Send password/activation link to new user #17398
Comments
|
Sending passwords via E-Mail is an absolutely no-go (at least if the user is not forced to change the password after the first login). But maybe the mail could contain a link like the lost password page where they can set their own password.
It makes sense as the mail including the password is very likely transported / saved unencrypted after arriving at the mailserver. The password reset page is normally encrypted and so the provider or any other institution (hopefully) can't get a hand on it. |
|
Sending a link that then shows a page to allow the user to set it's own password is a proper way to handle this "create a user" case. |
Yes, this or sending a "One-Time-Password" to the user which needs to be changed on the first login (this needs to be enforced and not optional) are the only acceptable solutions for this. |
|
What @MorrisJobke said. The one-time-password solution is just a complicated version of the easy link-to-set-own-password method. |
|
Agreeing with @MorrisJobke and @jancborchardt here. |
ghost
mentioned this issue
|
00005462 |
|
seems there is a PR with this: #18485 |
|
Subscribing. |
|
@imujjwal96 would you like to work on this ? You already have a lot of experience now with password reset and emailing 😄 (it's ok if you don't) |
|
I am kinda busy with my University exams right now. I hope you wouldn't mind if I send a PR by the weekend. |
|
There is absolutely no urgency, so up to you. Just thought you might be |
|
already implemented in some other form in 10.0.10 |
An e-mail can be sent to new users. It makes absolutely no sense that the password is not included since users can reset their passwords. This leads to rather strange user creation procedures:
https://forum.owncloud.org/viewtopic.php?f=21&t=29055#p90693 (in german)
@enoch85 already proposed this idea:
#12603 (comment)
The text was updated successfully, but these errors were encountered: