User unable to log in with a valid email and password

[franck-boullier]

The problem:

"After some time the username & password will not match and I'll have to password reset." Several users (at least 4 different users) have reported that problem.

Why is this critical:

People have confirmed that if we don't fix that issue they will drop Unee-T altogether as it's a major barrier ---> users are not able to work with Unee-T

[franck-boullier]

Root cause of the issue seems to be the mechanism introduced in our Apr 22nd release to automatically log in a user that: 1- receives an invitation 2- already has a password set 3- the user access Unee-T on a device that has never been logged in to Unee-T before.

When this happens the user's password is reset <--- this explains the issue reported by some users

Next step:

Short term fix:

Roll back the Notification magic link feature. This will:

• Fix the bug
• Prevent the user from being automatically logged in in the scenario described above.

Long term fix:

The need to have the simplest and easiest login experience is still very critical to maximize user adoption. we will explore 2 solutions to do that:

• Add social login (Google, WeChat are top priorities) on top of the existing login/password mechanism.
• Implement a OTP mechanism when users who forgot his password is sent a magic link if password has been forgotten.

[nbiton]

I'm yet unable to reproduce this issue. We already had a safety mechanism in place to prevent a user with a self-defined password from losing their password. I tried the following steps for reproduction:

• Created a user via invitation - WORKS.
• Used the invitation to automatically login as the new user - WORKS.
• Reset my password as the new user - WORKS.
• Logout and login again using the new password - WORKS.
• Logout and try to use the invitation login as the new user again (should not allow) - WORKS (I receive an error message dialog, and directed to the login screen)
• Login as the new user with the previously defined password - WORKS.

I could not find a scenario in which the usage of these features caused my user's password to be reset by mistake or lost.

[nbiton]

I tried to check if the EDIT_USER internal API can cause the problem:

• Used the saved postman request to change my user's email to something else - WORKS.
• Tried to login again as the new user with the new email address but with the same password - WORKS.

[franck-boullier]

Have you tried the following scenario:

Option 1:

• Do NOT create the user via invitation (pick a user that already exists)
• Invite this user to a case
• click on the invitation link
• log out
• try to log back in as this user with your initial email and login

Option 2:

• Create user A via the MEFE API
• User A uses the "fogot password mechanism" and log in to the MEFE
• Assign User A to Unit 1 via the MEFE API
• User A logs out from Unee-T
• User B invite User A to a case in Unit 1
• User A receives the invitation to the case
• User A clicks on the link to the case
• User A logs out
• User A tries to log back in with his login/password

[nbiton]

I'll try that too

[franck-boullier]

So far we have not been able to reproduce the issue.

The only solution we have so far is to add more logs to try to capture these event better if/when they happen...

[franck-boullier]

@nbiton spoke to the user. User did not realize that he never created his password and was trying an incorrect password.

See issue #811 for a followup on this