Update Profile

Overview

The profile update capability will allow the system to store some information about the user in the user store. This will help administrator's and others to know some basic information about the user. This will mostly be helpful when handling helpdesk calls.

Profile Data

The following information will be stored about each external user:
  • Userid - This is the user's email address (a valid email address string)
  • First Name - The user's first name (Any character string)
  • Last Name - The user's last name (any character string)
  • Company - The company for which the user works (a character string)
  • Phone Number - The user's phone number (a character string)
  • Password - The user's password
  • Password Reset Question - A question that the user must answer to reset his/her password
  • Password Reset Answer - The answer to the question above

Data Validations

The following validations should always be performed whenever any profile data is being entered or updated:
  • Userid
    • Ensure the userid is a valid email address
    • Mandatory
  • First Name
    • Must contain at least 1 character (required field)
  • Last Name
    • Must contain at least 1 character (required field)
  • Company
    • None (Optional field)
  • Phone Number
    • None (Optional field)
  • Password
    • Must meet password policy on ADAM
    • Required
  • Password Reset Question
    • Must not include password
    • Must not include the password reset answer
    • Required field
  • Password Reset Answer
    • Must not include the password
    • Required field

Initial Profile Setup

The initial profile setup occurs when the user first logs in. After the user has authenticated with his temporary password on first login, he should be presented with a screen that allows him to provide his profile information. The screen should ask the user for all the information above if he has never logged in before. If he has logged in before but not set the required fields, he should also be shown this page.

The page should display the fields above (except userid) in this order, with an indication which fields are mandatory. The new password must be entered twice and the two versions must match. There will only be an "Okay" button at the bottom of this page; there will not be a "Cancel" button.

When the user enters all the information and clicks Okay, all fields will be validated as described above. The passwords will also be compared. If there are any problems, they should be pointed out to the user, preferably in a message under the text box. Any input already made should be prerserved (with the possible exception of the temporary password).

If all data is entered correctly, the system will update the user store with the new information. Note that no data will be updated until the temporary password is validated against the user store. If it validates properly, the rest of the changes will be made. First, the password change itself will be attempted. If it does not succeed, a message to that effect will be displayed, preferably with the reason noted. If it can be updated, all other changes will be made. If any errors occur, an error message will display at the bottom of the screen and the user will be allowed to continue past this page to the actual site being accessed. If the password does not validate, the user will be notified in a message at the bottom of the page. All entries that can be preserved will be.

It may be possible that the user could have set his permanent password and is password reset question and answer, but not have added all required fields in the profile. If this is the case, the initial profile update page should be displayed after the user logs in but before he is directed to the site he was attempting to access.

View/Update My Profile (Self Service)

The update my profile should be accessible from the Welcome <username> menu at the top of the page. The new menu item should be called "Update My Account Information". It should take the user to a page that looks similar to the initial profile entry page described above, provided that the user is an external user. If the user attempting to access this page is not an external user, the page should display a message stating that "You are not an external user and therefore cannot update your Account Information here". (Optionally, the site could automatically send them to _layouts/userdisp.aspx.)

This page should show all profile information in the order above. The userid should be not be modifiable. All other fields (except password and password reset answer) should have their values displayed as stored in the user store. The password field should be empty and the password reset answer should be masked. The new password fields (2 of them), should also be displayed. There should also be an "Update" button and a "Cancel" button. The page should look like this:

Update your Account Information

Account Name:      joeblow@blow.joe.co.uk
First Name:        [Joe__________]
Last Name:         [Blow_________]
Company:           [Trey Research_]
Phone Number:      [+1-234-567-8901_]

If you want to change your password or your password reset question or answer, you must provide your current password:

Current Password:  [_________]
New Password:      [_________]
Repeat Password:   [_________]

Forgotten Password Question: [What is your mother's mother's maiden name?_______]
Forgotten Password Answer:   [***************___________________________________]

[Okay]  [Cancel]


If the user presses the "Cancel" button at any time, the user will be sent back to the home page for the sub site the user was on.

The user should be allowed to make changes to any field on the page. If the changes any information in the new password, repeat password, password question, or password answer field, he must enter his current password as well. If the password is not entered and the user presses "Okay", he should receive a message stating that he must provide a password.

After the user has entered information in this form and presses "Okay", the following should happen. If no information that requires the current password to be entered, the entered data should be immediately stored in that user's profile in the user store, then message should be displayed stating that the changes were saved.

If is attempting to change secure data (data that requires the password to be entered), the system must check that the password matches the one in the user store. If it matches, the system should attempt to update the password first. If the password can't be updated (for example, it does not meet the password requirements), an error message to this effect should be displayed and nothing should be updated. On the other hand, if the password can be updated, all other changes should also be made to the profile. A success message should be displayed.

View/Update a User's Profile (Administrator)

See User Manager

Last edited Jan 15, 2008 at 11:04 PM by billcan, version 5

Comments

No comments yet.