github/pangolin
1
1
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-04-06 01:11:57 +02:00
Code Issues 85 Packages Projects Releases Wiki Activity

User Details & Org security settings for Password Reset #1307

New Issue
Closed
opened 2026-04-05 18:50:45 +02:00 by MrUnknownDE · 0 comments
MrUnknownDE commented 2026-04-05 18:50:45 +02:00
Owner
Copy Link

Originally created by @adrianeastles on 6/27/2025

Community Contribution License Agreement

By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.

Description

Problem/Motivation:
Orgs currently lack the flexibility to reset passwords for internal users. Additionally, improving user management by making "Name" a more prominent field and defaulting to a more intuitive tab for user details will enhance usability.

Solution/Approach:
This pull request introduces a comprehensive set of changes to address user management for password reset and basic user details. I've added a dedicated "Security" tab within settings menu, allowing administrators to define the password reset token's validity period. This is implemented with a new API endpoint, updated backend logic for password resets, and corresponding frontend changes. I've also refined the user creation and management flows to incorporate the user's name more effectively and adjusted the default user details view for better UX.

Key Features & Changes:

  • Configurable Password Reset Token Expiration:
    • A new "Security" tab has been added to organization settings, accessible alongside the "General" tab.
    • Organizations can now set password reset token expiration from 1 to 24 hours (default: 1 hour).
    • This setting is applied globally for all password resets within that organization.
  • New API Endpoint for Security Settings:
    • Implemented updateOrgSecurity (PUT /org/{orgId}/security) for securely updating organization security parameters. This endpoint is protected with proper admin authorization.
  • Enhanced Password Reset Functionality:
    • The password reset process now dynamically uses the organization-specific expiry setting retrieved from the database.
  • User Details and Account Creation Enhancements:
    • Added a "Name" field to user details, visible in user management and prompted during user account creation.
    • The default tab when viewing user details has been changed from "Access Controls" to "Details" for improved navigation.

Technical Details:

Backend Changes:

  • server/routers/org/updateOrgSecurity.ts: Defines the new API endpoint responsible for handling updates to organization security settings, including the passwordResetTokenExpiryHours.
  • server/routers/external.ts: Adds the PUT /org/{orgId}/security route, making the new endpoint accessible.
  • server/routers/user/adminResetUserPassword.ts: Modified to fetch and use the passwordResetTokenExpiryHours from the organization's settings when generating a password reset token.

Frontend Changes:

  • src/app/[orgId]/settings/general/layout.tsx: Updated to include navigation to the new "Security" tab within the organization settings layout.
  • src/app/[orgId]/settings/general/security/page.tsx: Contains the React component for the security settings form, allowing administrators to configure the token expiration.
  • src/app/[orgId]/settings/access/users/[userId]/page.tsx: Modified the default page to "Details" tab when viewing individual user profiles.

Database Integration:

  • A new column, passwordResetTokenExpiryHours, has been added to the orgs table.
  • This column is designed with backward compatibility in mind, ensuring existing organizations default to a 1-hour expiration.

How to test?

Scenario 1: Configure Password Reset Token Expiration

  1. Log in as an organization administrator.
  2. Navigate to Organization Settings.
  3. Click on the newly added Security tab.
  4. Observe the "Password Reset Token Expiration" field, defaulting to 1 hour.
  5. Change the value to 12 hours and click Save.
  6. Verify that a success message is displayed.
  7. (Optional, for backend verification): If you have access to the database, check the orgs table for the corresponding organization and confirm passwordResetTokenExpiryHours is set to 12.
  8. As the same administrator, go to Access Controls -> Users.
  9. Select a user and initiate a Password Reset.
  10. Use the password reset link that was sent to the user (e.g., via email or a temporary display) and successfully create a new password.
  11. Repeat steps 5-10 with a different value (e.g., 1 hour, 24 hours) to ensure the range works. Also, test entering an invalid value (e.g., 0, 25, text) and confirm appropriate validation errors.

Scenario 2: User Name and Default Tab

  1. Log in as an organization administrator.
  2. Navigate to Access Controls -> Users.
  3. Click Add User.
  4. Fill in the user details, ensuring the Name field is present and you can input a value. Complete the user creation.
  5. After the user is created, click on the newly created user's entry in the list.
  6. Confirm that when the user's details page loads, the Details tab is selected by default (not "Access Controls").
  7. Verify that the "Name" you entered during creation is correctly displayed.

Screenshots

  • If you have SMTP set up, an email with the password reset link will be sent to the user.
  • If no SMTP is set up, you can generate the link directly within the UI.

User Account Password Reset Screen.

Screenshot 2025-06-27 at 7 48 39 am

Password Reset Option No SMTP

Screenshot 2025-06-27 at 7 57 52 am

Password Reset Option With SMTP & Email UI

Screenshot 2025-06-27 at 8 16 20 am Screenshot 2025-06-27 at 8 18 22 am

User Password Reset UI Dialog (After getting the URL)

