Moodle
  1. Moodle
  2. MDL-13557

Create a Bulk User Action to Force Password Change

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Duplicate
    • Affects Version/s: 1.9
    • Fix Version/s: None
    • Component/s: Administration
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE
    • Rank:
      12402

      Description

      It would be nice to be able to force a selected group of users to change their passwords. In particular I am thinking of cases in schools where there may have been a key logger used to steal some passwords. An administrator could select and force teachers to change their passwords next time they log in.

      1. MDL-13557.diff
        4 kB
        Anthony Borrow
      2. MDL-13557-v2.diff
        6 kB
        Iñaki Arenaza
      1. bulkuserslist.png
        141 kB
      2. groupmembers.png
        108 kB
      3. ldap_error.png
        168 kB

        Issue Links

          Activity

          Hide
          Anthony Borrow added a comment -

          Here is a patch to implement what I am thinking. I did not bother to check and see if the user preference force password change parameter was already set. In the case of confirming (which I used as my template), it would check to see if the record was already confirmed. Such a check did not seem warranted here. Peace - Anthony

          Show
          Anthony Borrow added a comment - Here is a patch to implement what I am thinking. I did not bother to check and see if the user preference force password change parameter was already set. In the case of confirming (which I used as my template), it would check to see if the record was already confirmed. Such a check did not seem warranted here. Peace - Anthony
          Hide
          Anthony Borrow added a comment -

          Just a note that this feature request has some discussion at: http://moodle.org/mod/forum/discuss.php?d=90858

          Séverin helped me to clarify that this request goes beyond using changeme. I commented there that:

          I think it would be an improvement if we were able to set the password to something else initially and also tag it as requiring to be changed. I think that would reduce the risk of a user account being hijacked. Which reminds that I should double check to ensure that the password validation checks are being enforced (when setup) during imports.

          Show
          Anthony Borrow added a comment - Just a note that this feature request has some discussion at: http://moodle.org/mod/forum/discuss.php?d=90858 Séverin helped me to clarify that this request goes beyond using changeme. I commented there that: I think it would be an improvement if we were able to set the password to something else initially and also tag it as requiring to be changed. I think that would reduce the risk of a user account being hijacked. Which reminds that I should double check to ensure that the password validation checks are being enforced (when setup) during imports.
          Hide
          Iñaki Arenaza added a comment -

          Here is an updated patch that adds support for bulk password reset (in addition to buld force password change), as discussed in the thread referenced previously by Anthony.

          Saludos. Iñaki.

          Show
          Iñaki Arenaza added a comment - Here is an updated patch that adds support for bulk password reset (in addition to buld force password change), as discussed in the thread referenced previously by Anthony. Saludos. Iñaki.
          Hide
          Anthony Borrow added a comment -

          Here is a screen shot of a PHP notice I received. I did not have ldap configured on my test environment but thought you might want to add a check for ldap password resets. I doubt this notice would come up much in production as I suspect that if I actually had the ldap authentication on and working that it might work but I figured I would at least share this screenshot with you. Peace - Anthony

          Show
          Anthony Borrow added a comment - Here is a screen shot of a PHP notice I received. I did not have ldap configured on my test environment but thought you might want to add a check for ldap password resets. I doubt this notice would come up much in production as I suspect that if I actually had the ldap authentication on and working that it might work but I figured I would at least share this screenshot with you. Peace - Anthony
          Hide
          Anthony Borrow added a comment -

          Nice work Iñaki! I tested the diff file today and it seems to work well. Since I've been doing some work with usability issues, my eye happened to catch
          that you are using the pushbuttons to add and remove folks from the lists. Thus the interface for:

          http://localhost/moodle/19stable/admin/user/user_bulk.php

          is slightly different than the interface for:

          http://localhost/moodle/19stable/group/members.php?group=1 (I'll attach a screenshot of the groups interface)

          I think they should be consistent. I also wonder if the available members in groups should be on the left. The way you set it up of having available members first (on the left - at least for cultures that read from left to right) seems more intuitive as you start with everyone and then show who is selected. I will raise this as a usability question for Laia in the GSOC and add her and David to the watchers of this issue.

