Change password at first access - Best flow

BIZ TMS Sphinx
1

Hi,

we add users to Sphinx in back-office, and we want them change their password at first access. The flow could be:

  1. our software add a user with a generated password, and send a mail to user (OnUserCreated event doesn't get fired for back-office added users, i think that it's intentional). The mail contains userid and password.

  2. the user logs in to our software via Sphinx

  3. our software has to discover in some way if it's the first time that a user has logged in. If yes, our software shows immediately a form that the user will use to change the password

  4. the user enters current password (for security), and new password

  5. the software checks if the current password is correct, via CheckPassword

  6. the software requests a password change token via GeneratePasswordChangeToken

  7. the software change the password, via ChangePassword

Is this the best flow ? Am i missing some point ?

Thank you, ciao !

Paolo

1 Like
2

Hello Paolo,

Yes, that's a good flow.

Be aware that you can extend Sphinx users by creating your own descendant class and adding more information to it. This is explained here.

Thus, you can add fields that holds a flag if the user has ever logged in, or even a flag indicating password changing is required.

3

Thank you Wagner, as always !

Ciao

Paolo

1 Like
4

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.