Environment
Novell Filr 1.0
Novell Filr 1.0.1
Novell Filr 1.1
Novell Filr 1.2
Novell Filr 2.0
Situation
An external user is unable to log in and uses the "Forgot your password?" link provided in the Novell Filr login prompt. Somehow the "Forgotten Password Notification" email never arrives or is permanently lost.
Admin sets a new password via the Novell File Administration Console for the external user, but this does not allow the external user to log in.
Using the "Forgot your password?" link an other time spawns an error indicating that the email address is invalid.
Admin sets a new password via the Novell File Administration Console for the external user, but this does not allow the external user to log in.
Using the "Forgot your password?" link an other time spawns an error indicating that the email address is invalid.
Resolution
For Filr 1.1 and Filr 1.2 the "Forgotten Password" feature allows an external user to re-use the "Forgot your password?" link multiple times, provided the external user did not start the reset password procedure without finishing it and that the external user creation was successful and completed.
However, for Filr 1.1 and Filr 1.2 the Filr admin account can not reset the External User's password when the "Forgot your Password" sequence was started.
From Filr 2.0 onward, the Filr admin is able to reset the External User's password, even when that external user started the "Forgot your Password" sequence.
However, for Filr 1.1 and Filr 1.2 the Filr admin account can not reset the External User's password when the "Forgot your Password" sequence was started.
From Filr 2.0 onward, the Filr admin is able to reset the External User's password, even when that external user started the "Forgot your Password" sequence.
Cause
In the original design of Filr 1.0 and Filr 1.0.1 the external users was considered to be self administrative, so that the internal users of Filr could share freely without putting extraneous strain on the administrators taking care of Filr.
For security reasons it was originally only possible to request the "Forgot your password?" email once.
For security reasons it was originally only possible to request the "Forgot your password?" email once.
Additional Information
Be aware that the email address that was used to create the external user requires to be still valid too.
In case the email account (or email service) has been discontinued, the "Forgot your password?" functionality of Filr will not be usable.
Some internet services allow the usage of a temporary email address, external users created with these type of email address will not be usable for the "Forgot your password?" feature.
In case the external user is a Google (GMail) or Yahoo account, the affected user still can log in using the "Sign in using OpenID" option.
This is due to the fact that via this option, the authentication is performed via Google or Yahoo, not Novell Filr.
However, the OpenID authentication capability was removed in Filr 1.2
When a share was created for an external user, but that user never created their external account, the "Forgot your password?" feature will also trow an "invalid email address" error.
This feature only works for external users that were created successfully and that were able to login before they forgot their Filr password.
In case the email account (or email service) has been discontinued, the "Forgot your password?" functionality of Filr will not be usable.
Some internet services allow the usage of a temporary email address, external users created with these type of email address will not be usable for the "Forgot your password?" feature.
In case the external user is a Google (GMail) or Yahoo account, the affected user still can log in using the "Sign in using OpenID" option.
This is due to the fact that via this option, the authentication is performed via Google or Yahoo, not Novell Filr.
However, the OpenID authentication capability was removed in Filr 1.2
When a share was created for an external user, but that user never created their external account, the "Forgot your password?" feature will also trow an "invalid email address" error.
This feature only works for external users that were created successfully and that were able to login before they forgot their Filr password.