Hi Fineract Devs, I hope you're all doing well.
I've opened a pull request that has been merged: https://github.com/apache/fineract/pull/4542 This PR introduces improvements around external API access and permission handling. Here’s a brief summary of the changes: - Sensitive Data Sanitization: Implemented a sanitize function to mask sensitive information in commands. - Dedicated Password Change Endpoint: Created a new API endpoint specifically for password changes, allowing this action to be handled independently from general user updates. Worth mentioning that this new API endpoint is not just a regular update, but also has a workflow that inserts new records - password history. - Added test coverage to ensure the new access controls behave as expected. Benefits of this change: - Password change now can be handled as an individual action, and in the future it can be separated from the regular user update action. - This separation lays the groundwork for the force password reset days functionality fix in the future. Because currently the users cannot change their passwords when they are forced to. - Currently the user update function still supports changing password, but in my next PR I am planning to remove this option, and I would like to change the Fineract UI accordingly. This is my first contribution to Apache Fineract, and I'm excited to be part of the community. Feedback is very welcome! Let me know if you have any questions or suggestions. Thanks in advance for your time and review. Best regards, Daniel Gyenizse
