[ic] Email login links without plain text password
Josh Lavin
jlavin at endpoint.com
Thu Sep 15 17:46:07 UTC 2016
Quoting IC (ic at tvcables.co.uk):
>
> The email links we send out for customers to check orders and print receipts
> have their passwords in plain text which is not good, is there a way to
> provide an auto login area link without showing the plain text password.
Hi Andy,
Sounds like you have either a custom receipt or an old one. You may wish
to review the current mail receipt used by the Strap template:
https://github.com/interchange/interchange/blob/master/dist/strap/etc/mail_receipt
It only sends the "password" in the email if the user wasn't logged in;
that is, an auto-created user will get the link to check order status,
and the password is typically their phone number. You can always remove
this (line 107, etc).
--
Josh Lavin
End Point Corporation
More information about the interchange-users
mailing list