Allow changing password of local users if local login is disabled
Opened this issue · 1 comments
Is your feature request related to a problem? Please describe.
We're operating an ephios instance that relies on an external SSO provider. Hence, we have disabled local login so users don't accidentally enter their external credentials into the ephios login form.
For some administrative purposes, we still have a local admin account. For this account, we can't change the password, as disabling local login globally also hides the "change password" option on the settings even for local accounts.
Describe the solution you'd like
Do not hide the "change password" option on the settings page of local accounts even if local login is disabled globally.
Describe alternatives you've considered
It is still possible to change the password by using the password reset feature on the login page. However, this is not intuitive and depends on a valid email address being set on the account and mail delivery set up on the server.
Additional context
none
I think we should be able to determine how a User Profile is created and allow password changes for users create locally and still hide the option for profiles created through SSO. This probably could still cause trouble if people ever migrate away from the SSO, but you can then just show the login form together with the change password button again (is this how it works? I can't remember).
To distinguish local accounts, we could check whether the password is considered 'usable' by django?!