At Ortus Solutions, we love the holidays, and we wanted to gift you a gift of developer productivity, we will share a few tips and tricks that will keep giving all year around. In this series we'll be giving you 12 ContentBox tips. Keep your eye out for other 12 tips of Christmas series on our blog, including a new one this year, 12 modules of Christmas on ForgeBox.
Day 6 - New User Invite Workflow. We have introduced a new approach to creating authors in ContentBox. You will now be presented with the new author wizard which will allow you to pre-fill author details in a secure manner.
Most security policies do not allow an administrator to set a password for a user, but should make a function to reset a password available. In this new workflow, the user is created, but the administrator doesn't create a password. A notification will be sent to the new author's email address with a password setup token so they can secure their account. This way the administrator never knows the user's password.
A randomly generated password will be created and a reset link will be generated and sent to the user. User will be forced to set the password on first sign in.
Changing passwords previously ( this is changing in 3.8.0 ) allowed an administrator to set a user's new password, which conflicted with this policy for many clients. We have updated the User Admin to no longer allow you to set a users password, but to set a user for a password reset. This flags the user so next time they login, they will be asked to change their password, as well as sending the user an email, with a token to reset their password.
Security is important to us at Ortus, and password resets are helping to make ContentBox more secure.