It's confusing how to change my password as a logged in user

[JeffersonBledsoe]

Is your feature request related to a problem? Please describe.

Currently, the only way to change your password is to visit the /login route and press "Forgot your password". We should also be able to visit our personal user profile and change our password there, just like in Classic Plone (/@@change-password/)

Describe the solution you'd like

• I open my user preferences
• I Can press 'change my password' in there or open a tab there to change the password

[Hrittik20]

@JeffersonBledsoe Why don't we add a link to the profile page that directs you to the /change-password page?

[stevepiercy]

@JeffersonBledsoe I looked all over the Classic UI, but could not find a link to http://localhost:8080/Plone/@@change-password/. If there is none, where would be a good place for it?

http://localhost:3000/change-password/ can be reached without authentication. It should require authentication. In Classic UI, you get redirected, and a login screen appears as shown in the screenshot. I would suggest using this form as a model.

I think Volto is also missing the Get help link and information.

[Hrittik20]

@stevepiercy We can fix the authentication issue on the /change-password page by integrating the "Unauthorized" component. Now, if users are not logged in, they’ll receive a notification instructing them to sign in first.

Additionally, I've developed a basic get-help page for further assistance (I still need to add the relevant functions)

which is now conveniently accessible from the login form.

[stevepiercy]

@Hrittik20 there's a Volto Team Meeting at 11:00 AM CET on Tue, Mar 26. I've put this item on the agenda to discuss. It would be great if you could attend. https://discord.com/channels/786421998426521600/787308038050545666/1217068353022197830

I think that the fewer implementation differences between Volto and Classic UI, the better. We might need to storyboard this, as it is a conditional workflow.

[JeffersonBledsoe]

@stevepiercy The link to @@change-password in Classic UI can be found in @@personal-perferences, which is the 'Peferences' link in the user menu.

It does have the auth like you discussed should be implemented for Volto.

[stevepiercy]

As discussed in the Volto Team meeting today, we want to follow the Classic UI model to implement both a change password and a reset password feature.

We still need to work through designing navigation for how to get to these features, but having the features themselves would be a good first step.

[Hrittik20]

@stevepiercy Is the UI for login-help satisfactory, and could you remind me which function I should use to retrieve the username based on the email?

[stevepiercy]

@Hrittik20 that's a great start!

I found Read User. However it appears that retrieving the user by username is supported, but not email currently. We will need to add that feature to Plone REST API.

Additionally it appears that the calling user must be authenticated, but we might be able to work around that using Permissions.

Can someone who is familiar with Plone REST API permissions advise? This is outside my experience, but I'd like to understand it better.

[stevepiercy]

See also https://github.com/plone/plone.restapi/issues/943