How to disable user password reset?

[VincentvgNn]

Description

In issue #16388 I mentioned a problem with password reset when the encryption is on. Currently the password reset will make all data unreadable. That's one reason why I want to block the password reset.
Above my OC users are quite inexperienced computer users and therefore I want to prevent them from changing passwords or using weak passwords. As an administrator I manage the passwords and want to disable the password reset option for the users.
How to do that?

Steps to reproduce

see: Description

Expected behavior

1. The administrator can disable the password reset for all users in the Admin settings.
2. Another option could be to disable it for each individual user or by groups in the user management.
3. The warning about data loss in the case of encryption should not be there if there is a correct recovery key set and if the password reset can be done without ending up with unreadable files.

Client configuration

n.a.

Server configuration

ownCloud version: 8.0.3 (stable)
List of activated apps: default apps + encryption
External storage: no
Encryption: yes

OC server installed at a web-hosting company. 4-5 GB storage.
Control via DirectAdmin and installation by using Installatron.
Own (non-shared) IP and using https.
Operating system: Linux Hosting Package
Web server: Apache
Database: MySQL
PHP version: 5.5.21

[MorrisJobke]

As a first step to avoid data loss there is a big warning in ownCloud 8.0+ - see #11696

Looks like this:

[VincentvgNn]

@MorrisJobke
Thanks for your quick response.
Yes, there is a (too) big warning and I thought that I knew what I was doing. The recovery key was set. So it should work safely. Therefore I even wondered about the presence of the warning. Unfortunately there is issue #16388 and the data will be lost anyway.
Luckily I'm still in the evaluating phase.

If password recovery is not working or giving "complicated" frightening messages, then I prefer to disable the feature for simple users.

[MorrisJobke]

@jancborchardt Regarding the UX component of this specific issue

[jancborchardt]

Well the UX component is that #16388 should damn probably be fixed. :D

Then we could add an option to disable user password reset. But honestly people forget their password so often that I’m really reluctant to do that. If they constantly need to run to the admin to ask for a new one they will quickly stop using ownCloud.

[VincentvgNn]

At issue #16388 @schiesbn answered that for a data recovery an admin intervention is always needed!
So in case of encryption it's almost useless to offer a password reset to the users.
The current warning does not tell the users that their data will be immediately unreadable and that they need the admin's help for later recovery anyway. And it also does not indicate whether the admin has set a recovery password yes or no.
No recovery key at the admin always means loosing all data!

As it is now, I prefer the option to disable the password reset.
"Better a phone call to the admin for a password reset than for a (partial) data recovery or an impossible recovery because there is no recovery key at all".

[schiessle]

At issue #16388 @schiesbn answered that for a data recovery an admin intervention is always needed!
So in case of encryption it's almost useless to offer a password reset to the users.

It is useful in some cases:

1. you know that you don't have a recovery key, so the admin can't help you too. In this case you can reset your password by your own, delete the files and upload them again from your backup or from the local copy created by the sync client.
2. You need to access your ownCloud now, e.g. to check your calendar, contacts or whatever but you can't reach your admin because it is late at night, weekend or whatever. In this case you could reset the password to access all your data (expect your files) and let the admin recover your files once he is available again.

To the general discussion: I see your reasons for having a option to switch off the password reset option. But I'm not sure if the use-case is that widespread hat it justifies a admin setting. Maybe a simple config.php setting? I leave this decision to @jancborchardt

"Better a phone call to the admin for a password reset than for a (partial) data recovery or an impossible recovery because there is no recovery key at all".

The second part will also not be solved with disabling the password reset. If you are the only one with a password/key to decrypt your files and you lose it your files are gone. Otherwise the encryption wouldn't be useful because it wouldn't be secure.

[VincentvgNn]

To prevent a possible misunderstanding, I would like to disable the password reset for the users only, not for the admin.

So the request is:
Not offering the reset procedure to the customer.
In the admin settings there should be a check box like: "Only the admin can manage password reset"
The customer should not get the message "Forgot your password? Reset it!", but "Forgot your password? Contact your administrator!" and entering the reset procedure should be blocked.

[kiu-ball]

+1

I'm exactly with VincentvgNn.

[mSys-mislav]

+1 for what @VincentvgNn said

[tfrdidi]

I just want to trigger thinking about that function that I think is a must have for the server side encryption.

I have activated the server side encryption and several users reseted their password without thinking about the warning. Now they do not know their old password -> it makes it impossible for them to update their private key.
I as admin have no possibility to give them access to their files back, because when I change their password with the recovery key I only recover the broken state after they reseted their password. Did I miss something that enables me to give them access to their files back?

[PVince81]

Similar to #16839

[PVince81]

@pmaier1

[pmaier1]

Add 'lost_password_link' => 'disabled', to config.php. For more information, see https://github.com/owncloud/core/blob/master/config/config.sample.php#L272.