Details
-
New Feature
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
Add the ability to force the user to reset their password on the first logon and when a password has been reset by admin or using forgot password feature. If its the first time the user is login in, the system should ask them to reset the password and send them to the password reset page where they will enter a new password(and repeat).
The system will process the request and redirect them to the login page where they will enter the new password to gain access.
Note: the password reset feature already exists under user/profile/change password on the mifos UI
ASSUMPTIONS:
1. Email is configured in fineract (SMTP config) Admin>System>External Services>External Services (Email Config)
That means the email is working (when a new user is created, an email with attached sample is sent to the user).
2. Password validation already exists (Admin>Organisation>Password preference)
3. Endpoint for password change already exists
4. We are not sending deep link nor generating a link for the user to change to change their password. We are assuming the user has received their credentials and they know the fineract / mifos link from which they can login.
WHAT WE NEED TO DO:
- Add to global configuration an option to allow first login password change
- On logon detect if the global configuration for first login password change is enabled. If True then detect whether the user is logging in for the first time. If true force the user to change their password.
- On the screen for password change only allow them to enter new password and repeat. Ensure the password complies with the password policies (see assumption No.2).
- After successful change of password redirect the user to login password to allow them login.
OUT SCOPE:
- Multifactor authentication.
{{}}