[jira] [Created] (FINERACT-2003) Enforce change of password on first logon

Mon, 30 Oct 2023 01:25:05 -0700 

John Ruhiu created FINERACT-2003:
------------------------------------

             Summary: Enforce change of password on first logon
                 Key: FINERACT-2003
                 URL: https://issues.apache.org/jira/browse/FINERACT-2003
             Project: Apache Fineract
          Issue Type: New Feature
            Reporter: John Ruhiu
             Fix For: 1.9.0


Add the ability to force the user to reset their password on the first logon 
and when a password has been reset by admin or using forgot password feature. 
If its the first time the user is login in, the system should ask them to reset 
the password and send them to the password reset page where they will enter a 
new password(and repeat).

The system will process the request and redirect them to the login page where 
they will enter the new password to gain access.

Note: the password reset feature already exists under user/profile/change 
password on the mifos UI

 

{*}ASSUMPTIONS{*}:
1. Email is configured in fineract (SMTP config) Admin>System>External 
Services>External Services (Email Config)

That means the email is working (when a new user is created, an email with 
attached sample is sent to the user).
 
2. Password validation already exists (Admin>Organisation>Password preference)

3. Endpoint for password change already exists

4. We are not sending deep link nor generating a link for the user to change to 
change their password. We are assuming the user has received their credentials 
and they know the fineract / mifos link from which they can login.

 

*WHAT WE NEED TO DO:*
 # Add to global configuration an option to allow first login password change

 # On logon detect if the global configuration for first login password change 
is enabled. If True then detect whether the user is logging in for the first 
time. If true force the user to change their password.

 # On the screen for password change only allow them to enter new password and 
repeat. Ensure the password complies with the password policies (see assumption 
No.2).

 # After successful change of password redirect the user to login password to 
allow them login.

*OUT SCOPE:*
 # Multifactor authentication.

{{}}

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to