Changing passwords of 1C infobase users was a bit complicated. Administrators had to manually change the password of users who forgot their credentials. When shifting to remote work, we conducted a survey on Wonderland and on the partner forum. Users and partners expressed their wishes to make the process of changing passwords more convenient. As a result, we have added a new password recovery procedure for users of file and server infobases.
Authentication form changes
Now you can add "Forgot your password?" and "Need help" buttons to authentication forms of thin, thick, and web clients by configuring the display in the infobase parameters.
Password recovery process
When you click the "Forgot your password?" button, one of three actions is performed:
- Following a link.
- Sending an email with a password recovery code from the standard 1C service.
- Sending an email with a password recovery code from any SMTP server whose address is configured by the administrator.
The first option will allow the administrator or partner to customize any password recovery behavior. In this case, when you click the "Forgot your password?" button, the browser page specified in the infobase settings opens.
The option using the standard 1C service will make it possible to start the password recovery mechanism with very little effort. In this case, an email input form is shown to the user.
If the specified address is found, a new form to change the password appears when the user clicks "Get code".
Once the correct code is entered, the user can set a new password.
The platform controls the number of attempts to enter the confirmation code. If the value specified in the infobase settings is exceeded, the user must request a new code. In addition, the administrator can limit the frequency of requests for new codes and set the minimum time between requests.
The option of sending an email with a recovery code using the specified SMTP parameters is similar to using the standard 1C service. The email is sent not from the 1C mail service but from the SMTP server that the administrator configured (including the corporate one). This option also allows you to customize the individual text and email design.
If you use OpenID authentication, the password will be changed on the provider in any case since it is the provider that is authenticated. Once the password is changed, the authentication form opens in the provider.
You can click "Need help" to specify the address of the website with information about what to do when the user cannot log in, forgot their username, or is not registered in the infobase at all (where to call or write, where to register, and so on).
Changing authentication settings
You can change authentication settings from Designer and the 1C:Enterprise language.
In Designer, a new item "Additional authentication settings" has been added to the "Administration" menu»:
A wide range of behavior settings has been implemented.You can also edit the text of the message you are sending.
In the 1C:Enterprise language, the AdditionalAuthenticationSettings object has been added to the global context. An example of changing authentication settings is shown below:
PasswordRecoverySettings = New PasswordsRecoverySettings();
Two new fields have been added to the infobase user edit form: the email address and the option to prevent the user from recovering their password.
In the 1C:Enterprise language, new properties have been added to the InfobaseUser data type to change user settings: EmailAddress and PasswordRecoveryDenied, which allow you to configure the appropriate parameters.
User password change events and failed attempts are recorded in the event log. For this purpose, registration of the "Email address" and "User cannot recover the password" fields has been added to user change events.