SORMAS-Foundation / SORMAS-Project

SORMAS (Surveillance, Outbreak Response Management and Analysis System) is an early warning and management system to fight the spread of infectious diseases.
https://sormas.org
GNU General Public License v3.0
293 stars 143 forks source link

[EPIC] Password reset Merge back to SORMAS main branch. #12881

Open isaacanip opened 10 months ago

isaacanip commented 10 months ago

Situation Description & Motivation

Ghana Health Service (GHS) requested that SORMAS users should be able to generate their own password. According to GHS, the default password generated by the SORMAS application is not easy to easily remember.

The feature allows user to enter current password, New password and verify new password.

Use case (SORMAS Default Authentication)

  1. User clicks on the user settings on the main menu. image
  2. The user setting form comes as seen below. User then clicks on the "Create new password" image
  3. The Change password form comes up and user update the available fields with current password, new password and confirm new password. Screenshot 2024-11-01 150740

NB: The form has two ways of generating password. 3a1. This option allows user to key in current password, new password and confirm new password. 3a2. After the save button is clicked, a message pops up on the screen to alert password changed successful. See image below:

Successful_Message 3b1. Another option is to click on the "Generate new password". 3b2. If an email is set for the current user, the SORMAS application sends the password to the user's email address. See image below: Message_Email_Sent

3b3. If current user is without email address, a pop up with new password is shown to the user as indicated in the below image:

Message_Password

  1. Type the required values in the fields and click on the "Save" button. When successful, a message prompt (as seen below) comes on the screen. image

  2. If password does not match, an alert message pops up as seen in the image below: image

Use case (Keycloak Authentication)

  1. For current password validation to be successful on keycloak there is the need for admin to turn on the "Direct Access Grant" on the "sormas-backend" client on the keycloak admin console as seen in the below image: Screenshot 2024-11-01 140246

Alternatively, the configuration could permanently be added to the sormas.json file for keycloak to automatically pick at the point of running.

  1. User clicks on the user settings on the main menu. image
  2. The user setting form pops up as seen below. User then clicks on the "Create new password" Screenshot 2024-10-25 194100
  3. Upon clicking the "Create New Password" link, the user is directed to the SORMAS Keycloak authentication form, displaying the "Forgot Your Password" prompt. The user is then required to:

a. Enter their username in the designated field. b. Select the "Submit" button.

Once submitted, the system will initiate further steps, typically providing the user with additional instructions via email to complete the password reset process. This workflow leverages Keycloak’s secure identity management for credential recovery. image

  1. Type the required values in the fields and click on the "Save" button. When successful, a message prompt (as seen below) comes on the screen. image

  2. If password does not match, an alert message pops up as seen in the image below: image

NB: If at the point of validating a password, user gets feedback of wrong current password even though the password is correct, there are three things to check:

  1. The admin checking the direct access grant on the sormas-backend client on the keycloak console.
  2. Check whether the keycloak server is up
  3. Check if the current user has date password as part of required user actions or his password is set with a temporal status especially when current user password is changed from the keycloak admin console. NB: This doesn't when password is set from the SORMAS interface using the self password reset.

Use Case (Mobile)

  1. User clicks on the user settings on the main menu and this brings up the settings form. User then clicks on "Change Password". 1_i

  2. After clicking on the "Change Password" button, the change password form pops up on the screen as seen in the below image. 2_i

There are two ways of changing the password (Either by typing the previous and new password or letting the application generate password in accordance with rules around password generation) 2a1. Type password 3_i

User is required to type in previous, current and confirm current password in the designated fields. User then click on the "Change Password" button and this will save the new password in the system which will pop up a message prompt with the inscription "User's password was changed successfully".

4_i

NB: A password strength status will indicate to the user whether password is weak or strong.

2a2. Generate Password This section allows password to be generated automatically based on password rules and policies. 5_ii

Here, user simply clicks on the "Generate Password" link and this automatically generate password in the New password and confirm new password fields. The user then types the previous password in the previous password field before clicking on the "Change Password" button. This action pops up a message prompt with the inscription "Change Password".

6_ii NB: Click on the password on the message prompt to copy the password to the clipboard for further use.

High-Level Explanation

Timeline

Tasks

Risks

Additional Information

isaacanip commented 2 weeks ago

The EPIC document for the Password Reset has been updated to incorporate the Keycloak integration, enabling users to be redirected to Keycloak's password reset feature.