[jira] [Updated] (FINERACT-2003) Enforce change of password on first logon

[Aleksandar Vidakovic (Jira)]

     [ 
https://issues.apache.org/jira/browse/FINERACT-2003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Aleksandar Vidakovic updated FINERACT-2003:
-------------------------------------------
    Fix Version/s: 1.10.0
                       (was: 1.9.0)

> Enforce change of password on first logon
> -----------------------------------------
>
>                 Key: FINERACT-2003
>                 URL: https://issues.apache.org/jira/browse/FINERACT-2003
>             Project: Apache Fineract
>          Issue Type: New Feature
>            Reporter: John Ruhiu
>            Priority: Major
>             Fix For: 1.10.0
>
>
> Add the ability to force the user to reset their password on the first logon 
> and when a password has been reset by admin or using forgot password feature. 
> If its the first time the user is login in, the system should ask them to 
> reset the password and send them to the password reset page where they will 
> enter a new password(and repeat).
> The system will process the request and redirect them to the login page where 
> they will enter the new password to gain access.
> Note: the password reset feature already exists under user/profile/change 
> password on the mifos UI
>  
> {*}ASSUMPTIONS{*}:
> 1. Email is configured in fineract (SMTP config) Admin>System>External 
> Services>External Services (Email Config)
> That means the email is working (when a new user is created, an email with 
> attached sample is sent to the user).
>  
> 2. Password validation already exists (Admin>Organisation>Password preference)
> 3. Endpoint for password change already exists
> 4. We are not sending deep link nor generating a link for the user to change 
> to change their password. We are assuming the user has received their 
> credentials and they know the fineract / mifos link from which they can login.
>  
> *WHAT WE NEED TO DO:*
>  # Add to global configuration an option to allow first login password change
>  # On logon detect if the global configuration for first login password 
> change is enabled. If True then detect whether the user is logging in for the 
> first time. If true force the user to change their password.
>  # On the screen for password change only allow them to enter new password 
> and repeat. Ensure the password complies with the password policies (see 
> assumption No.2).
>  # After successful change of password redirect the user to login password to 
> allow them login.
> *OUT SCOPE:*
>  # Multifactor authentication.
> {{}}
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)