Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature] First-login mode? #627

Open
Zeitsperre opened this issue Jul 29, 2024 · 3 comments
Open

[Feature] First-login mode? #627

Zeitsperre opened this issue Jul 29, 2024 · 3 comments
Assignees
Labels
feature New feature to be developed

Comments

@Zeitsperre
Copy link
Contributor

Is your feature request related to a problem? Please describe.
When new accounts are created, the creator (admin) is responsible for creating passwords for accounts. We can use advanced password generators, but we can retain these passwords if we wish to.

When users then log in, there's no pressure for them to change the password that we've generated for them, so the admin more than likely has workspace access if the user doesn't change it. This is also true for password rests requests.

Describe the solution you'd like
A "first-login" mode that forces users to change their passwords would be a welcome addition. This could also be triggered via a toggle on the account management page.

Describe alternatives you've considered
Alternatively, having Magpie send out an anonymized password on account creation would be a welcome addition. Having a case-sensitive email-based password reset would be helpful as well.

@Zeitsperre Zeitsperre added the feature New feature to be developed label Jul 29, 2024
@fmigneault
Copy link
Collaborator

Ideally, this feature would be used instead:
https://pavics-magpie.readthedocs.io/en/latest/authentication.html#user-registration

This way, there is no need for the user to change password at all, and there's no need for the admin to generate any temporary user account/password.

@tlvu
Copy link
Contributor

tlvu commented Aug 9, 2024

no need for the admin to generate any temporary user account/password.

@fmigneault
This would work if we allow everybody to create an account. But the reality is we do not accept all applications for account so by generating the first password ourselves, we can control who we allow to connect to the server.

With our non stop growing user base, some users start to forget their password or want to change their password. That's the reason behind @Zeitsperre request. Once we allow a user on our server, we would prefer the user to be completely autonomous with respect to managing their password.

@fmigneault
Copy link
Collaborator

There is an option (MAGPIE_USER_REGISTRATION_APPROVAL_ENABLED) to have an intermediate admin approval step. Users will not have an account unless that step is approved by the admin. I assume enabling this feature would essentially become the same has the kind of emails you must already receive from users to create new accounts.

As for the second point, part of the user registration workflow could be reused to send an email to the user upon a "reset password" button press (to be implemented). Once logged in with the temporary auto-generated password sent by email, users could themselves change it on their profile (already possible).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature New feature to be developed
Projects
None yet
Development

No branches or pull requests

3 participants