Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password reset capability #208

Open
rjmartell opened this issue Feb 15, 2017 · 7 comments · May be fixed by #374
Open

Password reset capability #208

rjmartell opened this issue Feb 15, 2017 · 7 comments · May be fixed by #374
Assignees
@dstenger @lgoltz
Labels
enhancement status:to-verify
Milestone
6.1.0

Comments

@rjmartell
Copy link
Contributor

If a user forgets their login password there is currently no way to reset it (it cannot be recovered from the hash). On the login screen add an option to generate a new password. A generated password could be delivered using a variety of means:

  1. Include it in the response message (not secure, but one might argue that test results aren't very sensitive*)
  2. Send a message to the user's email address
  3. Allow a user to add an OpenPGP public key to the account, and use this to encrypt an email message containing the password

* This option would be better if login were secured using TLS (https).
@rjmartell
Copy link
Contributor Author

The usual recovery procedure is also a possibility, whereby a verification code is delivered by email or text message. Upon submitting the correct code a user can supply a new password.

@keshavnangare
Copy link
Contributor

There are two cases to reset the password:

  1. When user forgot the password and he wants to generate a new password. [ Implemented ]

  2. Change password, in this case, the user knows the password but the user wants to change/update the current password.

@dstenger
Do we require the second case?

@dstenger
Copy link
Contributor

Second case should be less complex. So, we should implement this functionality.

How is first case implemented? Don't we need a mail server to send emails to users?

@keshavnangare
Copy link
Contributor

We need the following configuration of mail server:

  1. Host
  2. Port
  3. Email id
  4. Password

Implemented first cases in the following way:

  1. Click on Forgot password? link.
  2. It will Redirect to ResetPassword page. Need to submit a registered username.

image

  1. After submitting the Username, user get the email with a verification code and link to reset the password.

Here is email template:
image

  1. Click on the reset password link from email then user is redirected to the teamenagine application page.

  2. User has to submit all the necessary information. If the verification code and username is valid then the password is successfully saved.

image

@keshavnangare keshavnangare linked a pull request Nov 28, 2018 that will close this issue
Open
@keshavnangare
Copy link
Contributor

@dstenger

I have one more suggestion, maybe we have to add one more form update user details which will help user to update the information.

This case applies to the existing user data that we have, if the user is registered in past and if he/she is not registered with the email then they are not able to reset his/her password.
Currently we don't have the way to update the registered user details. We can give only selected filed as editable for e.g. Email, Organization etc.

What do you think about this implementation?

@keshavnangare keshavnangare mentioned this issue Dec 6, 2018
Open
@dstenger dstenger assigned dstenger and lgoltz and unassigned keshavnangare Dec 12, 2018
@dstenger dstenger mentioned this issue Jan 23, 2019
Closed
@lgoltz lgoltz added this to the 5.5 milestone Apr 23, 2019
@ghobona
Copy link
Contributor

ghobona commented Jan 21, 2021

@keshav-nangare What is the status of this feature?

One of our members (@jerstlouis) was asking about it today.

@dstenger
Copy link
Contributor

A pull request has been created which has to be tested and merged (status: to verify).
So, this feature can be part of the next TEAM Engine release.

@dstenger dstenger modified the milestones: 5.5, 6.0 Feb 2, 2022
@dstenger dstenger modified the milestones: 6.0, 6.1 Feb 13, 2023
@dstenger dstenger added this to CITE Aug 1, 2024
@dstenger dstenger moved this to To verify in CITE Aug 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dstenger dstenger

@lgoltz lgoltz

Labels
enhancement status:to-verify
Projects
CITE
Status: To verify
Milestone
6.1.0
Development

Successfully merging a pull request may close this issue.

Implemented the reset password capability in teamengine. opengeospatial/teamengine
6 participants
@rjmartell @dstenger @lgoltz @bermud @keshavnangare @ghobona