Screenshot 2025-06-27 at 7 58 21 am

Two-factor authentication prompt when resetting password via generated link

Screenshot 2025-06-27 at 9 04 41 am
*Originally created by @adrianeastles on 6/27/2025* ## Community Contribution License Agreement By creating this pull request, I grant the project maintainers an unlimited, perpetual license to use, modify, and redistribute these contributions under any terms they choose, including both the AGPLv3 and the Fossorial Commercial license terms. I represent that I have the right to grant this license for all contributed content. ## Description **Problem/Motivation:** Orgs currently lack the flexibility to reset passwords for internal users. Additionally, improving user management by making "Name" a more prominent field and defaulting to a more intuitive tab for user details will enhance usability. **Solution/Approach:** This pull request introduces a comprehensive set of changes to address user management for password reset and basic user details. I've added a dedicated "Security" tab within settings menu, allowing administrators to define the password reset token's validity period. This is implemented with a new API endpoint, updated backend logic for password resets, and corresponding frontend changes. I've also refined the user creation and management flows to incorporate the user's name more effectively and adjusted the default user details view for better UX. **Key Features & Changes:** * **Configurable Password Reset Token Expiration:** * A new "Security" tab has been added to organization settings, accessible alongside the "General" tab. * Organizations can now set password reset token expiration from 1 to 24 hours (default: 1 hour). * This setting is applied globally for all password resets within that organization. * **New API Endpoint for Security Settings:** * Implemented `updateOrgSecurity` (PUT `/org/{orgId}/security`) for securely updating organization security parameters. This endpoint is protected with proper admin authorization. * **Enhanced Password Reset Functionality:** * The password reset process now dynamically uses the organization-specific expiry setting retrieved from the database. * **User Details and Account Creation Enhancements:** * Added a "Name" field to user details, visible in user management and prompted during user account creation. * The default tab when viewing user details has been changed from "Access Controls" to "Details" for improved navigation. **Technical Details:** **Backend Changes:** - `server/routers/org/updateOrgSecurity.ts`: Defines the new API endpoint responsible for handling updates to organization security settings, including the `passwordResetTokenExpiryHours`. - `server/routers/external.ts`: Adds the `PUT /org/{orgId}/security` route, making the new endpoint accessible. - `server/routers/user/adminResetUserPassword.ts`: Modified to fetch and use the `passwordResetTokenExpiryHours` from the organization's settings when generating a password reset token. **Frontend Changes:** - `src/app/[orgId]/settings/general/layout.tsx`: Updated to include navigation to the new "Security" tab within the organization settings layout. - `src/app/[orgId]/settings/general/security/page.tsx`: Contains the React component for the security settings form, allowing administrators to configure the token expiration. - `src/app/[orgId]/settings/access/users/[userId]/page.tsx`: Modified the default page to "Details" tab when viewing individual user profiles. **Database Integration:** - A new column, `passwordResetTokenExpiryHours`, has been added to the `orgs` table. - This column is designed with backward compatibility in mind, ensuring existing organizations default to a 1-hour expiration. ## How to test? **Scenario 1: Configure Password Reset Token Expiration** 1. Log in as an organization administrator. 2. Navigate to **Organization Settings**. 3. Click on the newly added **Security** tab. 4. Observe the "Password Reset Token Expiration" field, defaulting to 1 hour. 5. Change the value to **12 hours** and click **Save**. 6. Verify that a success message is displayed. 7. (Optional, for backend verification): If you have access to the database, check the `orgs` table for the corresponding organization and confirm `passwordResetTokenExpiryHours` is set to 12. 8. As the same administrator, go to **Access Controls** -> **Users**. 9. Select a user and initiate a **Password Reset**. 10. **Use the password reset link that was sent to the user (e.g., via email or a temporary display) and successfully create a new password.** 11. Repeat steps 5-10 with a different value (e.g., 1 hour, 24 hours) to ensure the range works. Also, test entering an invalid value (e.g., 0, 25, text) and confirm appropriate validation errors. **Scenario 2: User Name and Default Tab** 1. Log in as an organization administrator. 2. Navigate to **Access Controls** -> **Users**. 3. Click **Add User**. 4. Fill in the user details, ensuring the **Name** field is present and you can input a value. Complete the user creation. 5. After the user is created, click on the newly created user's entry in the list. 6. Confirm that when the user's details page loads, the **Details** tab is selected by default (not "Access Controls"). 7. Verify that the "Name" you entered during creation is correctly displayed. ### Screenshots * If you have SMTP set up, an email with the password reset link will be sent to the user. * If no SMTP is set up, you can generate the link directly within the UI. # User Account Password Reset Screen. <img width="1785" alt="Screenshot 2025-06-27 at 7 48 39 am" src="https://github.com/user-attachments/assets/935c06c7-1c1c-4740-9bff-8e07673cbdee" /> # Password Reset Option No SMTP <img width="1508" alt="Screenshot 2025-06-27 at 7 57 52 am" src="https://github.com/user-attachments/assets/aaa1c0dd-bac0-468a-a7dd-3ec4f5f7ecac" /> # Password Reset Option With SMTP & Email UI <img width="1521" alt="Screenshot 2025-06-27 at 8 16 20 am" src="https://github.com/user-attachments/assets/c06888b2-6640-47b3-ae7c-560b4eb10293" /> <img width="542" alt="Screenshot 2025-06-27 at 8 18 22 am" src="https://github.com/user-attachments/assets/c1bf1388-662d-4178-b9c5-f36850d3bcfe" /> # User Password Reset UI Dialog (After getting the URL) <img width="538" alt="Screenshot 2025-06-27 at 7 58 21 am" src="https://github.com/user-attachments/assets/d1161e39-4533-4e06-97ed-569f327f4382" /> # Two-factor authentication prompt when resetting password via generated link <img width="495" alt="Screenshot 2025-06-27 at 9 04 41 am" src="https://github.com/user-attachments/assets/ff4825fe-faba-405a-bd2a-11d59f4e08cc" />
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Improvement
Improvement
Improvement
Improvement
Look Into
Security
Security
api
api
authentication
authentication
authentication
authentication
authentication
authentication
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
config
config
config
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
docker
docker
docker
docker
docker
documentation
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
go
go
go
go
go
go
go
go
go
go
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
networking
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
question
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
ui
ui
ui
ui
ui
ui
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
MrUnknownDE
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github/pangolin#1307
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?