          Peace - Anthony

          Show
          Anthony Borrow added a comment - Nice work Iñaki! I tested the diff file today and it seems to work well. Since I've been doing some work with usability issues, my eye happened to catch that you are using the pushbuttons to add and remove folks from the lists. Thus the interface for: http://localhost/moodle/19stable/admin/user/user_bulk.php is slightly different than the interface for: http://localhost/moodle/19stable/group/members.php?group=1 (I'll attach a screenshot of the groups interface) I think they should be consistent. I also wonder if the available members in groups should be on the left. The way you set it up of having available members first (on the left - at least for cultures that read from left to right) seems more intuitive as you start with everyone and then show who is selected. I will raise this as a usability question for Laia in the GSOC and add her and David to the watchers of this issue. Peace - Anthony
          Hide
          Anthony Borrow added a comment -

          screenshot of interface for selecting users for bulk user actions

          Show
          Anthony Borrow added a comment - screenshot of interface for selecting users for bulk user actions
          Hide
          Anthony Borrow added a comment -

          screenshot of interface for adding members to a group (to compare and contrast with selecting users for bulk user action)

          Show
          Anthony Borrow added a comment - screenshot of interface for adding members to a group (to compare and contrast with selecting users for bulk user action)
          Hide
          Anthony Borrow added a comment -

          Laia - I have added you to this because I thought it would be interesting to look at how users are added and removed from lists with in Moodle. I would want to see where all we do this type of thing and to ensure that we are doing it consistently (for example, available users on the left, selected members on the right, etc. Also where to place the pushbuttons so that they have a consistent look, feel, and function. Peace - Anthony

          Show
          Anthony Borrow added a comment - Laia - I have added you to this because I thought it would be interesting to look at how users are added and removed from lists with in Moodle. I would want to see where all we do this type of thing and to ensure that we are doing it consistently (for example, available users on the left, selected members on the right, etc. Also where to place the pushbuttons so that they have a consistent look, feel, and function. Peace - Anthony
          Hide
          Iñaki Arenaza added a comment -

          Hi Anthony,

          regarding the PHP notice, this is intended behaviour (as far as I can see). You are trying to reset the password of a user that is supposed to be authenticated by a plugin (LDAP in your particular case) that either isn't enabled or can't reset the user password. So there is trigger_error() call to notify you about this (which in generate a PHP notice by default).

          Saludos. Iñaki.

          Show
          Iñaki Arenaza added a comment - Hi Anthony, regarding the PHP notice, this is intended behaviour (as far as I can see). You are trying to reset the password of a user that is supposed to be authenticated by a plugin (LDAP in your particular case) that either isn't enabled or can't reset the user password. So there is trigger_error() call to notify you about this (which in generate a PHP notice by default). Saludos. Iñaki.
          Hide
          Iñaki Arenaza added a comment -

          Anthony,

          the patch doesn't use any buttons at all. The interface is the original one from the bulk user actions. The patch merely adds another bulk operation to the drop down list of available operations (and the code to perform the action iteslf, of course). So I'd say we'd need to open a new bug to address the usability issues.

          Show
          Iñaki Arenaza added a comment - Anthony, the patch doesn't use any buttons at all. The interface is the original one from the bulk user actions. The patch merely adds another bulk operation to the drop down list of available operations (and the code to perform the action iteslf, of course). So I'd say we'd need to open a new bug to address the usability issues.
          Hide
          Anthony Borrow added a comment -

          Iñaki - I suspected the PHP notice may have been intended but just wanted to double check. I see no reason not to apply your patch and add this functionality to Moodle. It seems to go along nicely with the improvements to confirm an email change - at least in the sense that it enables the admin to better manage password resets and force changes. As for those who might want to be able to set a password for a group of users I would encourage them to use the CSV import users and update the passwords for those users.

          Yes, I agree that the usability issue would be another issue. I only mentioned it here because I had been doing some work on usability issues and it stood out as a good example for the GSOC work. My comments here on the usability stuff are really intended for Laia and David. Peace - Anthony

          Show
          Anthony Borrow added a comment - Iñaki - I suspected the PHP notice may have been intended but just wanted to double check. I see no reason not to apply your patch and add this functionality to Moodle. It seems to go along nicely with the improvements to confirm an email change - at least in the sense that it enables the admin to better manage password resets and force changes. As for those who might want to be able to set a password for a group of users I would encourage them to use the CSV import users and update the passwords for those users. Yes, I agree that the usability issue would be another issue. I only mentioned it here because I had been doing some work on usability issues and it stood out as a good example for the GSOC work. My comments here on the usability stuff are really intended for Laia and David. Peace - Anthony
          Hide
          Anthony Borrow added a comment -

          I just thought I would comment here that by saying that this issue will be resolved by MDL-14932 I am only referring to the question about usability which Dongsheng was working on to make the add and remove arrows in a similar placement. The main patch here that Iñaki worked on and I tested would make a nice addition to some of the increased security offerings that have gone into 1.9. So my +1 for adding it to 1.9. Peace - Anthony

          Show
          Anthony Borrow added a comment - I just thought I would comment here that by saying that this issue will be resolved by MDL-14932 I am only referring to the question about usability which Dongsheng was working on to make the add and remove arrows in a similar placement. The main patch here that Iñaki worked on and I tested would make a nice addition to some of the increased security offerings that have gone into 1.9. So my +1 for adding it to 1.9. Peace - Anthony
          Hide
          Dongsheng Cai added a comment -

          Anthony, I checked the code in user_bulk.php, that page use formslib to align the buttons and lists, I cannot find a way to make it look exactly like the other place(group assigning and role assigning), should I remove the use of formslib, and write html code manually?

