Activities of "mkinc"

• ABP Framework version: v7.2.1
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): Separated AuthServer
• Steps to reproduce the issue:
  • Create user, enabling the 'Should change password on next login'.
  • Login as user
  • When prompted for new password, use the original password for current, new and new (repeat)
• Expected behaviour: Error on submit / validation error that doesn't allow submit.
• Actual behaviour: Password is allowed and user is logged in.

I can't really see any justification to suggest this isn't a bug since forcing a user to change password on next login is something used for security. Untested: Does this affect the 'Force users to periodically change password' feature as well?

Hi maliming,

Thanks, we were using 7.1.1. I've upgraded to 7.2.1 and can see the feature which should work in our favour. We'll add some custom code to send the email.

It would be a great feature to have some sort of 'Invite user' action in user administration area AND 'Invite user' checkbox on user creation as part of the template.

Cheers,

Matt

• ABP Framework version: v7.1
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): Identity server separated

Is there any out of the box solution for any of the following:

Option A:

1. Admin creates user under a specific tenancy (optionally with user changes password on login)
2. User is emailed to say an account is created for them including their password.

Option B:

1. Admin creates user under a specific tenancy (optionally with user changes password on login)
2. Admin can click a button to invite that user to login to the system.

Option C:

1. Admin sets up an email address domain for which users can create accounts.
2. User can self register. If the email address domain used matches a domain relating to a tenant, it allows the registration, otherwise it does not allow the registration.

I did think the flow could be that the user is given a link to the 'Forgot password' page and goes through that flow, but this isn't very professional in my opinion. It seems strange that the out of the box solution is that anybody can create a user under any tenancy.

Thanks!