| The Recovery Dashboard Widget (RecoveryWidget) is a Registry Dashboard plugin that enables self service account recovery tools. |
This is a non-core plugin, see Installing and Enabling Registry Plugins for more information.
Because many of the recovery tools are designed to help a user regain access to services, the Dashboard to which they are attached should probably be configured with a Visibility of Unauthenticated Users.
Confirmation Resend Mode allows an Enrollee to request the resend of a confirmation email sent as part of an Enrollment Flow. It is enabled by ticking Enable Confirmation Resend in the Widget configuration.
The Enrollee is asked to provide an Email Address or the authenticated Identifier associated with their Petition record. Unlike the other modes, Confirmation Resend allows entry of an unverified Email Address because in general the confirmations are to verify an unverified Email Address. The authenticated Identifier, if provided, must be the exact string stored in the Petition's authenticated identifier field.
If a matching Email Address or Identifier is found, any pending confirmations on any matching Petitions will be resent. Confirmations are sent to the same address originally emailed as part of the Enrollment Flow. It is not currently possible to change the destination address.
Confirmation Resend only applies to enrollments started via an Enrollment Flow. It does not apply to Default Registry Enrollment. |
Identifier Lookup Mode allows a user to request an email containing an Identifier, such as their login username.
To enable this mode, first define a Message Template. The Message Template should have a Message Context of either Authenticator or Plugin. The desired Identifier can be incorporated into the outgoing message using the (@IDENTIFIER:x) Message Substitution. (Multiple Identifiers can be incorporated using this technique.)
Select the Message Template in the Widget's Message Template for Identifier Lookup configuration.
The user is asked to provide a verified Email Address or any Identifier associated with their CO Person record. If a matching Email Address or Identifier is found, a message (using the Message Template) will be sent to all verified Email Addresses associated with the CO Person. The CO Person record must be in either Active or Grace Period status.
Identifier messages will only be sent to CO People in Active or Grace Period status. |
Authenticator Reset Mode allows a user to reset an Authenticator without logging in to Registry.
To enable this mode, first define a Message Template. The Message Template should have a Message Context of either Authenticator or Plugin. The Message Template should include the Message Substitution (@RESET_URL), which will contain the link the recipient should click in order to continue the Authenticator reset process. Identifiers may also be used, as described in Identifier Lookup Mode, above.
In the Dashboard Widget configuration, there are several options to set:
When Authenticator Reset Mode is enabled, two links are generated in the dashboard widget: The first is the link into the Authenticator Reset process, the second is a direct link to the Authenticator management (in case the user still has control of the Authenticator.) Upon clicking the first link, the user is asked to provide a verified Email Address or any Identifier associated with their CO Person record. If a matching Email Address or Identifier is found, a message (using the Message Template) will be sent to all verified Email Addresses associated with the CO Person. The CO Person record must be in either Active or Grace Period status.
If Authenticator Reset Mode is subsequently disabled, any pending reset requests will remain active for the duration of their token validity. The only way to bulk invalidate such tokens is to delete them from the database table ( |
Locked Authenticators cannot be reset. Similarly, Authenticators cannot be reset for CO People not in Active or Grace Period status. |