Suggestion: ability to send password reset emails from the Admin page of a user

(Dan Dascalescu) #1

As an admin, I would like to send a password reset email to a user.

Currently, if I go to the Admin page for the user, the only email-related option is to Deactivate the account, then Send an activation email. To send a password reset email, I’d have to go to the user’s public profile, then to Preferences.

Adding a “Reset password” option to the Admin page would save these extra steps.

@sam, is this what you had in mind in this post in a related thread?

(Sam Saffron) #2

Yeah, totally fine with a “Reset Password” button in admin/user.

(Jeff Atwood) #3

What is the situation where resetting a user’s password is necessary? Can you provide a real world example?

(mountain) #4

This has happened to me as a community owner.

A user comes back after an absence, forgot their password.

The email they used to sign up for the account, same thing, forgot the password. They may not even know what email they used to sign up with.

I go in, change the email address on the account and reset their password. They get the proper email prompts, ect.

Wish I could edit a user's full name from admin
(Allen - Watchman Monitoring) #5

When I’m on a support call with someone and they get super impressed with us for “just taking care of things for them”.

I second what @purldator mentioned… if they don’t know the email address, it’s hard for them to do the reset request themselves

(Jeff Atwood) #6

In that case it is really one action, not two – and that is what we should design for. “User forgot everything” button that resets email and password in one click. Though I guess you have to key in a valid email for them at minimum.

(Allen - Watchman Monitoring) #7

Not really… typically no email reset is needed. And those can be edited from the Admin already.

It boils down to requests I’ve made & seen here a number of times… it would be really nice if we could manage a user’s account from the Admin page directly, vs having to swap back and forth from the user/admin to user/preferences pages.

(edited for clarity)

(Mittineague) #8

Sounds a bit risky.

What if someone found an old account that hadn’t been seen for a while?

“Hi, I’m whoever and I forgot the email address I registered with and don’t remember the password.”

It may be prudent to send a “change has been requested” to the email registered with and maybe compare IPs, no?

Up to you how you vet it of course, just seems risky to me.

(Allen - Watchman Monitoring) #9

Well, currently, all I’d have to do is go to that user’s profile page & click the reset button…

This isn’t about a new feature, it’s about having more functionality on the admin page.

(Jeff Atwood) #10

I do not think we are describing the same scenarios here. If the user does not know their email, or they no longer have access to that email…

It would be nice to clarify the actual use case here with some examples. Because if the user forgot their password they can trivially reset it themselves, no admin required. Provided they know and still control the email address they signed up with.

(Dan Dascalescu) #11

My original use case was migrating users from another forum engine. I’d like to select a few users to beta test Discourse with, and since passwords can’t be easily migrated, emailing them to reset the password was as necessary as updating their user trust level.

Also, I’ve just noticed that that user fields (typically a profile property?) show up on the Admin page (see “What are you tracking” in my screencast). I guess I was looking for a clearer separation between profile and admin properties, but I agree it’s not straightforward to separate them. Maybe one criterion would be, “Is this field editable”? In the case of the user field, it’s not editable on the Admin page anyway, so it would belong to the user profile.

Just a thought.

(Allen - Watchman Monitoring) #12

Someone’s opened a ticket with us to get access, or they’ve called us up. Yes, they could have reset it themselves, but they didn’t.

We’re a full-service organziation, so “saying go here, click Login, click forgot, enter your password, etc” is much more work than going to the Admin page & clicking reset password.

When I was using vindia’s import user script, the issue was much worse because I had 100+ people’s password to reset.

(mountain) #13

They don’t email me the request.

I use the PM system of a social media network and they post from an account I know is theirs. That’s where the request usually comes from.

If they have no proof that satisfies me, they don’t get access to the account.