+1 to both of @burke’s points:
- this doesn’t need to block the Reference Application 2.3 release, since there is a workaround.
- In real life people will forget their passwords, and admins will need to be able to reset them.
My suggestion is that:
- resetting a password should generate a new random password and display it on the screen so that the administrator can communicate it to the user
- later we can replace “display it on the screen…” with “email it to the user’s configured email address”
- this should set the “need to change password” flag
- resetting a password should be logged
In this model we can’t fully protect from a malicious admin user, but it feels like the right tradeoff. (Eventually, once we support users having email addresses, and we can notify the user via email when their account is modified, then you’ll have some protection from a malicious admin, but for now a bit of logging is the best we can do.
@arbaughj had already created a ticket here:
I had closed it, but I will reopen it with a fixVersion of the next release rather than this one. (@wyclif, if you ever create a JIRA project for the Admin UI module, this should be moved there.)