Story #6063: ldapweb.cgi enhancements
Add email verification for new accounts
We should send a temporary link to activate an account using on a randomly-generated key for their provisional account registration.
We should also remember to clear out the entries that have not been activated after X number of hours (maybe start with 36 hours?). Would be great if this were automated. Maybe ldapweb.cgi could just clear the old ones out whenever it is activated - won't necessarily be that often, but it will take care of old entries. Not a huge risk because the entries in the tmp subtree can't do anything.
#1 Updated by ben leinfelder almost 6 years ago
- Assignee changed from Jing Tao to ben leinfelder
- Status changed from New to In Progress
This working great - only issue is that using the metacatui cfg we get an un-styled "Activation Successful!" page. This probably isn't the worst thing, but it would be nice if the response were styled.
We could use the #external view to show the activation link, but the email would have to include this (so the perl script would need to know about the metacatUI URL):
This could be implemented using an optional configuration value in the metacatui.properties that is prepended (when present) to the activation link. This is also true of the reset password link that is sent when you request a new password, but in that case, it should probably go to the http://dev2.nceas.ucsb.edu/#account/resetpass link instead of using the #external method. Although the #external method also works just fine.
#2 Updated by ben leinfelder almost 6 years ago
- translation missing: en.field_remaining_hours set to 0.0
- Status changed from In Progress to Closed
I made the activation link accessible via a configured #external url in the metacatui.properties file. This let's us send an email with a link that results in users seeing styled content - though it does require the metacatui to be deployed. But I think we mostly expect that.
In other emails, I opted to remove or generalize the link because we don;t always know what ui the account manager is being used and and might as well have them navigate to the account page if they find they need to.