Feature: User Password Reset

Overview

This feature sends an email to a existing user, then allows them to reset their password.

Flow

  1. Admin goes to Org List (ie. host/admin/organizations/)
  2. Within Org List, locate user and press 'Reset'
  3. Send activation invokes data services account/reset-password end point
  4. account/request-password will
    • verify the user is activated
    • will update the database with a token and expiration date
    • will send an email to the End User with a link to the Reset page
  5. End user will navigate to the supplied link where they will be prompted to enter a valid password
  6. The Reset page will invoke activate/{tokenid}/token end point.
  7. The Activate end point will
    • Ensure the Token has not expired
    • Update the User's account with the new password
  8. User will then be directed to go to the Login Page.