Change password on first login

[latin-panda]

Is your feature request related to a problem? Please describe.
System admin users create accounts for CHWs and then share the password with them. To enhance the security of these accounts, there should be a way to prompt a password change on the first login.

Describe the solution you'd like
On the login page, create a feature to change the password with the following considerations:

• All UI texts should be translatable in CHT's supported languages
• This feature is enabled based on permissions (change_password_first_login)
• Only new users will be prompted to change their password on the first login when the permission is enabled.
• Subsequent logins won't require a password change.
• Changing the password in this step is an online action (they need internet)
• If the CHW can't change the password for some reason, they can't access the app
• If CHW logins for first login and closes the app before changing password, the next time they login (even though it is not technically first login) they are prompted to change password.

Figma design

The scope of this work is to enable changing the password on the first login. It doesn't include changing the password rules or current authentication mechanisms.

[garethbowen]

This feature is enabled based on permissions

Once the MVP is proven then reset password will be mandatory for all projects so we can ensure all users on all instances are not compromised in future. Until then it's fine to use a feature flag so projects can opt-in to try it out.

Subsequent logins won't require a password change.

One addition to this, is the user loses their phone, or forgets their password and the administrator resets it for them, then the user will be required to change their password again. This is because the password has almost certainly been shared in plaintext so it's once again vulnerable to future leaks.

[Benmuiruri]

Hi @garethbowen

I'll be starting this tomorrow (Oct 23). Probably start with conceptualizing the data flow then work on the UI first. Just checking whether you have any comment / clarification before I start ..(anything to add other that what we have in this thread) ?

cc @n-orlowski are we going with the single password input design or confirm password design in Figma?

[garethbowen]

@Benmuiruri Nothing to add regarding the UX. Potentially explore ways to keep it simple for the MVP, for example, is the password strength bar strictly necessary or something we can do in a separate issue?

From an implementation point of view, I think it's a fairly simple process of flagging the user with password_change_required: true (or something). This gives us flexibility to implement further features like forgotten password and admin reset easily using the same logic. We need to make sure this flag is set when users are created or have passwords changed whether that's done using the user management app, the admin app, direct to the db, or any other way. Make sure everyone is using the API or we'll have to intercept the POST request...

Finally, because this is in the authentication system we'll have to be very careful not to accidentally break anything. For example, if the feature flag is enabled once users are already logged in they should not be forced to change their password.

[n-orlowski]

@Benmuiruri let's do with the confirmation input. Also happy to drop the progress bar for MVP (but we should keep the written prompts)

[latin-panda]

Adding this to 4.16