Allow each user to change password #1526
Description
Is your feature request related to a problem? Please describe.
From a security and convenience standpoint, users should be able to change their own password. At the current time only an admin can do this.
Describe the solution you'd like
OED will have a new menu option as shown:
It will be added to the "Options" menu below "Log out" as indicated by the red arrow. The new text (needs to be internationalized and all new text) is shown in the red box.
When this is selected, a new page or modal will appear. It will be titled to indicate it enables a password change. The top of the page will indicate the user name for which the password is being changed. There will be three fields:
- Enter current password
- for security reasons
- Enter new password
- Confirm new password
These fields will have a similar look to the current admin user create page. The same warnings on password size and mismatch should appear for the new password. The ability to save is also limited to correct input.
The current password will be validated (similar to a login) and the password updated if the current password check passes. A standard success notification will be given or a standard failure notification if that happens. Note the user's token and login status should not be impacted by doing this. This is to protect against failure of the password change causing an issue.
Since OED site user names are not required to be an email and only used for identification, it is proposed that users cannot change their own user name. The rationale is that site admins may want to easily know the user name. It is true that the note field could be used for this so changing the user name would have less impact. If others feel this is undesirable then please comment.
There is no proposed change to the admin user pages.
Describe alternatives you've considered
The admin needs to make all password changes.
Additional context
None