racetrack icon indicating copy to clipboard operation
racetrack copied to clipboard
verified publisher icon TheRacetrack

Implement self-service password reset

Open iszulcdeepsense opened this issue 2 years ago • 3 comments

We currently have a stub for this with the reset password link, which advises the user to contact an admin. It's probably a good investment in time to flesh this out now, to save the admin time from resetting peoples passwords (like myself, currently).

iszulcdeepsense avatar Feb 02 '23 12:02 iszulcdeepsense

I agree this is very high value.

One detail which makes me a bit leery is, how do we test this? Like in the case of make kind-up. Should there be a prior step requiring the declaration of a working SMTP in config somewhere?

JosefAssadERST avatar Feb 03 '23 07:02 JosefAssadERST

Yeah, testing can be tricky. Maybe it'll be enough to unit test the SMTP interface with some mocks.

I think it should be definitely an optional feature. Not everyone has access to the working SMTP server like we do now.

iszulcdeepsense avatar Feb 03 '23 09:02 iszulcdeepsense

Well. Not sure about optional, how about graceful failure? It's really common to have self-service account reset, and it's not our fault if someone deployed RT but didn't set SMTP up if that's required for password self-service. But the failure to fire off the mail shouldn't degrade anything else. i don't even think it's RT's job to tell the user the mail couldn't be sent. There shoud maybe just be an admin alert that SMTP isn't configured, and to tell them to set something up. I don't even think RT should be managing queue of mails which failed to send...

JosefAssadERST avatar Feb 03 '23 10:02 JosefAssadERST