You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
/v1/users/reset/initiate initiates a password reset. If ?invalidate=true is specified, then the existing password is also immediately invalidated. The results of /v1/users/reset/initiate don't appear in the audit log. I think it makes sense that initiating a password reset isn't logged. However, if a password is invalidated, I think it'd be a good idea to log that, since that results in an immediate change to an existing resource. Only sitewide administrators can invalidate another user's password.
In terms of which action is logged, I think we could use user.update. Changing a password also logs user.update.
Note for the QA team: This change can be verified by clicking "Reset password" in the actions dropdown for a user on the Users page. Resetting a user's password from that page will invalidate it, which should now result in a new entry in the server audit log.
The text was updated successfully, but these errors were encountered:
/v1/users/reset/initiate initiates a password reset. If ?invalidate=true is specified, then the existing password is also immediately invalidated. The results of /v1/users/reset/initiate don't appear in the audit log. I think it makes sense that initiating a password reset isn't logged. However, if a password is invalidated, I think it'd be a good idea to log that, since that results in an immediate change to an existing resource. Only sitewide administrators can invalidate another user's password.
In terms of which action is logged, I think we could use
user.update
. Changing a password also logsuser.update
.Note for the QA team: This change can be verified by clicking "Reset password" in the actions dropdown for a user on the Users page. Resetting a user's password from that page will invalidate it, which should now result in a new entry in the server audit log.
The text was updated successfully, but these errors were encountered: