Page MenuHomePhabricator
Create Task
Maniphest T309850

Dashboard/ - We need to develop a user flow when user's password was reset from the cognito dashboard.
Closed, ResolvedPublic5 Estimated Story Points
Actions

Description

Preconditions: The user is successfully registered and assigned to one of the user groups.

Steps:

  1. Go to the Cognito dashboard, find this user and reset the user's password
  2. Try to log in to the WME dashboard with a username and old password

Expected result
A screen with entering new passwords should appear

Actual result

  1. error message "Password reset required for the user" appears
  2. email with a verification code is sent to the user's email

But in fact a user doesn't have any way to enter new password after resetting old one

Proposal
In case we reset password from Cognito Admin panel - we need add a new page with 4 fields:

  • username
  • verification code
  • password
  • confirm password

So that user will have an ability to reset password with the verification code from the email inbox.

Also we need to change current email template to the approved one which is

Hi undefined,

To reset your Wikimedia Enterprise password, please enter this confirmation code together with your new password:

693778

Event Timeline

Anna.bondar created this task.Jun 3 2022, 10:22 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 3 2022, 10:22 AM
creynolds added a project: Wikimedia Enterprise Web Application.Jul 1 2022, 9:09 PM
Alexander.lauie updated the task description. (Show Details)Jul 6 2022, 10:15 AM
Protsack.stephan triaged this task as Medium priority.Jul 6 2022, 2:36 PM
Protsack.stephan set the point value for this task to 5.
creynolds subscribed.Jul 12 2022, 9:50 PM
Alexander.lauie moved this task from Incoming to Machine Readability PB on the Wikimedia Enterprise board.Jul 14 2022, 11:10 AM
Lena.Milenko changed the task status from Open to In Progress.Jul 14 2022, 2:08 PM
Anna.bondar added a comment.EditedJul 26 2022, 12:30 PM

Checked
Case1
The user's password is reset from Cognito.
The User enters the correct credentials from the login screen.
-> The user is redirected to the Reset password page, and an email with a confirmation code is sent to the user's email

Case2
The user's password is reset from Cognito.
The user enters login and incorrect password from the login screen.
The user goes to the Forgot password page and submits the form.
-> The user is redirected to the Reset password page, and an email with a confirmation code is sent to the user's email

Case3
A User is resetting their password on their own from the Forgot password page

All these cases functionally work correct but the following comment from the description is still relevant

"We need to change current email template to the approved one which is"

Hi undefined,

To reset your Wikimedia Enterprise password, please enter this confirmation code together with your new password:

693778

and in all three cases Undefined is displayed instead of the correct username

Anna.bondar moved this task from Machine Readability PB to Incoming on the Wikimedia Enterprise board.Jul 26 2022, 12:37 PM
creynolds added a subscriber: Alexander.lauie.Jul 26 2022, 6:43 PM

@Alexander.lauie think that's an issue in the lambda func sendCodeForgotPassword()?

Lena.Milenko changed the task status from In Progress to Open.Jul 27 2022, 10:15 AM
Protsack.stephan raised the priority of this task from Medium to Needs Triage.Oct 12 2022, 9:43 AM
Protsack.stephan closed this task as Resolved.Apr 11 2023, 4:56 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL