search

TheRacetrack / racetrack

An opinionated framework for deploying, managing, and serving application workloads
https://theracetrack.github.io/racetrack/
Apache License 2.0
28 stars 6 forks source link

Implement self-service password reset #153

Open iszulcdeepsense opened 1 year ago

iszulcdeepsense commented 1 year ago

We currently have a stub for this with the reset password link, which advises the user to contact an admin. It's probably a good investment in time to flesh this out now, to save the admin time from resetting peoples passwords (like myself, currently).

JosefAssadERST commented 1 year ago

I agree this is very high value.

One detail which makes me a bit leery is, how do we test this? Like in the case of make kind-up. Should there be a prior step requiring the declaration of a working SMTP in config somewhere?

iszulcdeepsense commented 1 year ago

Yeah, testing can be tricky. Maybe it'll be enough to unit test the SMTP interface with some mocks.

I think it should be definitely an optional feature. Not everyone has access to the working SMTP server like we do now.

JosefAssadERST commented 1 year ago

Well. Not sure about optional, how about graceful failure? It's really common to have self-service account reset, and it's not our fault if someone deployed RT but didn't set SMTP up if that's required for password self-service. But the failure to fire off the mail shouldn't degrade anything else. i don't even think it's RT's job to tell the user the mail couldn't be sent. There shoud maybe just be an admin alert that SMTP isn't configured, and to tell them to set something up. I don't even think RT should be managing queue of mails which failed to send...