[ https://issues.apache.org/jira/browse/FINERACT-2003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aleksandar Vidakovic updated FINERACT-2003: ------------------------------------------- Fix Version/s: 1.10.0 (was: 1.9.0) > Enforce change of password on first logon > ----------------------------------------- > > Key: FINERACT-2003 > URL: https://issues.apache.org/jira/browse/FINERACT-2003 > Project: Apache Fineract > Issue Type: New Feature > Reporter: John Ruhiu > Priority: Major > Fix For: 1.10.0 > > > Add the ability to force the user to reset their password on the first logon > and when a password has been reset by admin or using forgot password feature. > If its the first time the user is login in, the system should ask them to > reset the password and send them to the password reset page where they will > enter a new password(and repeat). > The system will process the request and redirect them to the login page where > they will enter the new password to gain access. > Note: the password reset feature already exists under user/profile/change > password on the mifos UI > > {*}ASSUMPTIONS{*}: > 1. Email is configured in fineract (SMTP config) Admin>System>External > Services>External Services (Email Config) > That means the email is working (when a new user is created, an email with > attached sample is sent to the user). > > 2. Password validation already exists (Admin>Organisation>Password preference) > 3. Endpoint for password change already exists > 4. We are not sending deep link nor generating a link for the user to change > to change their password. We are assuming the user has received their > credentials and they know the fineract / mifos link from which they can login. > > *WHAT WE NEED TO DO:* > # Add to global configuration an option to allow first login password change > # On logon detect if the global configuration for first login password > change is enabled. If True then detect whether the user is logging in for the > first time. If true force the user to change their password. > # On the screen for password change only allow them to enter new password > and repeat. Ensure the password complies with the password policies (see > assumption No.2). > # After successful change of password redirect the user to login password to > allow them login. > *OUT SCOPE:* > # Multifactor authentication. > {{}} > -- This message was sent by Atlassian Jira (v8.20.10#820010)