Email verification and password change.

[Avasam]

• 1.When a new user is created (either from an admin, wich means no password, or from the login form) it should not yet be active/verified (user can't login until verified).

  • 1.1 When a user tries to login for the first time with no existing password (created by an admin), a verification email should be sent to activate the account with a randomly generated password the user is expected to change (ex: Uf490g8F3). (No option to change verification e-mail. If it has been mistyped or there's an issue, user should contact an admin)
  • 1.2 When a new user is created using the login form, a verification email should be sent to activate the account.
    • 1.2.1 If a non verified user logs in, a message should appear telling him to verify through email. With the option to change the e-mail adress (in case of a mistake) and to resend the verification email.

• 2.User should be able to change its e-mail adress through its own profile page (adress shouldn't update until it has been verified)

• 3.User should be able to change its password (Ask for old and new password. Client-side confirmation of the new password). A new salt has to be generated as well.

• 4."J'ai oublié mon mot de passe" button-link should send an email with a temporary randomly generated link that allows to modify the password of that specific user.

  • If the mail exists but is unverified, do as 1.2.1