The process for resetting password has been less than ideal. Currently, an administrator sets a temporary password or a user answers their "secret question" (a question and answer set the user previously provided). A medical record system should have a stronger approach to password security and not even an administrator should ever know a user's password (even temporarily). The current approach also puts an undue burden on administrators to reset passwords for users who have forgotten them. Some work has been done in this direction and the necessary functionality is already available in OpenMRS core.
The goal of this project is to provide a user interface to support self service password reset which already exist in core. The introduction of this ui should be done on both the Reference application and the Legacy UI
- Soft skills to interact with the community in order to gather requirements and technical feedback
- Add an form input field for email when creating users.
- Add form input fields for requesting password reset that can take either username or email.
- Monitor for the presence of password reset token in the request for the form that resets password.
- Add an input field to accept only new password.
- Provide customise feedback message.