We want to add to the “user create” the functionality to send password to the user and auto generate the password like in other web system.
Now you must put a password and that is not a good security practice.
Resume:
There is a fundamental flaw in sending password by email because it is clear text.
I think the flaw can be mitigated if it is a one-time password that is sent with an expiration date.
Also sending email will be an option only once issue3553 will be implemented because it should be transactional.
I think this should not only limited to the wizard but also to the form. The administrator should be able to reset a password in case the user forgot it.
Indeed I think we could use the session. This mean that the user/password should be checked against the real password but also against the active session.
Also I think the workflow to reset the password will be to remove the current one and just send a session by email. Then when the user login, we have a wizard to set the password if the user has no password.
We could also have on the client side a way to request to reset the password and sent it by email but in this case we should not clear the password because it could become a way to denial the user.
@ced I agree with all your comments: one-time password and the “The administrator should be able to reset a password in case the user forgot it”.
Maybe it will be useful that the user can recovery password without the administrator. Thanks
With the customizable login process, the default login process could check if there is a password set for the user and if not request the one send by email. So we don’t need to use a session but just a generated password stored in a separate table which expire quickly.