Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Force users to reset password on first login #83

Merged
merged 1 commit into from Sep 30, 2022
Merged

Force users to reset password on first login #83

merged 1 commit into from Sep 30, 2022

Conversation

jacobtylerwalls
Copy link
Contributor

@jacobtylerwalls jacobtylerwalls commented Sep 29, 2022
edited by rajadain

Overview

Force users to reset their password on first login.

Closes #67

Notes

  • Using the Django admin to reset a password does not set has_admin_generated_password to False, so that flow will not force the user to reset their password. If that is desired, that could be a follow-up card.

Testing Instructions

  • scripts/resetdb
  • scripts/server
  • Visit django admin at localhost:8181/admin and add a user
  • Login as that user, ensure redirected to Reset password page
  • Reset password and ensure login works
  • Login again, ensure not asked to reset again
  • Login as development users (e.g. v1@azavea.com), ensure that no resetting is required

Checklist

  • fixup! commits have been squashed
  • CHANGELOG.md updated with summary of features or fixes, following Keep a Changelog guidelines
  • README.md updated if necessary to reflect the changes
  • CI passes after rebase

jacobtylerwalls
jacobtylerwalls commented Sep 29, 2022
View reviewed changes
src/app/src/constants.js
Comment on lines -46 to +47
RESET: 'api/auth/password/reset/confirm/',
CONFIRM: 'api/auth/password/reset/confirm/',
RESET: 'confirm_password_reset/reset/',
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was starting to get confusing, so this is my new proposal (see updates to axios calls, below).

src/django/api/views/auth.py
Comment on lines +28 to +30
context = {
'uid': urlsafe_base64_encode(force_bytes(user.pk)),
'token': default_token_generator.make_token(user),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reference: https://github.com/django/django/blob/0dd29209091280ccf34e07c9468746c396b7778e/django/contrib/auth/forms.py#L337-L339

rachelekm
rachelekm approved these changes Sep 30, 2022
View reviewed changes
Copy link
Contributor

@rachelekm rachelekm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Functions as expected and think the naming updates to API_URLS makes sense 👍

@jacobtylerwalls
Copy link
Contributor Author

Thanks for the review!

@jacobtylerwalls jacobtylerwalls merged commit aae78de into develop Sep 30, 2022
@jacobtylerwalls jacobtylerwalls deleted the jw/admin-generated-pw branch September 30, 2022 20:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rachelekm rachelekm rachelekm approved these changes

Assignees

@jacobtylerwalls jacobtylerwalls

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Have User Setup New Password on First Login
2 participants
@jacobtylerwalls @rachelekm