mgr/dashboard: Enforce password change upon first login
For local user accounts, it should be possible to enforce a password change upon the first login to the dashboard. This could be determined by either having a flag associated with the user (e.g. "reset_password"), or by checking a "last login" timestamp (which would also make it possible to enforce a password change after a certain period of time). With regards to issue #24654 it might actually be feasible to have the "reset_password" flag as well.
#7 Updated by Tiago Melo about 1 month ago
I think we need to improve a few aspects of this process.
Here are the steps I would recommend:
1. The admin should be able to enable a field requiring the users to change his password next time he tries to log in.
This can be done during creation or update of the user.
2. When a user tries to login and the "reset password" flag is enabled, the login should fail.
The backend should respond with a special token that will be used to reset the password.
This token should have a TTL and be stored.
Maybe we could use the same field as the SSO, and send the redirect URL.
2.1 If a user tries to login again and there is already a reset token that has expired, the user should be disabled.
3. The user should be redirected to page, similar to login, where it does not need to be logged in.
The URL of this page should contain the token sent by the backend.
4. For extra security we should ask the user to type twice the new password.
After the user types the passwords and press "submit", we should attach the token to the request.
6. The backend will verify all the data and then change the user password.
If the TTL has expired, we should disabled the user account and show a message telling the user to contact an admin.