Name and password change operations

[iakkus]

[Environment]: Kubernetes, bare metal
[Known affected releases]: master (includes all releases)

The current management service does not allow a user to change or reset her password.

Besides the management service, this change would have an effect on the GUI, and possibly the SDK and CLI.

[iakkus]

Probably two more actions: changePassword and resetPassword.

Resetting password could be facilitated via a unique, nonce-based, temporary link sent to the user’s email address. When the user clicks the link, she could be sent to a page, where she can create a new password.

[iakkus]

Started implementation at branch feature/password_operations.

[iakkus]

Related issue: #13

[manuelstein]

can we make this a more generic user update? maybe updating the email address or the name is something a user would want. It might be better to integrate with an authorisation service and treat tenants by their id only. This would also close a lot of privacy pitfalls.

[iakkus]

Yes, allowing also the name change makes sense.

The email change is more involved, because the email is used to initialize the storage endpoint. However, looking at the code right now, I think that should also be possible without changing the storage endpoint (i.e., it's just a hash anyway).

I also agree that we should/could support a third party authorisation service. Perhaps that's a feature that one would want if we're talking about a hosted service. Nonetheless, I think that should be a separate issue.

[iakkus]

Actually, I take the email comment above back: the email is used (at least, currently) as a prefix for keys that stores list of workflows and function as well as any other user data in the system.

Perhaps, once we update the management service to use other data structures (see issue #8), we can make it so that we enable the data to be stored associated with a unique id that is permanent, but create a mapping between ids and up-to-date emails.

[iakkus]

Merged into 'develop'.