[Cosmo-dev] Account activation design

Travis Vachon travis at osafoundation.org
Tue Jan 9 15:35:13 PST 2007 

Hi folks

When I was doing design work for account activation, POST /cmp/signup  
did not return a representation of the signed up user. This meant  
that the activationId that is part of a user representation was not  
available to anonymous clients of POST /cmp/signup. Unfortunately, a  
different portion of the account activation design necessitated  
adding the user representation to the response to POST /cmp/signup.

The end result is that the activation id for a given user is  
available in the response to POST /cmp/signup, eliminating the need  
for a user to wait for an e-mail to confirm their account. This  
completely undermines the purpose of account activation.

I'd like to propose the following changes to CMP:

1) Instead of including <activationId>{activationId}</activationId>  
in the representation of unactivated users, we will include only an  
<unactivated/> tag.
2) The only way to get the activation id for a user will be to check  
that user's e-mail.
3) Therefore, in order to allow administrators to activate an account  
manually, we will add POST /cmp/activate/{username} to the list of  
methods available to administrative users. This will activate a user  
and return 200 on success and a 404 if the user has already been  
activated (indicating that the url is only valid when a user is  
unactivated).

Thoughts?

If I don't hear back by the end of the day, I'll commit this stuff  
tomorrow morning.

Thanks,

Travis

On Nov 20, 2006, at 5:54 PM, Travis Vachon wrote:

> Hi folks
>
> I've updated
>
> http://wiki.osafoundation.org/bin/view/Journal/AccountActivationDesign
>
> with the proposed design for the rest of the bug 4041. If  
> interested folks could check it out, I've definitely appreciate  
> comments.
>
> This includes design for:
> - Additional service level changes
> - CMP changes
> - Admin UI changes
>
> Thanks!
>
> -Travis
> _______________________________________________
> cosmo-dev mailing list
> cosmo-dev at lists.osafoundation.org
> http://lists.osafoundation.org/mailman/listinfo/cosmo-dev

More information about the cosmo-dev mailing list