[Cosmo-dev] Account activation design
Travis Vachon
travis at osafoundation.org
Tue Jan 9 16:17:19 PST 2007
On Jan 9, 2007, at 4:00 PM, Brian Moseley wrote:
> On 1/9/07, Travis Vachon <travis at osafoundation.org> wrote:
>
>> 1) Instead of including <activationId>{activationId}</activationId>
>> in the representation of unactivated users, we will include only an
>> <unactivated/> tag.
>
> will GET /user/username's response include <activated/>?
The way I was thinking about it, GET /user/username's response will
include <unactivated/> if and only if the user has not yet been
activated.
>
>> 2) The only way to get the activation id for a user will be to check
>> that user's e-mail.
>
> should we have a way for a user to claim that he never got the
> activation message (caught in spam filters, or whatever) and ask to
> have it re-sent?
This sounds like a good idea. Where these ui affordances should go is
probably a design question, correct? If so, this feels like a fairly
high priority bug for preview. Does that sound right?
>
>> 3) Therefore, in order to allow administrators to activate an account
>> manually, we will add POST /cmp/activate/{username} to the list of
>> methods available to administrative users. This will activate a user
>> and return 200 on success and a 404 if the user has already been
>> activated (indicating that the url is only valid when a user is
>> unactivated).
>
> 403 seems like a better response than 404.
Good call, looking at the response definitions again, I agree.
-Travis
> _______________________________________________
> cosmo-dev mailing list
> cosmo-dev at lists.osafoundation.org
> http://lists.osafoundation.org/mailman/listinfo/cosmo-dev
More information about the cosmo-dev
mailing list