          Show
          Dongsheng Cai added a comment - Anthony, I checked the code in user_bulk.php, that page use formslib to align the buttons and lists, I cannot find a way to make it look exactly like the other place(group assigning and role assigning), should I remove the use of formslib, and write html code manually?
          Hide
          Anthony Borrow added a comment -

          Dongsheng - I had not looked at the code so thank you for following up. My idea was that if it was basically the same type of work that you were doing with the group stuff to go ahead and fix it here as well so that they were all consistent; however, If it is not the same then I would not worry about it for now. Instead, I would just create a separate issue and mark it as being related to administration and usability. I think it is minor and something we can revisit later. I would also be hesitant about moving away from mforms as I believe that most of the code in administration uses mforms so it would seem (at least froma a developers point of view) a step backwards. Peace - Anthony

          Show
          Anthony Borrow added a comment - Dongsheng - I had not looked at the code so thank you for following up. My idea was that if it was basically the same type of work that you were doing with the group stuff to go ahead and fix it here as well so that they were all consistent; however, If it is not the same then I would not worry about it for now. Instead, I would just create a separate issue and mark it as being related to administration and usability. I think it is minor and something we can revisit later. I would also be hesitant about moving away from mforms as I believe that most of the code in administration uses mforms so it would seem (at least froma a developers point of view) a step backwards. Peace - Anthony
          Hide
          Laia Subirats added a comment -

          Anthony - I checked what you told me about consistency and look and feel. Here http://docs.moodle.org/en/Student_projects/Usability_issues/Enrolement you could find the different enrolments screenshots, classification and conclusions. The conclusion is that:

          Ideally it should be only two types of uploading files:

          • The simple one: that would be applicable to Networking elements
          • The detailed one: that would be applicable to other enrolment pages and would contain:
            o All items specified at type 2: Add, remove, search, enrolment duration, starting from and hidden assignment
            o All items specified at type 1: Add all, remove all buttons

          Another issue that I do not understand is why there is a checkbox next to the eye and question mark button. I think that checkbox should be removed.

          Show
          Laia Subirats added a comment - Anthony - I checked what you told me about consistency and look and feel. Here http://docs.moodle.org/en/Student_projects/Usability_issues/Enrolement you could find the different enrolments screenshots, classification and conclusions. The conclusion is that: Ideally it should be only two types of uploading files: The simple one: that would be applicable to Networking elements The detailed one: that would be applicable to other enrolment pages and would contain: o All items specified at type 2: Add, remove, search, enrolment duration, starting from and hidden assignment o All items specified at type 1: Add all, remove all buttons Another issue that I do not understand is why there is a checkbox next to the eye and question mark button. I think that checkbox should be removed.
          Hide
          Anthony Borrow added a comment -

          I had forgotten that Iñaki had worked up a patch for this and I duplicated the effort. The only question I have has to do with the language string. Should the new strings be in moodle.php or admin.php? Otherwise, the functionality looks good to me so I would certainly give it my +1. I also agree that the usability issue is separate. Peace - Anthony

          Show
          Anthony Borrow added a comment - I had forgotten that Iñaki had worked up a patch for this and I duplicated the effort. The only question I have has to do with the language string. Should the new strings be in moodle.php or admin.php? Otherwise, the functionality looks good to me so I would certainly give it my +1. I also agree that the usability issue is separate. Peace - Anthony
          Hide
          Anthony Borrow added a comment -

          Should this patch be applied for Moodle 1.9.3 release?

          Show
          Anthony Borrow added a comment - Should this patch be applied for Moodle 1.9.3 release?
          Hide
          Artem Andreev added a comment -

          I think our improvment (MDL-16793) can facilitate the creation of new actions (no patches, change core code, etc). And peoples will be able to distribute its actions in Modules and plugins database.

          Show
          Artem Andreev added a comment - I think our improvment ( MDL-16793 ) can facilitate the creation of new actions (no patches, change core code, etc). And peoples will be able to distribute its actions in Modules and plugins database.
          Hide
          Anthony Borrow added a comment -

          Thanks Artem - yes, making these more modular and being able to drop in new actions as needed will be a definite help. My +1 for MDL-16793. Peace - Anthony

          Show
          Anthony Borrow added a comment - Thanks Artem - yes, making these more modular and being able to drop in new actions as needed will be a definite help. My +1 for MDL-16793 . Peace - Anthony
          Hide
          Anthony Borrow added a comment -

          Martin - I went ahead and stole this issue from you and am resolving it as a duplicate to MDL-19608. Peace - Anthony

          Show
          Anthony Borrow added a comment - Martin - I went ahead and stole this issue from you and am resolving it as a duplicate to MDL-19608. Peace - Anthony

            People

            • Votes:
              18 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: