ACS pre-release change log


July 15, 1999 -- hqm@arsdigita.com

+ Ticket tracker - 
  
   + the ticket tracker was changed to meet HP's requests - there are some improvements
     in the UI, and the interface for "public" users is now very similar to that of ticket
     admin group members - the only difference at the moment is that public members
     cannot create new projects, nor assign users to tickets. 

     Tracy's flag (LinkTicketToUserGroupP) is being ignored right now, but I will
      be adding support back for it soon, so we might as well leave it in the param file
     for the moment. 

     I still need to add a param which controls whether access to modify ticket status
     and other fields is read-only or not for public users. Right now, public users *can*
     modify ticket status.





+ handling of passwords:

  Added a link to the 

  + EmailForgottenPassword (default true)

  If user enters bad password:
    parameter flag, EmailForgottenPasswordP, which controls whether
    the "email-password.tcl" link is enabled. It's value defaults to true
    if omitted from the .ini file.

    If EncryptPasswordsInDBP is true, then we need to generate a new 
    random password to mail back to the user.

  + EmailChangedPasswordP (default true)

  When the admin changes a user's password, this param controls whether
  the new password is emailed back to the the user. 


+ Added option to encrypt passwords in database. Controlled by setting
.ini param EncryptPasswordsInDBP to 1:

[ns/server/yourservername/acs]
EncryptPasswordsInDBP=1


Note: If you set this flag when upgrading an existing site, you must run
the tcl proc encrypt_db_passwords once and only once to encrypt
all existing user passwords in place in the database.


+ Added option to RestrictToSSL to restrict to SSL with 128 bit keys only

[ns/server/yourservername/acs]
AllowOnly128BitSSL=1

Tracy Adams (teadams@arsdigita.com) - July 17, 1999

+ Took out reference to CNN in /register/awaiting-approval.html

+ registration finite state mached - July 17, 1999

-- Added /register/banned-user.tcl to be the landing page for banned users
-- Modified the logic in /register/user-login.tcl to go the correct page depending on the user's state
-- Added ad_approval_system_inuse_p to ad-admin.tcl.  This proc returns 1 if there an approval system in use
-- Modified /register/awaiting-approval.tcl to work for the aprroved_p = "" state (approved_p = "" should be treated as approved_p = "f")
-- Added /register/banned_user.tcl


alter table users add (
   approved_date         date,
   approving_note        varchar(4000),
   deleted_date          date,
   deleting_user         integer references users(user_id),
   deleting_note         varchar(4000),
   banned_date           date,
   rejected_date         date,
   rejecting_user        integer references users(user_id),
   rejecting_note        varchar(4000),
   email_verified_date   date,
   user_state            varchar(100) check(user_state in ('need_email_verification_and_admin_approv', 'need_admin_approv', 'need_email_verification', 'rejected', 'authorized', 'banned', 'deleted')));


these columns in the user table are now are obsolete
approved_p
deleted_p
banned_p

--- added ad_generate_random_string to ad-security.tcl

--- added RegistartionProvidesRandomPasswordP to an.ini.  
--- If RegistrationProvidesRandomPasswordP = 1, the user is
--- sent a random password
--- added EmailRandomPasswordP to an.ini.  If EmailRandomPasswordP is 1,
a random password is generated when the user asks for a new password.
--- changed EVERY file in /register to use a finite state machine for registration state
--- rearranged an.ini to include registration specific things together
--- removed ad_encrypt_passwords_in_db - using a separate tcl proc for acs parames is only used for legacy (made changes throughout the encryption code to call ad_paramete instead)
-- modified ad_verify_and_get_user_id to use the registration finite state machine
-- modified users_active and users_new in /doc/sql/community-core.sql to use the finite state machine.  These views now limit to authorized users.