volto icon indicating copy to clipboard operation
volto copied to clipboard
verified publisher icon plone

It's confusing how to change my password as a logged in user

Open JeffersonBledsoe opened this issue 1 year ago • 9 comments

Is your feature request related to a problem? Please describe.

Currently, the only way to change your password is to visit the /login route and press "Forgot your password". We should also be able to visit our personal user profile and change our password there, just like in Classic Plone (/@@change-password/)

Describe the solution you'd like

  • I open my user preferences
  • I Can press 'change my password' in there or open a tab there to change the password

JeffersonBledsoe avatar Mar 19 '24 11:03 JeffersonBledsoe

@JeffersonBledsoe Why don't we add a link to the profile page that directs you to the /change-password page?

chnpass

Hrittik20 avatar Mar 24 '24 08:03 Hrittik20

@JeffersonBledsoe I looked all over the Classic UI, but could not find a link to http://localhost:8080/Plone/@@change-password/. If there is none, where would be a good place for it?

http://localhost:3000/change-password/ can be reached without authentication. It should require authentication. In Classic UI, you get redirected, and a login screen appears as shown in the screenshot. I would suggest using this form as a model.

Screenshot 2024-03-24 at 2 46 00 AM

I think Volto is also missing the Get help link and information.

Screenshot 2024-03-24 at 2 47 46 AM

stevepiercy avatar Mar 24 '24 09:03 stevepiercy

@stevepiercy We can fix the authentication issue on the /change-password page by integrating the "Unauthorized" component. Now, if users are not logged in, they’ll receive a notification instructing them to sign in first.

unauthorized

Additionally, I've developed a basic get-help page for further assistance (I still need to add the relevant functions)

Get help2

which is now conveniently accessible from the login form.

Get help1

Hrittik20 avatar Mar 25 '24 11:03 Hrittik20

@Hrittik20 there's a Volto Team Meeting at 11:00 AM CET on Tue, Mar 26. I've put this item on the agenda to discuss. It would be great if you could attend. https://discord.com/channels/786421998426521600/787308038050545666/1217068353022197830

I think that the fewer implementation differences between Volto and Classic UI, the better. We might need to storyboard this, as it is a conditional workflow.

stevepiercy avatar Mar 25 '24 12:03 stevepiercy

@stevepiercy The link to @@change-password in Classic UI can be found in @@personal-perferences, which is the 'Peferences' link in the user menu.

It does have the auth like you discussed should be implemented for Volto.

JeffersonBledsoe avatar Mar 26 '24 10:03 JeffersonBledsoe

As discussed in the Volto Team meeting today, we want to follow the Classic UI model to implement both a change password and a reset password feature.

We still need to work through designing navigation for how to get to these features, but having the features themselves would be a good first step.

stevepiercy avatar Mar 26 '24 10:03 stevepiercy

@stevepiercy Is the UI for login-help satisfactory, and could you remind me which function I should use to retrieve the username based on the email?

need help

Hrittik20 avatar Mar 27 '24 10:03 Hrittik20

@Hrittik20 that's a great start!

I found Read User. However it appears that retrieving the user by username is supported, but not email currently. We will need to add that feature to Plone REST API.

Additionally it appears that the calling user must be authenticated, but we might be able to work around that using Permissions.

Can someone who is familiar with Plone REST API permissions advise? This is outside my experience, but I'd like to understand it better.

stevepiercy avatar Mar 27 '24 11:03 stevepiercy

See also https://github.com/plone/plone.restapi/issues/943

stevepiercy avatar Mar 27 '24 13:03 stevepiercy