John Ruhiu created FINERACT-2003:
------------------------------------
Summary: Enforce change of password on first logon
Key: FINERACT-2003
URL: https://issues.apache.org/jira/browse/FINERACT-2003
Project: Apache Fineract
Issue Type: New Feature
Reporter: John Ruhiu
Fix For: 1.9.0
Add the ability to force the user to reset their password on the first logon
and when a password has been reset by admin or using forgot password feature.
If its the first time the user is login in, the system should ask them to reset
the password and send them to the password reset page where they will enter a
new password(and repeat).
The system will process the request and redirect them to the login page where
they will enter the new password to gain access.
Note: the password reset feature already exists under user/profile/change
password on the mifos UI
{*}ASSUMPTIONS{*}:
1. Email is configured in fineract (SMTP config) Admin>System>External
Services>External Services (Email Config)
That means the email is working (when a new user is created, an email with
attached sample is sent to the user).
2. Password validation already exists (Admin>Organisation>Password preference)
3. Endpoint for password change already exists
4. We are not sending deep link nor generating a link for the user to change to
change their password. We are assuming the user has received their credentials
and they know the fineract / mifos link from which they can login.
*WHAT WE NEED TO DO:*
# Add to global configuration an option to allow first login password change
# On logon detect if the global configuration for first login password change
is enabled. If True then detect whether the user is logging in for the first
time. If true force the user to change their password.
# On the screen for password change only allow them to enter new password and
repeat. Ensure the password complies with the password policies (see assumption
No.2).
# After successful change of password redirect the user to login password to
allow them login.
*OUT SCOPE:*
# Multifactor authentication.
{{}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)