Script to generate secret keys for password reset functionality #123
Conversation
|
This is a smart and lean script ! |
|
@sebastienblanc I didn't try yet, but I guess OpenSSL also works on Windows. Either way I think we are good to make use of it for 0.10.0 and think about other environments later. Or just implement it with Java using a servlet listener, if Windows is a concern. Would be more intrusive because:
Either way I'm fine with whatever you guys think is the best //cc @matzew |
|
For now, I think, the script is good enough. Regarding Windows: I don't have a machine / an image to test, but would be needed for the future that it runs on Windows as well. @abstractj Do you mind adding instructions to the |
|
@matzew done, let me know what do you think. |
|
😍 👍 |
| @@ -195,6 +195,18 @@ curl -3 -v -b cookies.txt -c cookies.txt | |||
| https://SERVER:PORT/CONTEXT/rest/auth/login | |||
| ``` | |||
|
|
|||
| #### Password reset | |||
|
|
|||
| The Unified Push Server makes use of servlet filters from AeroGear Security responsible for intercept the HTTP requests and provide password recovery functionality. For this reason is necessary to include a file *config.properties" and provide a secret key. | |||
There was a problem hiding this comment.
The Unified Push Server makes use of servlet filters from AeroGear Security that are responsible for intercepting the HTTP requests and provide the password recovery functionality. For this reason, it is necessary to include a file *config.properties" and to provide a secret key.
There was a problem hiding this comment.
Oh it should be UnifiedPush, not "Unified Push"
On Tue, Jan 28, 2014 at 2:01 PM, Lucas Holmquist
notifications@github.comwrote:
In README.md:
@@ -195,6 +195,18 @@ curl -3 -v -b cookies.txt -c cookies.txt
https://SERVER:PORT/CONTEXT/rest/auth/login+#### Password reset + +The Unified Push Server makes use of servlet filters from AeroGear Security responsible for intercept the HTTP requests and provide password recovery functionality. For this reason is necessary to include a file *config.properties" and provide a secret key.The Unified Push Server makes use of servlet filters from AeroGear
Security that are responsible for intercepting the HTTP requests and
provide the password recovery functionality. For this reason, it is
necessary to include a file *config.properties" and to provide a secret key.Reply to this email directly or view it on GitHubhttps://github.com//pull/123/files#r9225884
.
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
|
@lholmquist @matzew fixed gentlemen |
|
Thanks for the effort. As per list discussion: Moving towards Keycloak and its user management |
Good morning guys, I was wondering about the easiest way for a newcomer to deal with it without add bloated code. This is my initial suggestion, I've tested it on OpenShift and it works like expected, my idea is to add the same script into OpenShift hooks like @fjuma did here (https://github.com/fjuma/openshift-origin-cartridge-aerogear-push/blob/master/bin/install#L22), I think this is the less intrusive option.
For OpenShift maybe we can do something like:
This script of course, could be added to the README instead of a *.sh file. Btw let's add or merge @sebastienblanc PR before we merge this one.
Wdyt?