We are dismantling our website’s SSO and switching to just using Discourse to manage user accounts. That means that all our current users need to create new passwords in order to access Discourse going forward.
What could be a good workflow for managing this?
I thought maybe triggering a password reset for all users might work (as long as could include a custom message to explain why that is happening), but I can’t figure out if this is even possible.
I think a global banner and maybe some Custom text on the login page.
You probably have some users that don’t want to log in the instant they get the login link, or don’t want to log in now and will have forgotten or won’t have read your email when they do want to log in.
The site is private, so the banner idea won’t work at all. Users can’t access the banner until the login.
The custom text idea seems workable.
I will also send an email to all our members to inform them of the change, as there are implications beyond logging in, so I can explain what steps they need to take there.
I’ll leave the issue open for a little while longer to see if anyone else has any ideas.
The search query “reset password rails” returned this:
I tried and it works indeed.
I suggest you temporarily edit the user_notifications.forgot_password.subject_template (email content) and user_notifications.forgot_password.text_body_template (email title) text strings to explain to users why they receive this password reset email.
Also, care should be taken regarding rate limits. I don’t know if the 5s waiting time in the script from the other topic is enough.