Uploaded image for project: 'Apache Fineract'
  1. Apache Fineract
  2. FINERACT-2003

Enforce change of password on first logon

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • 1.10.0
    • None
    • None

    Description

      Add the ability to force the user to reset their password on the first logon and when a password has been reset by admin or using forgot password feature. If its the first time the user is login in, the system should ask them to reset the password and send them to the password reset page where they will enter a new password(and repeat).

      The system will process the request and redirect them to the login page where they will enter the new password to gain access.

      Note: the password reset feature already exists under user/profile/change password on the mifos UI

       

      ASSUMPTIONS:
      1. Email is configured in fineract (SMTP config) Admin>System>External Services>External Services (Email Config)

      That means the email is working (when a new user is created, an email with attached sample is sent to the user).
       
      2. Password validation already exists (Admin>Organisation>Password preference)

      3. Endpoint for password change already exists

      4. We are not sending deep link nor generating a link for the user to change to change their password. We are assuming the user has received their credentials and they know the fineract / mifos link from which they can login.

       

      WHAT WE NEED TO DO:

      1. Add to global configuration an option to allow first login password change
      1. On logon detect if the global configuration for first login password change is enabled. If True then detect whether the user is logging in for the first time. If true force the user to change their password.
      1. On the screen for password change only allow them to enter new password and repeat. Ensure the password complies with the password policies (see assumption No.2).
      1. After successful change of password redirect the user to login password to allow them login.

      OUT SCOPE:

      1. Multifactor authentication.

      {{}}

       

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            ruhiu John Ruhiu

            Dates

              Created:
              Updated:

              Slack

                Issue deployment