Hi Samitha, On Sat, Jun 13, 2020 at 2:00 PM Samitha Chathuranga <[email protected]> wrote:
> Hi, > > Changing the password of a Devportal user via the Devportal is possible in > APIM 2.x.x through "My Account" page in the Store Jaggery app. This feature > is not ported into the new 3.x.x Devportal yet. So this effort is to add > this feature into the Devportal with the release of 3.2.0. This mail thread > is initiated to track the progress of this task and I will also include the > decisions made regards to this at the initial Design review, held yesterday. > > *Implementation in 2.6.0* > > Below is how this is doable in 2.6.0 within the "My Account" page. (Click > on logged in User Name Icon > Select "My Account") > > > Since this was a Jaggery app, the feature implementation had been done > using APIStoreHostObject and there was no REST API involved (or separately > defined for this functionality). > > *Proposed Implementation in 3.2.0* > > It was decided to add this in 3.2.0 Devportal under the existing Settings > icon. Currently clicking on this icon will bring you to "*Manage Alert > Subscriptions* page" where you can subscribe for analytics for preferred > email addresses. > [image: image.png] > So in 3.2.0 we will change this so that clicking on the Settings 'gear' > icon will drop down for two options; "Manage Alerts" and "Change Password". > So clicking on "Change Password" option will bring you to a view where you > can provide current password, new password and submit similar to the 2.6.0 > UI. The UI will validate the 'password format' before submitting. > > Three basic steps implemented in the APIConsumerImpl for this > changePassword operation are, > 1. Validate current password > > 2. Check whether 'Password Change' is enabled by newly added configuration > element into api-manager.xml as below. > <EnableChangePassword>true<EnableChangePassword/> > > (In the 2.6.0 implementation, the condition was to check whether > self-signup was enabled for the particular tenant. But it is not ideal to > decide the possibility to change the password based on this condition, > since there are concerns as one would need to change the password, even > when self-signup was disabled. So it was decided to use the above mentioned > approach, so that the admins can decide this directly via a config) > > 3. Change the password by calling UserAdmin service via UserAdminStub (a > new UserAdminClient class is implemented for this) > We decided to do this via the OSGi service directly, right? Thanks, Bhathiya > > The basic REST API and the implementation are completed ATM and works for > super tenant users. Has to check further on the functionality for tenant > users. > > TODO: > > - Check further on the functionality for tenant users > - Implement the UI > > Appreciate any feedback and please add if I have missed anything. > > The related github issues for this effort are [1] (REST API > Implementation) and [2] (UX implementation) > > [1] https://github.com/wso2/product-apim/issues/8181 > [2] https://github.com/wso2/product-apim/issues/8182 > > Regards, > Samitha > > -- > *Samitha Chathuranga* > *Associate Technical Lead*, *WSO2 Inc.* > lean.enterprise.middleware > Mobile: +94715123761 > > [image: http://wso2.com/signature] <http://wso2.com/signature> > -- *Bhathiya Jayasekara* | Senior Technical Lead | WSO2 Inc. (m) +94 71 547 8185 | (e) bhathiya-@t-wso2-d0t-com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
