Reset password process is very rudimentary
32 views
Skip to first unread message
Yuri Vic
Jan 1, 2014, 3:22:58 AM1/1/14
to trac-...@googlegroups.com
I am following up on the ticket I filed recently: http://trac.edgewall.org/ticket/11422
Here is the original issue:
I am trying to reset password on https://trac.torproject.org/projects/tor Firstly, there is no 'Reset Password' link anywhere there. Secondly, after I googled for this I found that URL might be like this: <...>/projects/tor/reset_password. But it asks me for both username and password, and I know both, and it still says it is a mismatch: "The email and username must match a known account." So I am left at the dead end: trac doesn't suggest to e-mail a link to the address associated with the account.
Trac should offer the 'Reset password' link. And also be able to e-mail the reset link to the address associated with an account.
I hit "forgot password" issue with many other sites, and so far Trac is one of the most difficult cases due to those issues.
Additional details are in comments to this ticket.
RjOllos
Jan 2, 2014, 1:43:31 AM1/2/14
to trac-...@googlegroups.com
From the comments in #11422, I think we are experiencing a similar issue on trac-hacks.org. On t-h.o we use HTTP auth, and it sounds like it is a known issue that the reset password link is not available for HTTP auth.
Steffen's comment on #11422 was:
> Adding it to the metanav navigation next to "Register" would be cluttering it up quite a bit IMHO.
For t-h.o, I'd be fine with having the link on the metanav. It seems to be the most predicable place for it. If there is a better place for it, sure let's go for that, but otherwise it really comes down to - if we don't put it somewhere, we should at least put it in the metanav because it is as good as disabled for HTTP auth users right now, and if someone doesn't want it in the metanav then they can just disable the reset password functionality.
The other place I might consider placing a link is in the contextual nav on the /register page. That page is linked from the metanav, and particularly if the link was renamed to "Account", it might make sense to have the password reset functionality together with the Registration form.
Steffen Hoffmann
Jan 2, 2014, 3:57:31 AM1/2/14
to trac-...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02.01.2014 07:43, RjOllos wrote:
> From the comments in #11422, I think we are experiencing a similar issue
> on trac-hacks.org. On t-h.o we use HTTP auth, and it sounds like it is a
> known issue that the reset password link is not available for HTTP auth.
Yes, indeed.
> Steffen's comment on #11422 was:
>> Adding it to the metanav navigation next to "Register" would be
>> cluttering it up quite a bit IMHO.
>
> For t-h.o, I'd be fine with having the link on the metanav. It seems to
> be the most predicable place for it. If there is a better place for it,
> sure let's go for that, but otherwise it really comes down to - if we
> don't put it somewhere, we should at least put it in the metanav because
> it is as good as disabled for HTTP auth users right now, and if someone
> doesn't want it in the metanav then they can just disable the reset
> password functionality.
>
> The other place I might consider placing a link is in the contextual nav
> on the /register page. That page is linked from the metanav, and
> particularly if the link was renamed to "Account", it might make sense
> to have the password reset functionality together with the Registration
> form.
Glad you mention this, because I was thinking towards the registration
form as well. It might be easy even as additional part, even before the
registration form, with a wording like follows:
You've already registered before, but lost access to your account?
Please request a new password (<-- link to reset_password form) or
contact site admins for assistance.
Btw, did you suggest before to change the link label from "Register" to
"Account"? Something like this would be sensible to guide even
registered users there. Just thinking aloud.
Steffen Hoffmann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/
iEYEARECAAYFAlLFKfcACgkQ31DJeiZFuHf8igCgkPWg+qiYA82VvVs1bF5H9v8Q
vtUAniEJ962+1pONoKXCCL+B0jI/rQPs
=0Xpv
-----END PGP SIGNATURE-----
Hash: SHA1
On 02.01.2014 07:43, RjOllos wrote:
> From the comments in #11422, I think we are experiencing a similar issue
> on trac-hacks.org. On t-h.o we use HTTP auth, and it sounds like it is a
> known issue that the reset password link is not available for HTTP auth.
> Steffen's comment on #11422 was:
>> Adding it to the metanav navigation next to "Register" would be
>> cluttering it up quite a bit IMHO.
>
> For t-h.o, I'd be fine with having the link on the metanav. It seems to
> be the most predicable place for it. If there is a better place for it,
> sure let's go for that, but otherwise it really comes down to - if we
> don't put it somewhere, we should at least put it in the metanav because
> it is as good as disabled for HTTP auth users right now, and if someone
> doesn't want it in the metanav then they can just disable the reset
> password functionality.
>
> The other place I might consider placing a link is in the contextual nav
> on the /register page. That page is linked from the metanav, and
> particularly if the link was renamed to "Account", it might make sense
> to have the password reset functionality together with the Registration
> form.
form as well. It might be easy even as additional part, even before the
registration form, with a wording like follows:
You've already registered before, but lost access to your account?
Please request a new password (<-- link to reset_password form) or
contact site admins for assistance.
Btw, did you suggest before to change the link label from "Register" to
"Account"? Something like this would be sensible to guide even
registered users there. Just thinking aloud.
Steffen Hoffmann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/
iEYEARECAAYFAlLFKfcACgkQ31DJeiZFuHf8igCgkPWg+qiYA82VvVs1bF5H9v8Q
vtUAniEJ962+1pONoKXCCL+B0jI/rQPs
=0Xpv
-----END PGP SIGNATURE-----
RjOllos
Jan 2, 2014, 12:18:24 PM1/2/14
to trac-...@googlegroups.com
Off-hand I don't recall discussing it before, but I'm liking the change the more after your comments.
Reply all
Reply to author
Forward
0 new messages