kontron / redmine_oauth

Redmine authentication through OAuth.
GNU General Public License v2.0
61 stars 27 forks source link

What's the initial password for users created from Gitlab? #19

Closed inlann closed 1 year ago

inlann commented 1 year ago

Hello,

Glad to find this awesome plugin! 🚀

I created the OAuth2 application for my redmine in my Gitlab. And then, I deployed this plugin and configurated the plugin correctly in my redmine.

Finally, the plugins works!

I registered with my Gitlab account and signed in. But when I tried to change my password, I don't know where to find the current password:

image

Any help? Really appreciate!

picman commented 1 year ago

If you use OAuth, the users are authenticated in GitLab. So their passwords are managed there. If you still need to use Redmine authentication, e.g. for repositories access, you have to set up passwords in Redmine too. The initial password must be set by a Redmine administrator.

inlann commented 1 year ago

If you use OAuth, the users are authenticated in GitLab. So their passwords are managed there. If you still need to use Redmine authentication, e.g. for repositories access, you have to set up passwords in Redmine too. The initial password must be set by a Redmine administrator.

Thanks for you reply!!

Users created by OAuth will have a login name and can log in with that name. However, their password is a random password. Therefore, they will fail to log in, and they cannot change the password.

Perhaps we can change the random password to a simple "123456" and ask users to change the password when they log in for the first time?

picman commented 1 year ago

I think that setting a default password would degrade security. The most users would leave that password unchanged.

picman commented 1 year ago

The users can themself reset their passwords using "Lost password" link on the login page.