add lost-password-recovery for user accounts

[jsjhb]

When a user has lost hir password, there is no way for the user to recover the password on hir own. Even the admin user has no easy possibility to reset the password, apart from using the ruby console on the server itself. This holds true for obs installations using the build-in user management.

Expected behavior:

1. have a "recover password" button on the login page with the necessary back-end functionality to reset the password
2. have the option "set password" in the "Actions" of "Manage Users", or below "Edit User" ibd.

Ideally both options exist.

[laf0rge]

is it true that 8 years later there is still no password recovery method?

[hennevogel]

@laf0rge like 99% of all installations use some IDP...

[jsjhb]

@hennevogel: Funny! At the time of the creation of the issue, there was no IDP/LDAP/whatever configuration available, or was there and then deprecated, and implemented differently again. Where can I find a documentation for migrating the local authentication database to an IDP of choice?

You can close this issue as WONTFIX. For the limited remaining time I am running PMBS I will go by with the manual workaround.

[hennevogel]

@jsjhb more like sad... But there are just limited resources, we are like 10 people and we do everything around this open source project. Product, Engineering, Operations, Support, Community. Some things just never reach the top of the queue...

The way to go is using some of the ready made things for Rails (devise, omniauth) like @andrewshadura stareted in #12404

Rudimentary proxy mode and LDAP docu is here: https://openbuildservice.org/help/manuals/obs-admin-guide/obs.cha.administration.html#_obs_proxy_mode_configuration

[laf0rge]

I'm using LDAP on a purely company-internal OBS installation, and that's OK. But for publicly accessible OBS instances where people unrelated to their affiliation should be able to register an account, LDAP is not an option.

Other software we use in our development process (gitea, jenkins, gerrit, redmine) also has the nice option to use LDAP in addition to local (or other third-party) accounts. For OBS, if you start to use LDAP, that has to be the only source of all user accounts.

Running a similarly sized team working on an enormously wide scope, I certainly understand the small team / large scope problem, no worries. Password recovery is just something so basic that one really is very surprised if its missing :)

[andrewshadura]

@laf0rge, when I had to reset users’ passwords, I had to directly modify the database 😃 Have a look at my pull request. It uses a local user database, but allows you to use multiple external authentication services. The users get associated by their email addresses.