We have a tricky scenario which I hope will trigger some discussion. As a standard on our instances we have Password expiry set mostly to 90 days and have email passwords configured. Recently we had to startup a DR backup from Dec on our servers but then found that all users passwords had expired upon login and they get a message to request a password recovery link. The issue is that we had to reset the password on the SMTP email server and now the stored password in the database was no longer correct and so password reset emails is not received/sent out.
I remember in previous version there was a screen where one could immediately reset your new password but now the flow seems only through password reset emails. Was this change intended for a reason as we believe it creates issues for DR and also necessitates accessing the Postgres db backend to find solutions some of which are not elegant or recommended.
You are correct and there was a regression where newer versions had this same issue but then this was fixed in #patch-releases:Jira
Can you please share which version you’re currently on? I’d like to check if there’s a specific update that might resolve this for you.
Update:
Would you please try to login using the fallback login, [yourinstanceurl]/dhis-web-commons/security/login.action ? See if this login redirects you instead of saying ‘password expired’ only.
We solved the issue through updating one user’s last password reset date to a later date though I believe this is a hack. It would be good to prevent such occurences in the future by making it possible to reset an expired password from the fallback login page. Also the version used was 2.41.6.1
I have received a confirmation that this is due to a security update as for better security there “needs to be started by sending an email to the user with the expired password”. Changing this functionality would require frontend/backend changes thus a new feature request (see ideas) which will only be prioritized if it’s needed by implementations in the field (real world use-cases).