Password recovery 2.41 >

Hi Community,

We have a tricky scenario which I hope will trigger some discussion. As a standard on our instances we have Password expiry set mostly to 90 days and have email passwords configured. Recently we had to startup a DR backup from Dec on our servers but then found that all users passwords had expired upon login and they get a message to request a password recovery link. The issue is that we had to reset the password on the SMTP email server and now the stored password in the database was no longer correct and so password reset emails is not received/sent out.

I remember in previous version there was a screen where one could immediately reset your new password but now the flow seems only through password reset emails. Was this change intended for a reason as we believe it creates issues for DR and also necessitates accessing the Postgres db backend to find solutions some of which are not elegant or recommended.

Hi @Elmarie_Claasen

You are correct and there was a regression where newer versions had this same issue but then this was fixed in #patch-releases: Jira

Can you please share which version you’re currently on? I’d like to check if there’s a specific update that might resolve this for you.

Update:
Would you please try to login using the fallback login, [yourinstanceurl]/dhis-web-commons/security/login.action ? See if this login redirects you instead of saying ‘password expired’ only.

Thanks!

Hi Al-Gassim,

We solved the issue through updating one user’s last password reset date to a later date though I believe this is a hack. It would be good to prevent such occurences in the future by making it possible to reset an expired password from the fallback login page. Also the version used was 2.41.6.1