During this summer, @harisu worked on a GSoC project that will allow a user to be able to reset their password via email i.e they request to change their password, an email is sent to them with an auto generated reset token that expires after a configured period, and then they would have to visit a link included in the email to a form that would allow them to able to reset their password without requiring an admin.
I was hoping to merge these PRs into their respective OpenMRS master branches, he made changes to both core and the webservices.rest module to support this feature. There is no changes in the UI yet, I suggest we merge the current code to minimize future merge conflicts, it will also allow us to be able to make the necessary UI changes in the near future.
If no one has objections to this, I can create PRs so that others can take a look before I perform the merge.
I run the master branch during my day to day activities. So merging this earlier than later will ensure that we get enough time to test and catch bugs if any.
@wyclif I feel like I don’t have enough information to answer your question (or rather, I don’t know why you’re asking this question).
If you’re asking “is it okay to send a PR to merge new code into core and the webservices.rest module?”, the answer is obviously yes.
If you’re asking if it’s okay to merge the API for resetting passwords before there’s a UI for it, yes, I think that’s fine.
(Basically if you, as one of the longest-time OpenMRS devs, think it’s ready to merge, then it probably is. And you should just create the PR and ask for people to look at it. I would suggest, since this has a security angle to it, that you might ask @isears to review it also.)
Below are the PRs for core and webservices module;
Happy to take a look at this. I’ll leave a comment on the PR if I find any issues.