Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admins should be able to reset user's passwords #660

Open
Tracked by #657
josecelano opened this issue Nov 26, 2024 · 3 comments
Open
Tracked by #657

Admins should be able to reset user's passwords #660

josecelano opened this issue Nov 26, 2024 · 3 comments
Assignees
@mario-nt
Labels
- User - Enjoyable to Use our Software Easy Good for Newcomers Enhancement / Feature Request Something New good first issue Good for newcomers

Comments

@josecelano
Copy link
Member

Parent issue: #657

This only works if the user has an email (email can be optional). It should receive the new password via email.
@josecelano josecelano added Enhancement / Feature Request Something New Easy Good for Newcomers - User - Enjoyable to Use our Software good first issue Good for newcomers labels Nov 26, 2024
@josecelano josecelano mentioned this issue Nov 26, 2024
Open
16 tasks
@mario-nt mario-nt self-assigned this Jan 26, 2025
@mario-nt mario-nt mentioned this issue Jan 26, 2025
Open
@josecelano
Copy link
Member Author

Relates to: #469

@josecelano josecelano mentioned this issue Jan 30, 2025
Open
@josecelano
Copy link
Member Author

Hi @da2ce7 @mario-nt I can't find any previous discussion about this issue, but I remember a discussion with @cgbosse. There was no way to reset user's password (by the user or admin) and I thought we should provide at least an easy/fast option to be able to use the Index in production (even if it's not a good option). I think we didn't even have the option to change the password in the user's profile. Now that we have that feature implementing issue #469 should be easier. Therefore we have to consider if this issue still makes sense. It could make sense in some scenarios like the ones we talked in the meeting:

  • A user is misbehaving and the admin suspects that the account could be compromised (there could be other better alternatives like locking the account).
  • The index is configured without emails and users can't not receive the new password or reset token. In this case, the issue would be different. We can't send an email.

@mario-nt
Copy link
Contributor

mario-nt commented Feb 3, 2025

Before implementing this issue we should do some research on best practices on how to manage resetting/changing passwords. It is a very critical action and could lead to a lot of security breaches if not done properly.

This also relates to #469

@josecelano josecelano mentioned this issue Feb 4, 2025
Closed
mario-nt added a commit to mario-nt/torrust-index-gui that referenced this issue Mar 23, 2025
@mario-nt
feat: [torrust#660] added forgot password link
5033cf5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mario-nt mario-nt

Labels
- User - Enjoyable to Use our Software Easy Good for Newcomers Enhancement / Feature Request Something New good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@josecelano @mario-nt