Decide if we should add a "Reset password" link to the admin login page

cal-itp / benefits

Transit benefits enrollment, minus the paperwork.

https://docs.calitp.org/benefits

GNU Affero General Public License v3.0

27 stars 9 forks source link

Decide if we should add a "Reset password" link to the admin login page #2386

Open angela-tran opened 5 days ago

angela-tran commented 5 days ago

Apparently Django admin provides a feature for native Django accounts to reset their password.

https://docs.djangoproject.com/en/5.1/ref/contrib/admin/#adding-a-password-reset-feature

We have not tried it out yet and have no idea what it looks like.

This ticket is to decide if we want to enable it.

[x] A developer should try out enabling it and see how it works
[x] Share info as a comment on this ticket
[ ] Make sure @indexing agrees if we should add this or not

Additional context

I don't think we should worry about adding this now since we ideally want to use SSO long-term

_Originally posted by @angela-tran in https://github.com/cal-itp/benefits/pull/2371#discussion_r1767619933_

angela-tran commented 19 hours ago

So in addition to copying the URL patterns from "Adding a password reset feature" into benefits/urls.py, we would need an SMTP email server for this feature to work. We would specify the email server details in benefits/settings.py using the settings for the SMTP email backend. Django has other implementations of email backends, but they are for development and testing purposes.

Here's what the screens in Django admin look like:

Login screen

I had to hover over the link to see it.

Password reset form

Password reset form submitted

The email contents by default come from this template: https://github.com/django/django/blob/39de2e97a06d0317973b280bc159ca6f89fc64e3/django/contrib/admin/templates/registration/password_reset_email.html

I couldn't get the development console-based email backend to work, so couldn't continue any further than this.

angela-tran commented 19 hours ago

@indexing @thekaveman What are your thoughts about this feature based on the notes above?

indexing commented 2 hours ago

What is the lift to bring up an SMTP email server?

angela-tran commented 54 minutes ago

What is the lift to bring up an SMTP email server?

One option could be to use the @cal-itp-bot Gmail account. Or set up a separate bot/service account for Benefits admin specifically.

Then, according to this article, we would generate an app password for that account in Gmail, and then set these settings:

EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
EMAIL_HOST = "smtp.gmail.com"
EMAIL_PORT = 587
EMAIL_USE_TLS = True
EMAIL_HOST_USER = env("EMAIL_HOST_USER")
EMAIL_HOST_PASSWORD = env("EMAIL_HOST_PASSWORD")

where EMAIL_HOST_USER is the service email and EMAIL_HOST_PASSWORD is the generated app password.