If the SMS handler is configured, user can reset their password using an SMS workflow. So far the implementation implies that user will enter their phone address on the first login and always have the possibility to change the SMS phone address in their profile. However, when the SMS user property is set by an external system via REST API it should be able to suppress changes by the user.
The following must be implemented
- When the user property handler is set to read-only, don't allow changing the value. Now the change buttons remain even when configured to be readonly.
- For security Reason, in the user profile show only the last three digits of the phone number
- Add new option to the SMS configuration to trigger the after-login interceptor independently of the SMS password-reset feature.
FX intern: accounting on