Opened 9 years ago

Last modified 6 months ago

#2543 new defect

Allow users to change account password

Reported by: scythetwirler Owned by:
Priority: Should Have Milestone: Backlog
Component: Multiplayer lobby Keywords: beta
Cc: Dunedan Patch:

Description

Users should be able to change their passwords without contacting a lobby mod.

Change History (14)

comment:1 by Stan`, 9 years ago

mod = moderator ?

comment:2 by sanderd17, 9 years ago

mod = scythetwirler, leper or Josh :D

comment:3 by historic_bruno, 9 years ago

User account management in general would be a good thing. I like the idea of having an optional email associated with the account, for password resets (it's going to be ridiculous how many people forget their password, if it's not already). Maybe it doesn't all have to be done in the game, if the server has a web interface for account management. People might want to delete their account as well.

I guess every new feature will add security concerns, but they would exist and should be solved anyway.

comment:4 by Stan`, 9 years ago

Hmm I'm wondering if we could link them with the forums this way if you have an issue with the game you can connect with your login in the forums. And what about a trac account. This would lead us to have one big database instead of three, and if we limit the inscriptions to the forums and to the game, we will have no more spammers on the trac.

in reply to:  4 comment:5 by historic_bruno, 9 years ago

Replying to stanislas69:

Hmm I'm wondering if we could link them with the forums this way if you have an issue with the game you can connect with your login in the forums. And what about a trac account. This would lead us to have one big database instead of three, and if we limit the inscriptions to the forums and to the game, we will have no more spammers on the trac.

Something similar was considered during the last website update (#1108), but as I recall, integrating the different systems was too much work for too little benefit, so that never went anywhere. There are probably more advantages to keeping the registrations separate than combining them. (Spammers on Trac can be mitigated with a captcha plugin, it's a matter of someone doing the work)

comment:6 by leper, 8 years ago

Milestone: Alpha 17Backlog

comment:7 by historic_bruno, 8 years ago

Owner: Josh removed

comment:8 by scythetwirler, 6 years ago

Keywords: essential added

comment:9 by scythetwirler, 6 years ago

Keywords: essential removed

comment:10 by scythetwirler, 6 years ago

Keywords: beta added

comment:11 by scythetwirler, 6 years ago

https://wiki.xmpp.org/web/Password_retrieval makes me kind of doubtful that there's a xmpp implementation...

comment:12 by scythetwirler, 6 years ago

Perhaps https://www.ejabberd.im/mod_register_web would work, but emailing association with accounts seems like it would require custom work: https://www.ejabberd.im/node/3612

Last edited 6 years ago by scythetwirler (previous) (diff)

comment:13 by leper, 6 years ago

https://xmpp.org/extensions/xep-0077.html#usecases-changepw

and purging accounts that haven't been used (last-login date) for some amount of time such as 6 months, or 1 year.

comment:14 by Dunedan, 6 months ago

Cc: Dunedan added

Allowing lobby users to change their password should be straight forward. As leper already mentioned, 0ad uses inband registration (XEP-0077) for account registration and that also offers password changing functionality. gloox supports that (https://camaya.net/api/gloox-1.0.24/classgloox_1_1Registration.html#a3a742df8a42c9d1fe068b7cab9c88412), so implementing it should require just some glue code and the UI for it.

Note: See TracTickets for help on using tickets.