Details
-
Type:
Epic
-
Status: Done
-
Priority:
(None)
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Epic Name:Self-service password reset
-
Market Goal:TBD
-
Risk & mitigation:TBD
-
Epic Total Estimate:27
-
DoD:
Description
Provide the possibility to Mender users to autonomously reset their password from a specific password recovery view in the UI. The password reset should require the validation of the email address, e.g. sending a randomly generated, expiring code by email and require it to be entered in the password reset screen.
User value (why)
- Save time and effort when losing password
Acceptance criteria
- There is a "Reset password" link in the Mender login screen
- When a user clicks the reset password link he is asked for an email address to reset the password for
- If an email address associated with an account is entered, a secure (one-time, impossible to guess, https only) reset password link is sent
- If an email address is not associated with an account is entered, the confirmation is the same (to avoid security leaks) but no reset password email is sent
- When clicking the link the user is asked for a new password twice and they must match in order to update the password
- The reset password link is valid for 30 minutes and expiry is stated in the reset password email
- This feature is available to all plans (Starter, Professional, Enterprise) and editions (hosted, on-premise)
Attachments
Issue Links
- clones
-
MEN-2218
Epic template
-
- Open
-