347066 – [client][user] "Forgot password" or password reset for users

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 347066 - [client][user] "Forgot password" or password reset for users

Summary: [client][user] "Forgot password" or password reset for users

Status:	RESOLVED FIXED

Alias:	None

Product:	Orion
Classification:	ECD
Component:	Client (show other bugs)
Version:	0.2
Hardware:	PC Linux

Importance:	P3 enhancement (vote)
Target Milestone:	0.4 M2
Assignee:	Malgorzata Janczarska
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:	349593 350573 357787
Blocks:	368623
	Show dependency tree

Reported:	2011-05-24 15:28 EDT by Denis Roy
Modified:	2012-01-16 03:29 EST (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Denis Roy

2011-05-24 15:28:30 EDT

It would be great if users who forget their password could have some mechanism of resetting it.

Comment 1 Szymon Brandys

2011-06-16 04:09:41 EDT

Gosia, please take a look at it while you are polishing the user management page.

Comment 2 Szymon Brandys

2011-06-17 12:29:45 EDT

I think it is a bit too late for adding it for 0.2. I'm moving it to 0.3.

Comment 3 Malgorzata Janczarska

2011-06-29 08:56:30 EDT

Done. Extra action on manage users avaliable.

Comment 4 John Arthorne

2011-06-29 08:59:46 EDT

(In reply to comment #3)
> Done. Extra action on manage users available.

How does it work?

Comment 5 Malgorzata Janczarska

2011-06-29 10:31:41 EDT

From the user perspective there's a command "change password" in users table on manage-users page. Administrator may set a new password for the user.
From server perspective I added an extra API in POST /users (see bug 350573), that matches user rights "administrator" should already have.

Comment 6 John Arthorne

2011-06-29 11:58:42 EDT

(In reply to comment #5)
> From the user perspective there's a command "change password" in users table on
> manage-users page. Administrator may set a new password for the user.
> From server perspective I added an extra API in POST /users (see bug 350573),
> that matches user rights "administrator" should already have.

The end user can't even visit the manage-users page... I'm reopening this because it looks like you solved bug 350573, which is slightly different. Today the administrator can change any user's password. So, a password reset story would be:

- User sends email asking admin to change password
- Admin logs in, changes password, sends email to user
- User logs in and changes their password

However I think Denis is looking for something that doesn't require manual steps for the administrator. In his case he runs a server with 5000 users and this adds lots of overhead.  The more common process is:

- On the login dialog, there is a link to request a password reset
- This sends an email to the user with a new temporary password. (Optional: when the temporary password is used, the user is immediately prompted to enter a new password)
- User checks their email and can now log in.

I'm moving this back to the inbox because this is a fair amount of work. We need to do some planning to decide if it is something we want for 0.3.

Comment 7 Malgorzata Janczarska

2011-09-15 08:35:41 EDT

Implementing this enhancement requires some server changes (see bug 357787) and I think in this milestone is a little late for that.

Comment 8 John Arthorne

2011-09-15 09:13:27 EDT

I don't think this is important for 0.3.

Comment 9 Szymon Brandys

2011-09-17 15:52:02 EDT

(In reply to comment #8)
> I don't think this is important for 0.3.

Agree with John. We are switching to a polish stage soon and enhancements like sending emails to users and resetting passwords this way should be deferred to 0.4.

Comment 10 Malgorzata Janczarska

2012-01-10 13:31:17 EST

This is fixed. All we need to do is to configure email communication to set it up. Opened Bug 368273 for this.