Devise: Force user to change password

Created on 20 Nov 2011  路  7Comments  路  Source: heartcombo/devise

Would be nice when admin create & notify user, add module like ":forceable" to force user change password when he login first time.

picture alexey

Most helpful comment

I am also interested in functionality for "force password reset after first login with password", that isn't necessarily limited to first login to the account. Setting a temporary password that can only be used once, and after that requires a password change, is a common "enteprisey" feature.

picture jrochkind on 21 Feb 2019
👍62

All 7 comments

You could create that easily in your application with either a Warden hook or a before_filter, to check if that was the 1st time the user was signing in, and then redirect to a proper url to change user password. Shouldn't be hard, but I believe it's not something we should add to Devise itself. Thanks.

carlosantoniodasilva picture carlosantoniodasilva on 20 Nov 2011

Hi,

i already created that before creating "issue" :) , just come to my mind as
idea for devise !

2011/11/20 Carlos Antonio da Silva <
[email protected]

You could create that easily in your application with either a Warden hook
or a before_filter, to check if that was the 1st time the user was signing
in, and then redirect to a proper url to change user password. Shouldn't be
hard, but I believe it's not something we should add to Devise itself.
Thanks.

Reply to this email directly or view it on GitHub:
https://github.com/plataformatec/devise/issues/1449#issuecomment-2803595

_Alexey Z.,_ :_skype_ _::_ _cat_of_duty_

alexey picture alexey on 20 Nov 2011

Nice. I think there is a section in the wiki about Devise extensions, feel free to add it to the list then pointing to your repo.

josevalim picture josevalim on 20 Nov 2011

@alexey thanks =), as Jos茅 said, it'd probably be a good extension.

carlosantoniodasilva picture carlosantoniodasilva on 21 Nov 2011

Hi,

i already created that before creating "issue" :) , just come to my mind as
idea for devise !

2011/11/20 Carlos Antonio da Silva <
[email protected]

You could create that easily in your application with either a Warden hook
or a before_filter, to check if that was the 1st time the user was signing
in, and then redirect to a proper url to change user password. Shouldn't be
hard, but I believe it's not something we should add to Devise itself.
Thanks.

Reply to this email directly or view it on GitHub:
#1449 (comment)

_Alexey Z.,_ :_skype_ _::_ _cat_of_duty_

Any chance we could refer your solution?

TheAshwanik picture TheAshwanik on 3 Jan 2019

I am also interested in functionality for "force password reset after first login with password", that isn't necessarily limited to first login to the account. Setting a temporary password that can only be used once, and after that requires a password change, is a common "enteprisey" feature.

jrochkind picture jrochkind on 21 Feb 2019
👍62

I think having a flag to force password reset (for whatever reason) on next user login should be a critical function of Devise (which is excelent by the way), as this is a great way of blocking suspect accounts or even resetting the entire user database passwords.

swedishpotato picture swedishpotato on 5 Nov 2019
👍4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

afuno picture afuno  路  3Comments
mvz picture mvz  路  3Comments
mikeki picture mikeki  路  4Comments
jmarchello picture jmarchello  路  4Comments
ragesoss picture ragesoss  路  3Comments