Stop users from changing their password



  • Hello,
    I am an admin, and I have created a user X with password Y. When user X logs in they are able to change their password from Y to Z since there is a "change password" option in the setting. However, I do not want user X to be able to change their password, only admin (myself) can change user X's password. How can I stop user X from changing their password? is it even possible?

    Thank you.



  • I'm afraid that isn't possible. Users can change their password and you can't prevent it.
    The only way would be to implement a custom extension at this moment.

    What is the reason for preventing users to change their passwords? The passwords are autogenerated in your external system?



  • Thank you for your reply. We were looking at it as an option because jsreport does not check password strength and it was bothering us. At least if we could stop users from changing the password that could have been a good security. Is there a way we can enforce password strength? We have noticed an admin can add a user with a password as simple as 123 or 12. Is there a way we can ask admin for stronger password?

    Thank you.



  • Thank you, we will consider adding some password policy options. jsreport is mostly used internally so we didn't give this topic deep thoughts. You can subscribe here to the tracking issue:
    https://github.com/jsreport/jsreport/issues/875

    Btw did you consider using an external authorization server and single sign-on?
    https://jsreport.net/learn/authentication#single-sign-on-using-an-authorization-server

    Is there a way we can ask admin for stronger password?

    No in the current implementation. You would need a custom extension.



  • Thank you. We are definitely going to use an authorization server. Thank you very much.

    I will keep an eye on the issue on GitHub.

    Thank you very much.


Log in to reply
 

Looks like your connection to jsreport forum was lost, please wait while we try to reconnect.