Allow admin to trigger 'change password' flow instead of setting it.

Question

Allow admin to trigger 'change password' flow instead of setting it.

dottorer opened this issue 8 years ago · comments

As outlined in #401 the admin can now also change a user's password. Usually the admin is not supposed to know the password, but simply send the user a link to reset it himself ('request new password'). This will require the user to take action, but is safer since only the user knows the password then. If it is easy and clean to add the 'send new password request') button to the 'edit password' page, we should think about it.

Diego Duarte · Answer 1 · Tue Nov 22 2016 07:10:34 GMT+0800 (China Standard Time)

Hi @dottorer if you're ok with it, I can assign this to myself and see if I can make it work using the 'change password' flow. I haven't looked at the code, but I imagine it's something I could do.

Ralf Schroeder · Answer 2 · Tue Nov 22 2016 17:09:02 GMT+0800 (China Standard Time)

@diegoaad Totally, go for it. Thanks for your help!

Diego Duarte · Answer 3 · Fri Nov 25 2016 06:56:02 GMT+0800 (China Standard Time)

@dottorer quick question on this one. I've started working on it, and I'm creating a new page for the admin to confirm the e-mail (not-enterable) to trigger the reset-password flow. Should we have something else on the page? Or it's not necessary to have a confirmation page and instead just show a flash message as soon as they click on the button?

Ralf Schroeder · Answer 4 · Fri Nov 25 2016 13:34:52 GMT+0800 (China Standard Time)

Cleanest thing would be to just send out the email to the user that takes them to the update password page. We might gave users that are so nontechnical that they would prefer the admin to do it for them.

One thing we can consider us having both options on the page with 'send password change request to user' as the first option and 'set new password for user' as a second. What do you think? Do 2 options make sense at all?

Diego Duarte · Answer 5 · Fri Nov 25 2016 17:46:50 GMT+0800 (China Standard Time)

Hmmm, I think the cleanest approach would be sending an email to the user so they can change the password themselves. Even though they could do it themselves at the login page, some might be asking admins to do it for them. I don't think it's a good practice for the admins to know the user's password.

As you said there might be users that are so nontechnical that they could prefer an admin actually changing the password for them, but still I'm not sure this would be a good practice. One thing that came to my mind as that in those cases they could have a workaround of editing the user's email before asking for reset password and then changing the email back (probably something we want to check whether we should prevent from happening or not).

Ralf Schroeder · Answer 6 · Sat Nov 26 2016 14:54:54 GMT+0800 (China Standard Time)

I agree, i think we should remove the option to set a password and instead only let the admin trigger the reset password flow. If users can't follow that, they will likely not be able to use the system anyways. Let's do it that way...