SORMAS-Project
SORMAS-Project copied to clipboard
SORMAS-Foundation
Add a button that allows users to generate a new password.
Feature Description
The final report of the last pen test included a finding that SORMAS does not allow users to change their password (i.e. in case of a leaked password). SORMAS includes the option for administrators to reset a users password but they can't trigger the the process themselves.
Proposed Change
Add a button that generates a new password for the currently logged in user to the window "User Settings". It is labeled "GENERATE NEW PASSWORD" in english and "Neues Passwort generieren" in german.
When the user clicks the button a popup should appear asking if the user really wants to generate a new password. (Two buttons, YES and NO) If the user clicks NO the window closes and nothing happens. If the user clicks YES a new password is generated for the currently logged in user and saved in the database. The new password is then shown to the user in a popup message (same as the one appearing when the admin resets a user's password).
Acceptance Criteria
The workflow works as described above.
The user can logout and login with the new password after he uses the "Generate new password feature.
Implementation Details
Additional Information
Mockup:
