Short description: Acceptance: - The OPenLMIS login screen offers a Forgot Password link.
- The link requests the email address of the User. If a matching user record is found, the systems marks the User record in a reset state, and sends an email to the user with a special reset link
- the user clicks the link and enters a web form, accepting a new password from the user. After saved, the user must login with the new password to access OpenLMIS
- the reset link is usable one time. Once clicked, it cannot be used again to reset a password.
- the reset link expires after a configurable amount of time, defaulted to 12 hours.
- if this is enabled via an API, the system-level authorization is required (so lower-authenticated users can't use the API to set other people's passwords!)
| |