Changed 5 years ago by Ryan J Ollos

Cc: Ryan J Ollos removed

comment:8 Changed 2 years ago by Jason

Requested in #14157. Forgetting the user name permanently locks out access to the account.

There should probably always be a way to recover account access if you have email access.

Upgraded severity since forgetting user name is currently a non-recoverable showstopper.

(Noting that this issue has no owner and an empty cc list; maybe a brave soul is out there somewhere.)

Last edited 2 years ago by Jason (previous) (diff)

comment:9 Changed 2 years ago by Jason

Severity: normalblocker

comment:10 Changed 2 years ago by figaro

#14157 closed a duplicate.

comment:11 Changed 2 years ago by figaro

Priority: normalhighest
Severity: blockernormal

Best to use priority instead of severity.

comment:12 in reply to:  11 Changed 2 years ago by anonymous

Replying to figaro:

Best to use priority instead of severity.

Will do. I tried to guess which would be less presumptuous. Thank you.

comment:13 Changed 2 years ago by Jason

If it's helpful, copying some discussion from newer duplicate #14157:

Jun Omae wrote:

The email field may not be unique in Trac. Therefore, "forgot password" feature currently requires username and email.

I wrote:

Could a (disable-able) "forgot usernameS" feature make sense, that sends a list of all the user names owned by that email address?

Or perhaps a "forgot username" feature that only succeeds if the email address is indeed unique?

Note that I was unable to create a new account on the aforementioned site because it said my email address was already in use; so while I am not familiar with trac's configuration, there clearly appear to be setups where the email field is required to be unique. In those setups, then, non-uniqueness would not be a barrier to username retrieval.

Where "the aforementioned site" is https://trac.ffmpeg.org/, currently running trac 1.4.2.

(PS Preceding anonymous comment on this ticket was me.)

Last edited 2 years ago by Jason (previous) (diff)

comment:14 Changed 2 years ago by figaro

The current workaround is to reset the password in the shell:

htpasswd -c /var/www/trac/passwd Jason

and follow instructions from there.

comment:15 in reply to:  14 Changed 2 years ago by Jason

Replying to figaro:

The current workaround is to reset the password in the shell:

htpasswd -c /var/www/trac/passwd Jason

and follow instructions from there.

Wouldn't that require knowing the user name?

comment:16 Changed 2 years ago by figaro

Yes, the administrator would have to work with the user, since the given workaround requires root privileges.

comment:17 in reply to:  16 Changed 2 years ago by Jason

Replying to figaro:

Yes, the administrator would have to work with the user, since the given workaround requires root privileges.

Hm, but the main issue is that the user name was forgotten (hence the desire for user name recovery), doesn't that mean the workaround isn't possible?

Note I'm not familiar with the administrative side of trac at all, so I might be missing something.

(PS Acknowledging that workarounds like this are for admins, not users; but that a user can still make use of them if they can find and contact a cooperative admin.)

comment:18 Changed 2 years ago by figaro

Correct. Users are not (yet) a first class citizen in Trac. Potentially you can find users using the tag user, as follows:

  1. provided you have the TagsPlugin installed, go to https://example.com/tags
  2. then click on user to arrive at https://example.com/wiki/user.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as new The ticket will remain with no owner.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.