Uploaded image for project: 'Mender'
  1. Mender
  2. MEN-3540

Self-service password reset

    XMLWordPrintable

    Details

    • Type: Epic
    • Status: Done
    • Priority: (None)
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:

      Description

      Provide the possibility to Mender users to autonomously reset their password from a specific password recovery view in the UI. The password reset should require the validation of the email address, e.g. sending a randomly generated, expiring code by email and require it to be entered in the password reset screen.

      User value (why)

      • Save time and effort when losing password

      Acceptance criteria

      • There is a "Reset password" link in the Mender login screen
      • When a user clicks the reset password link he is asked for an email address to reset the password for
      • If an email address associated with an account is entered, a secure (one-time, impossible to guess, https only) reset password link is sent
      • If an email address is not associated with an account is entered, the confirmation is the same (to avoid security leaks) but no reset password email is sent
      • When clicking the link the user is asked for a new password twice and they must match in order to update the password
      • The reset password link is valid for 30 minutes and expiry is stated in the reset password email
      • This feature is available to all plans (Starter, Professional, Enterprise) and editions (hosted, on-premise)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                tranchitella Fabio Tranchitella
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Summary Panel