[Koha-bugs] [Bug 8753] Add forgot password link to OPAC

Thu May 7 06:14:31 CEST 2015

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8753

--- Comment #87 from Liz Rea <liz at catalyst.net.nz> ---
Hi,

I had a chance to take a look at this today. My comments are not code-level,
they are "I applied this and had a look at the actual function" level. This is
definitely a desirable feature, please don't give up. :)

I saw several issues with this when I was testing:

1. The patch won't apply, it has easily resolved conflicts in database
structure and update database. I fixed them for my testing purposes, just
wanted you to be aware.

1a. As noted elsewhere, the feature should go into Koha turned off, instead of
turned on. We don't want surprises for our users.

2. In the bootstrap theme, we will want to have the "Forgot password" link on
the home page beneath the login, on /cgi-bin/koha/opac-user.pl, as well as in
the modal box. This can be a follow up.

3. The markup on the opac-password-recovery pages is not consistent with the
rest of the OPAC in the Bootstrap theme. This will need to be fixed.

4. On the "reset password" phase ("Password recovery form") - I don't
understand why the first field is "Surname in lower case" and the second field
is "Confirm password" - the standard behaviour for functions like this is to
have something like "Type password" and "repeat password." The function works,
but it wasn't clear to me when testing that the "surname" field was actually
supposed to be the initial go at the password. It may be a relic from the
implementation for your client, but I don't think we want it to be default Koha
behaviour for it to suggest the surname as a password. Please fix.

5. *Good thing* submitting the form, (when I realised that both fields are for
passwords) works just fine, and the password is reset, and I was able to log in
with no issue.

6. Having a mismatch in the passwords on the reset form seems to pop up a box
asking me to confirm which user I am changing the password for - this doesn't
seem right to me, please check. It doesn't seem to actually *work* but it's a
bit scary to see, as it suggests that I could possibly change the password for
a user that is not "me."

7. This functionality does not work when you have more than one borrower with
the same email address, it presents "We chould not authenticate you as the
account owner." I think we may need to use a combination of userid and email
address to authenticate users. Userid's do have to be unique, maybe use that
instead and pop an error if the user does not have a registered email address. 

8. *Good thing* the email seems to work fine. Maybe minor updates to the text
from a native English speaker are needed, but the message and the link are
fine. Any changes can come in a follow up.

I understand this is a lot of things to deal with - I think everyone in the
community wants this patch/function to be successful, so please say if you need
help or if you have any questions.

If you feel like you would rather not continue on with this development, please
say so that someone else will feel better about picking up where you left off. 

Cheers,
Liz Rea

-- 
You are receiving this mail because:
You are watching all bug changes.