I'm quite new to plone, so maybe I'm missing something obvious, but I can't find a way to change a password for users. Taking plain vanilla plone4 (4.3, but I think it is the same in 4.2), after user login, I can't find a link to change a password. If I go directly to:
http://localhost:8080/Plone/##change-password
Form to change password is there and it is working, but I can't find a link in web pages. Am I missing something obvious or an option in site setup or ZMI?
It's the third tab on the user's personal information page, the click path is: (user's name) -> preferences -> then select the third tab in the content area, they are:
Personal Information
Personal Preferences (preselected)
Password
That tab is only visible if the member succeeds at canPasswordSet, which I'd guess is comprised of having the "Set Own Password" permission and some things in the property layer (e.g., if you authenticate with a read-only LDAP, you don't get a password link).
Related
I have my site configured to login with email/password (no user name).
I have login, forgot password, and password reset pages working as expected, largely based off of this guide and a lot of poking around. I'm at a bit of a loss looking for a more comprehensive or "advanced" guide for controlling user account behavior.
Currently, a registered user can "invite" another user by simply putting in their email address. This person receives an email which brings them to the login screen, but since there is no password set yet, this person must
Click on the forgot password link
Input their email
Follow the link from the reset email and set their password.
I'm trying to work out how I would get the initial invite email to land the person on a "set password" page.
Even a link to the relevant material is greatly appreciated! I have a feeling I may just be searching for the wrong things.
I haven't done it myself, but off top of my head, as an idea (requires Iron-Router ($ meteor add iron:router)):
1) Send a link to an invited user with the query in the link that equals this user's email (q=email#address.com).
2) Use Iron Router to fetch that query (this.params.query using, perhaps, onBeforeAction method).
3) Put the query into a Session.
4) Within Template.myTemplate.helpers() create a new helper that will display the session.
5) Inside your template: <input type="text" name="user_email_from_session" value="{{helper}}">
Hopefully my approach is not too newbie, but even if so, maybe it will serve you as an anti-inspiration :)
Meteor calls "invite" emails "enrollment" emails.
1) Create a new user on the server (doesn't need a password set).
2) Call Accounts.sendEnrollmentEmail(userId) on the server.
3) User receives an email with a link to set their initial password.
Docs: http://docs.meteor.com/api/passwords.html#Accounts-sendEnrollmentEmail
I have a Drupal 7 site with single SSO via the LDAP module, which allows us to run the site as n Intranet and users that hit the site with IE will get automatically authenticated using their active directory credentials.
I have a personnel directory content type that holds a list of all of our employees and some of their stats (photo, email, phone number, etc.).
The problem I want to allow the logged in user to be able to edit the node in the personnel directory page that represents them, but because there is no relation between the logged in user and the nodes under the personnel directory content type I am not sure how to go about allowing users to edit their own entries?
The personnel directory page is automatically populated/updated via feeds (it looks at our AD, and pulls down users and updates them if it detects updates in AD meta data).
Somehow I need to tie the logged in user to the specific node, any idea how I could automate this as there are over 300+ nodes/users.
Ultimately, I'd like to have a "edit personnel bio" link that they can link, that will link based on their [current logged in user ID] it will allow them to edit the correct node in the [personnel directory] content type.
I hope this was clear enough to point me to some direction.
Thank you.
basically you want to create a user "role". Then in your permissions page (the one with 1000 checkboxes) you can add edit access to your "personnel bio" content type (or fields) for just that user role.
Then in your template you provide the user a link to the same page with /edit in the url.
Make sure the user has permissions to edit the node of that type. Upon creation of the node via feeds, create a rule (use the Rules module https://drupal.org/project/RULES) to change the creator of the node to that user's uid.
Add another field in the user's account to match their AD username to tie them together. To do this, create a module as seen at https://drupal.stackexchange.com/questions/8253/how-to-add-extra-fields-to-user-profile
I was wondering if it is possible to make it so the editors within sitecore can set it so you require a username/login to only one specific page.
www.yourwebsite.com - No password required
www.yourwebsite.com/internalstuff - password required and set within CMS by the editors.
This is explained extensively in the Security Administrator's Cookbook that is supplied by Sitecore.
This is what you need to do, in a few short steps:
Create a user group with the User Manager (on the Extranet domain, that's how it's called by default, could be different in your installation)
Add users to the group
Go to the Security Editor, select the item(s) you want to protect, and disallow Read rights for the Anonymous user (this makes it impossible for not-loggedin users to view it)
Enable Read rights on your item(s) for your new user group
Make sure to read the cookbook so you know how to use security inheritance properly. That will save you a lot of time in the future.
Actually it's possible with no coding if you have Web forms for Marketers installed. It's not an enterprise ready login with e-mail activation etc. but it works. First, you should of course set up access rights and roles as mentioned in this answer by Ruud plus you need WFFM ready with forms styled and a placeholder configured to accept forms.
Go to WFFM and create a registration form (username as single-line text field, password as password-confirmation field)
as save action add "Create User" (configure correct domain/role there) (you could also add a "User Login with Password action and log the user in directly after registration)
add the registration form to a public page
create a login form (username as single-line text field, password as password field); again map the data to the username, password and domain set up for your extranet)
add the login form to a public page
enjoy :)
Note: this requires you to have write access to the asp.net user tables (by default set up in the core database). Make sure your security requirements are compliant with that. And as already mentioned this will not give you a basic e-mail validation up on registration.
I've tried the "Protected Node" module, but that goes to the 404 instead of the password prompt page which it's supposed to give.
Also tried the "Simple Access" module, and after getting it to control access, realised that it still shows users the "edit" menu and there doesn't seem to be a way to switch it off for them.
Thanks to anyone who can help.
I have used the "Node Access" module before. But for one site I had to work on recently, I needed something that allows me to restrict access for anonymous users on a single page. Only visitors, who have received the password should have access.
Installing the Node Access module and creating a specific role seemed to be an overkill for this limited requirement, and I went with the "Protected Pages" module, which allows to set a password for a certain path. (d7 only)
Access to the admin is usually controlled via the user permissions as for limiting access to a specific page, this could be achieved with Panels.
Use NodeAccess module to restrict that page based on role.
Users with the 'grant node permissions' permission will have a grant
tab on node pages which allows them to grant access to that node by
user or role.
We have a website with a section restricted to members only. They log in and can view the website.
Some of the information is stored on another server. We want that information to ONLY be accessible to those who have logged into the main website.
What would be the best way to link the two sites, without making members log in again? Seems like there must be some way to send an encrypted username and password along with the URL in the hyperlink.
Any ideas? Thank you in advance.
Fred G.
I think you are looking for some "Single Sign On" solution.
You can add the session ID as a GET parameter to the URL (eg suffix it with ?SESSIONID=<long ID here>, then have the second site validate the session (check that it's logged in, check that the logged in user has access to the resource they're requesting) in a shared database.