Changing passwords of 1C infobase users was a bit complicated before. Administrators had to manually change the password of users who forgot their credentials. When shifting to remote work, we conducted a survey on Wonderland and on the partner forum. Our users and partners expressed their wishes to improve the process of changing passwords. As a result, we have added a new password recovery procedure for users of file and server infobases.
Authentication form changes
Now you can add the "Forgot your password?" and the "Need help" buttons to authentication forms of thin, thick, and web clients by configuring the display in the infobase parameters.
Password recovery process
When you click the "Forgot your password?" button, one of three actions is performed:
- Following a link.
- Sending an email with a password recovery code from the standard 1C service.
- Sending an email with a password recovery code from any SMTP server whose address is configured by the administrator.
The first option will allow the administrator or partner to customize any password recovery behavior. In this case, when you click the "Forgot your password?" button, the browser page opens, which is specified in the infobase settings.
The standard 1C service option makes it possible to start the password recovery mechanism very easily. In this case, an email input form is shown to the user.
If the specified address is found, a new form to change the password appears when the user clicks "Get code":
Once the correct code is entered, the user can set a new password.
The platform controls the number of attempts to enter the confirmation code. If the value specified in the infobase settings is exceeded, the user must request a new code. In addition, the administrator can limit the frequency of requests for new codes and set the minimum time between requests.
The option of sending an email with a recovery code using the specified SMTP parameters is similar to using the standard 1C service. The email is sent not from 1C mail service but from SMTP server configured by the administrator (including the corporate one). This option also allows you to customize the individual text and email design.
If you use OpenID authentication, the password will be changed by the provider in any case since it is the provider that is authenticated. Once the password is changed, the authentication form opens in the provider.
The "Need help" button is used for providing the URL of the website with the useful tips for solving common issues: when the user cannot sign in, forgot their username, or is not registered in the infobase at all.
Changing authentication settings
You can change authentication settings from Designer and the 1C:Enterprise language.
In Designer, a new item "Additional authentication settings" has been added to the "Administration" menu.
A wide range of behavior settings has been implemented (see the screenshot below). You can also edit the text of the message you are sending.
In the 1C:Enterprise language, the AdditionalAuthenticationSettings object has been added to the global context. An example of changing authentication settings is shown below:
PasswordRecoverySettings = New PasswordsRecoverySettings();
Two new fields have been added to the infobase user edit form: the email address and the option to prevent the user from recovering their password.
In the 1C:Enterprise language, new properties have been added to the InfobaseUser data type to change user settings: EmailAddress and PasswordRecoveryDenied, which allow you to configure the appropriate parameters.
User password change events and failed attempts are recorded in the event log. For this purpose, registration of the "Email address" and "User cannot recover the password" fields has been added to user change events.