Reset/Change Password Doc
Technical documentation
08/19/2024
Requirement Overview¶
Clients whose domains are registered on the web are using the default password set by the support person during the initial setup, and some clients haven't changed their passwords for an extended period, expressing security concerns about the application. Consequently, this feature will mandate application users to change their passwords at regular intervals for enhanced security.
Database Changes¶
- Add the setting : PasswordRenewalIntervalDays = Numeric
- The password duration should be in numeric format, with the default set to 90 days.
- Add the setting : Checkfirstlogin = 1|0 OR True | False
- Upon installing the application and providing usernames and passwords, it is necessary to set 'Checkfirstlogin' to '1' for all users.
- After users log in for the first time and change their passwords, 'Checkfirstlogin' should be updated to '0'.
- Table name = Userpasswordchangelog
- User name
- Password
- Changed Date
- Expiry date
- Checkfirstlogin
Application Flow
Reset Login¶
Step 1 : The support person or DevOps configures the client application before handing it over to the client, completing all necessary configurations. The support representative must ensure that all instances of Checkfirstlogin are set to 1 (True)
Step 2 : The client attempts to log in using either the old password used during setup or the login credentials provided by the support personnel. After clicking on "Sign In," a Reset Password screen will appear, where Checkfirstlogin is checked to, if true, then lead to the reset screen.
Step 3 :The user will establish a new password for the account, confirm the chosen password, and subsequently select 'Change Password.'
Or
Step 3 : If the user clicks on the 'Cancel' button, they will be redirected to the Step 1 Login Page.
Step 4 : The new password for the user will be saved, and they will be directed to the main login screen. Starting from this point, the countdown for password expiry will begin based on the specified renewal interval (PasswordRenewalIntervalDays = 90). Simultaneously, the status will be updated from ‘Checkfirstlogin’ = True to ‘Checkfirstlogin’ = False.
Step : 5 : After successfully changing the password, a message should be displayed on the screen stating, "Password Changed Successfully."
Change Password Login¶
Step 1 : After recording the countdown from the reset screen, we will verify the password's expiration date with each login. When the due date is reached, a Change Password screen should appear.
Step 2 : The client attempts to log in using either the old password used during setup or the login credentials provided by the support personnel. After clicking on "Sign In," a Change Password screen will appear with the message ‘Your Password has expired ’ in the UI showing the message for 10 seconds to hide the message.
Step 3 :The user will enter an old password,a new password for the account, confirm the chosen password, and after that click on 'Change Password.'
Or
Step 3 : If the user clicks on the 'Cancel' button, they will be redirected to the Step 1 Login Page.
Step 4 : The new password for the user will be saved, and they will be directed to the main login screen. Starting from this point, the countdown for password expiry will begin again based on the specified renewal interval (PasswordRenewalIntervalDays = 90). Simultaneously
Step : 5 : After successfully changing the password, a message should be displayed on the screen stating, "Password Changed Successfully."
Change Password In Help¶
- Update
- Remove the old Pop UI add update new Pop Up UI of Change password as mentioned above
- Remove the old password change process and add the process defined above in Change password
- Add User
- Validate the password criteria before saving the password
- Validate the password criteria before saving the password
- Edit User
- Validate the password criteria before saving the password
- Validate the password criteria before saving the password
Note:
Validation :
1. For New Password : Attempt to validate the new password criteria during the setup. Use a color code in the input box, displaying 'Green' if the criteria are met and 'Red' if the criteria are not met.
Or
If user don’t set the password with in the criteria defined than a at the time of saving than message should pop up as ‘It should be 6-12 characters long, include at least one uppercase and one lowercase character, contain at least one numeric character, least one special character, and must not be the same as the previous password.’
2. For Confirm New Password : Validate the new password criteria during the setup. Use a color code in the input box, displaying 'Green' if the ‘Confirm New Password’ is the same as ‘New Password’ and 'Red' if the ‘Confirm New Password’ is not the same as ‘New Password’.
Or
When a user sets the Confirm New Password differently from the New Password and clicks the Change Password button, a message should appear: "The confirmed password does not match the new password. Kindly rewrite and try again."
3. When hovering over the question mark icon, a tooltip containing the message from the attached screenshot will be generated.
UI DESIGN¶
Definition of Done¶
- Users should be able to reset their password and log in for the first time.
- Users should be able to change their password and log in multiple times, as specified in settings.
- Password criteria validation is required in the Add User Form, and inclusion of a help icon is mandatory.
- Password criteria must undergo validation in the Edit User Form, and the inclusion of a help icon is mandatory.