changeset 5956:64f514bff31e

improve the resetpw templates, add one for a wiki page
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sun, 10 Mar 2013 21:17:21 +0100
parents 21a89a0b74d6
children 848ed9299ad8
files docs/resetpw/README docs/resetpw/mailtemplate.txt docs/resetpw/wikitemplate.txt
diffstat 3 files changed, 82 insertions(+), 12 deletions(-) [+]
line wrap: on
line diff
--- a/docs/resetpw/README	Sun Mar 10 17:34:13 2013 +0100
+++ b/docs/resetpw/README	Sun Mar 10 21:17:21 2013 +0100
@@ -14,7 +14,7 @@
 Optionally, you can also remind your users that having a valid E-Mail address
 in their user settings is essential for getting a password recovery E-Mail.
 If a active user does somehow not get such a mail, you likely will have to
-manually define a password for that user.
+manually define a valid E-Mail address (or even password) for that user.
 
 If you had a security breach on your wiki (password hashes stolen) or you want
 to make sure all password hashes use strong algorithms (which is strongly
@@ -29,6 +29,8 @@
 The contents must be utf-8 (or ascii, which is a subset of utf-8).
 In case of doubt, just use plain English.
 
+Some places you likely should edit are marked with XXX.
+
 Never ever change the AMOUNT or ORDER of the %s placeholders in the template.
 They will get replaced by MoinMoin with specific values in a specific order.
 We know this can be done better in Python, but this restriction is for
@@ -40,9 +42,7 @@
 That said, feel free to change or add any other text.
 
 It is a very good idea to give some URL (e.g. of a web or wiki page) in
-the text where users can read more information about why you reset the
-password(s), who exactly resetted the password(s) and who (E-Mail) to contact
-if there are any questions or issues.
+the text where users can read more information.
 
 Of course the information at that URL should be readable without requiring
 a wiki login (you just have invalidated his/her password!), so the user can
@@ -53,6 +53,14 @@
 that E-Mail delivery to some users might fail for misc. reasons, so having
 some information on the web/wiki is usually better.
 
+We have added a wikitemplate.txt you can use to create such a wiki page.
+
+Editing wikitemplate.txt
+========================
+Just copy & paste it to some public page in your wiki, e.g. "PasswordReset".
+
+Some places you likely should edit are marked with XXX.
+
 Doing the password reset
 ========================
 
--- a/docs/resetpw/mailtemplate.txt	Sun Mar 10 17:34:13 2013 +0100
+++ b/docs/resetpw/mailtemplate.txt	Sun Mar 10 21:17:21 2013 +0100
@@ -1,15 +1,13 @@
 The wiki administrator has invalidated your wiki password and requested
-to send this E-Mail to you, so you can set a wiki password.
-
-Reason for the password invalidation:
+to send this E-Mail to you, so you can set a new one.
 
-...
+Important information about this (including troubleshooting information and
+wiki administrator contact information) is available there, please read it:
 
-Please go to the password reset URL below and set a password.
+(XXX give URL here XXX)
 
-Alternatively, you can go to the password recovery page and manually
-(use copy&paste) enter the recovery token, your login name and the
-password.
+
+Now, please go to the password reset URL below and set a password.
 
 Login Name: %s
 
@@ -17,3 +15,8 @@
 
 Password reset URL: %s?action=recoverpass&name=%s&token=%s
 
+
+Alternatively, you can go to the password recovery page of the wiki and
+manually (use copy&paste) enter the recovery token, your login name and
+the new password.
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/docs/resetpw/wikitemplate.txt	Sun Mar 10 21:17:21 2013 +0100
@@ -0,0 +1,59 @@
+Note: some stuff that needs editing is marked with XXX.
+
+= (XXX give date) YYYY-MM-DD Password Reset =
+
+The wiki administrator has invalidated the passwords for all user accounts on this wiki.
+
+You need to do a password recovery to set a ''new and changed'' password for your account.
+
+== Reason(s) for the password invalidation ==
+
+ * (XXX give reason)
+ * (XXX give reason)
+
+== What you need to do ==
+=== Read important information ===
+Please visit these URLs for more information:
+ * http://moinmo.in/HowToHandleSecurityBreach ('''generic advice, MUST READ!''')
+ * http://moinmo.in/SecurityFixes/CVE-YYYY-NNNN (about the specific incident, if you want more information) (XXX fix url)
+
+=== Enter a new password ===
+You should have received an E-Mail (including a link to reset your password). Just read and follow it.
+
+==== Invalid token? ====
+The token has a limited lifetime.
+
+If it says "Token is invalid", you just need to get a new password recovery token, see below.
+
+==== You didn't get the E-Mail? ====
+If you didn't see that E-Mail yet, please check your spam folder (or other folders where mails from the wiki could be).
+
+If you can't find the E-Mail we sent to you, you can alternatively just use the normal password recovery function of the wiki, see below.
+
+==== Getting a new password recovery token ====
+ * go to the login page
+ * click the "Forgot your password?" link
+ * now:
+  * ''either'' enter your wiki username (recommended, if you still remember it or you can find out easily)
+  * ''or'' your E-Mail address (same as in your wiki user profile - you might need multiple tries if you are not sure about this)
+ * check your E-Mail, you should have one now with a password recovery link
+ * click on the link, define a new password
+
+==== Need help? ====
+If that didn't work, you will need help by a wiki administrator, please contact:
+
+(XXX give name and E-Mail address of wiki administrator here XXX)
+
+In your E-Mail, please give:
+ * the wiki address (URL)
+ * your wiki user name
+ * the E-Mail address that you used in your wiki userprofile
+ * if that E-Mail address is not working any more, please tell so
+
+== Questions? ==
+If you have any questions that are not answered by reading this page or the pages linked from here, ask the wiki administrator.
+
+E-Mails asking questions that ''are'' answered on these pages will be ignored.
+
+Instead of answering individually via E-Mail, frequently asked questions might might also get answered on this page or the pages linked from here.
+