Comment

Improvement of change password UI/UX

Avatar

Level 1

13-09-2021

Request for Feature Enhancement (RFE) Summary:

Want to Improve input items and error message of chenge password.

Use-case:
  • /system/console/configMgr/org.apache.jackrabbit.oak.security.user.UserConfigurationImpl
    Enable "Password On First Login"
  • /system/console/configMgr/org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider
    Set "Configure PasswordValidationAction: Password Constraint"
  • For enhanced security, I want to lock my account after multiple authentication failures.
    For this purpose, we override "AuthenticationHandler.authenticationFailed" to achieve the lock function.
Current/Experienced Behavior:
  • After you have been authenticated with your ID and password, the password change screen will appear.
    You will need to enter the password again on the password change screen.
  • The message on new password validation error is "Your password has expired".
  • "AuthenticationHandler.authenticationFailed" is called with new password validation error.
    Therefore, it will be account locked due to a password validation error.
Improved/Expected Behavior:
  • Message at the time of password validation error is "Password violates password constraintd".
  • Do not call "AuthenticationHandler.authenticationFailed" with new password validation error.
    or to eliminate the current password when chenge password.
Environment Details (AEM version/service pack, any other specifics if applicable): AEM6.5
Customer-name/Organization name:  
Screenshot (if applicable): image.png
Code package (if applicable):