GSOC 2019: OpenMRS Password Reset UI - Final Presentation

Project Title: OpenMRS Password Reset UI

• Primary mentor: @harisu
• Backup mentor: @madushan
• Student: @ryan97
• Project wiki: Project Wiki page

Overview

The goal of this project was to provide a user interface to support self service password reset which already exist in core. This involved building an Open Web App to handle the password reset mechanism, and updating reference application, adding a mandatory email field to the user creation process to ensure that each user is created with an email, and also allow the possibility for users created previously without emails to append emails to their user object by editing the user.

Objectives(All completed)

• Add an form input field for email when creating users. Make field mandatory both during the creation of a user and during the editing of a user.
• Design and build an Open Web app which would allow a user to reset his/her password.
• Monitor for the presence of password reset token in the request for the form that resets password.
• Ensure that password strength is satisfactory before allowing user to reset password.
• Provide customized, informative feedback message on the success or failure of password reset. In the case of failure, the message should specify the reason for failure.

Contributions(Repositories)

• Openmrs Password Reset OWA
• Openmrs-core: Pull Request
• Openmrs AdminUI module : Pull Request
• Openmrs rest webservices : Pull Request

Contributions(Talk Threads)

• Main Project Thread
• Initial Talk Thread

Weekly Blog Posts

• Community Bonding
• Week 1
• Week 2
• Week 3
• Week 4
• Week 5
• Week 6
• Week 7
• Week 8
• Week 9
• Week 10
• Week 11
• Week 12

Resources

Mid-Term Presentation

Future Works

Right now, in order to use the password reset Open Web App(OWA) to reset a password, you need to get authenticated. That is, you need to log in before having access to the OWA from the legacy ui. I tried tweaking this a bit such that a user can access the OWA from the reference application login page by hitting the “forgot password” button, but I soon realized that although linking that button to the OWA would work, such that when a user clicks the forgot password button, he’s redirected to the password reset OWA(keep in mind he’s not logged in, he was just redirected, thus has not been authenticated). But when that user tries to trigger the password reset, he is then asked to log in as an unauthenticated user cannot access the openmrs rest webservices(password reset is a rest web service). I will continue looking into this after GSOC.

Thoughts on GSoC

Its been an amazing experience with OpenMRS for the Google Summer of Code 2019 session. I pushed myself a lot and learned some new and amazing things along the way. Started the program with zero knowledge in react, now I am fairly comfortable coding in react. I also expanded my knowledge in Java, Spring and Rest. Could not have asked for more. What should OpenMRS do to make the program better for the next sessions? MORE OF THE SAME!