Hi,
Changing the password of a Devportal user via the Devportal is possible in
APIM 2.x.x through "My Account" page in the Store Jaggery app. This feature
is not ported into the new 3.x.x Devportal yet. So this effort is to add
this feature into the Devportal with the release of 3.2.0. This mail thread
is initiated to track the progress of this task and I will also include the
decisions made regards to this at the initial Design review, held yesterday.
*Implementation in 2.6.0*
Below is how this is doable in 2.6.0 within the "My Account" page. (Click
on logged in User Name Icon > Select "My Account")
Since this was a Jaggery app, the feature implementation had been done
using APIStoreHostObject and there was no REST API involved (or separately
defined for this functionality).
*Proposed Implementation in 3.2.0*
It was decided to add this in 3.2.0 Devportal under the existing Settings
icon. Currently clicking on this icon will bring you to "*Manage Alert
Subscriptions* page" where you can subscribe for analytics for preferred
email addresses.
[image: image.png]
So in 3.2.0 we will change this so that clicking on the Settings 'gear'
icon will drop down for two options; "Manage Alerts" and "Change Password".
So clicking on "Change Password" option will bring you to a view where you
can provide current password, new password and submit similar to the 2.6.0
UI. The UI will validate the 'password format' before submitting.
Three basic steps implemented in the APIConsumerImpl for this
changePassword operation are,
1. Validate current password
2. Check whether 'Password Change' is enabled by newly added configuration
element into api-manager.xml as below.
<EnableChangePassword>true<EnableChangePassword/>
(In the 2.6.0 implementation, the condition was to check whether
self-signup was enabled for the particular tenant. But it is not ideal to
decide the possibility to change the password based on this condition,
since there are concerns as one would need to change the password, even
when self-signup was disabled. So it was decided to use the above mentioned
approach, so that the admins can decide this directly via a config)
3. Change the password by calling UserAdmin service via UserAdminStub (a
new UserAdminClient class is implemented for this)
The basic REST API and the implementation are completed ATM and works for
super tenant users. Has to check further on the functionality for tenant
users.
TODO:
- Check further on the functionality for tenant users
- Implement the UI
Appreciate any feedback and please add if I have missed anything.
The related github issues for this effort are [1] (REST API Implementation)
and [2] (UX implementation)
[1] https://github.com/wso2/product-apim/issues/8181
[2] https://github.com/wso2/product-apim/issues/8182
Regards,
Samitha
--
*Samitha Chathuranga*
*Associate Technical Lead*, *WSO2 Inc.*
lean.enterprise.middleware
Mobile: +94715123761
[image: http://wso2.com/signature] <http://wso2.com/signature>
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
