New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GUI : Design : Alert user of need and ability to change expired password #1048
Comments
Attempted answers to the questions above:
|
To confirm, is this looking for a solution for: or is it both? If A or both, do we need to give users a way to configure how long a password can be used before it expires? |
@joseph-reynolds can you verify this for me?
I believe just B. I think there is a use case for A, but that is not what this story is about. |
I may not have been clear in issue #947 and I am not clear what you are asking. ==> I think the title of this issue (1048) is wrong. It is currently "Disable initial password on first login" and should be something like "Implement password change dialog on the web app". The WebGUI doesn't need to know or care if it is the first login; it just needs to know if the user currently trying to log in has an expired password. Then it has to have a way to change that password as part of the login screen. I believe that's the scope of this issue. Issue 947 does not need changes from the GUI for the following items:
Once again, the web app GUI changes are limited to the following:
That's the entire change. To enable the GUI, the REST APIs will have additional functions:
This issue is blocked. You can set up conditions to test like this:
However you are currently blocked on step 3 above because there are not yet any indications that the password is expired. If you think it would help, we could consider adding that function relatively sooner in the development process. |
@jandraa - My proposal would be to change the title of this story to @joseph-reynolds
We were trying to determine if this story was just for the root user on first login or anytime a password is expired. Based on your information, this story is scoped for any user with a password that is expired and needs to be changed.
I think @jandraa has a concept for design and interaction and I believe it is a modal. In any event, I'll let her move that forward knowing that when a user logs in and the login request returns a response that contains a flag indicating that the password needs to change, we will start the user on the designed workflow to update their password. |
Updated the designs to align with the current login screen design. The InVision link reflects thew new designs (ignore screenshot from last comment). Once we get community feedback, we can move forward with a more branded login screen. |
In the mockup I am seeing from https://ibm.invisionapp.com/share/8ENYRVXAPFD#/319247221_1-_Login____existingBrand |
A commit for BMCWeb is ready for this. See https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/25146. |
@joseph-reynolds - we are closing this issue since the design is done. There is a separate story for the FED to implement the design. |
Thanks for the feedback @joseph-reynolds.
|
Stakeholders
SME: @joseph-reynolds
Design Researcher:UX Designer:
FED:
Expected Deadlines
This must be part of the 9.4.1 milestone to comply with the law that will be enacted on 1/1/2020.
We have the following sprints to complete the work. All work, Backend, Design, and FED by the end of Sprint 18 on 9/03/19.
Use Case
As a user logging into the BMC for the first time using the initial password created by the BMC, I need to update my password before I can interact with the BMC.
Questions
InVision Prototype
https://ibm.invisionapp.com/share/8ENYRVXAPFD#/319247221_1-_Login____existingBrand
Design Issue (phosphor-webui)
Development Issue
References/Resources
The text was updated successfully, but these errors were encountered: