-
Notifications
You must be signed in to change notification settings - Fork 142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/epic 12881 self reset password #13096
base: development
Are you sure you want to change the base?
Conversation
updatePassword validate current password, check password strength and generate password
…ing password and generating password#12881
Added a method to validate password Added a method to check password strength#12881
…ccording to different screen sizes
SonarCloud analysis: https://sonarcloud.io/dashboard?id=SORMAS-Project&pullRequest=13096 |
2 similar comments
SonarCloud analysis: https://sonarcloud.io/dashboard?id=SORMAS-Project&pullRequest=13096 |
SonarCloud analysis: https://sonarcloud.io/dashboard?id=SORMAS-Project&pullRequest=13096 |
Hi @leventegal-she, Your issue with the existing code that looks to be changed is sorted so kindly check and give me feedback. Thanks |
Hi @markusmann-vg, Your request is done now the "Self reset password" has been added to the feature configuration and is set to false by default. Also when Keycloak is the authentication provider i do a redirect to the forgot password flow. Please you can check and give me feedback thanks. Thanks |
…RMAS-Project.git into feature/EPIC-12881-Self_reset_password
I think the issue with your approach is that it does not make provision for the mobile app since password reset also happens on the mobile app. So incase the authenticaionProvider=KEYCLOAK what happens on the mobile app should i make it invisible on the mobile app or i should create a similar method to handlePasswordResetEvent in the KeycloakService class and modify it to for it to fit that functionality. If the former should be the case then can I add an "authenticationProvider" key with its value to the "sormas-app.properties" and use that to determine on the mobile app that if authenticationProvicer=KEYCLOAK then the the password resetbutton should not be seen. Incase you don't want me to use the "sormas-app.properties" file to handle that kindly let me know how you want us to handle it. I will be waiting for your thoughts. Thanks |
I eventually used FeatureTypeProperty.AUTHENTICATION_PROVIDER in feature configuration with the FeatureType.SELF_PASSWORD_RESET so i am able to grab the value of the authentication provider in the mobile app and that makes the configuration more centralized. So with this i hide the password reset option when FeatureTypeProperty.AUTHENTICATION_PROVIDER="KEYCLOAK" but show it when its "SORMAS" on mobile. Thanks |
… FeatureType.SELF_PASSWORD_RESET
After a careful thought i decided to check the feasibility of implementing the self reset password with keycloak to also be done on the mobile so that inspired the approach of not hiding the functionality anymore so now i have taken off the "redirect to forgot password" approach you suggested earlier from the web to use that same function making the self reset with keycloak work on both mobile and web now. But with that approach you need to turn on "Direct access grant" on "sormas-backend" client on the keycloak admin console to allow the validation of current password to work" on the web. As for the mobile current password validation is done using the local database or cached password after login is successful. I think that improves the user experience on both the mobile and web. Mean while let me know if you still want me to switch back to the redirect implementation .. it will not take time to do so. Thanks |
…RMAS-Project.git into feature/EPIC-12881-Self_reset_password
…RMAS-Project.git into feature/EPIC-12881-Self_reset_password
Fixes #12881