Warning
This document has not been updated for a while now. It may be out of date.
Last updated:
9 Jun 2020
signon: mass_password_reset
You might need to email all Signon users to reset their passwords. You could use a class like this to do it:
class PasswordResetEmail < ActionMailer::Base
def notification_email(user)
to = user.email
mail(to: to,
from: 'GOV.UK Signon <incident-response@govuk.zendesk.com>',
reply_to: 'incident-response@govuk.zendesk.com',
subject: 'Your GOV.UK Signon password will be reset',
content_type: 'text/plain',
body: %Q{Hi,
Your Signon password will be reset at TIME on DAY MONTH. You’ll be
able to work on GOV.UK as normal until that time. You don’t need to
take any action now.
This is happening to all Signon accounts and is part of ongoing work
to make GOV.UK more secure.
On DAY MONTH, you’ll be logged out of Signon. You’ll then get an email
telling you how to get a new password.
Once you have a new password you'll be able to continue to work on
GOV.UK as normal.
INSERT YOUR SIGNATURE HERE
})
end
end
The above copy has been written by content team and signed off for the use of a mass password reset. You should use it and replace the date, time and signature when you come to use it.
You should test this on yourself:
User.where(email: 'user.name@digital.cabinet-office.gov.uk').each do |user|
begin
puts "Attempting to email: #{user.email}"
PasswordResetEmail.notification_email(user).deliver
rescue Exception => err
puts "FAILED trying to email: #{user.email}. Error: #{err}"
end
end
And send it to all users who have signed in recently:
User.last_signed_in_after(90.days.ago).each do |user|
begin
puts "Attempting to email: #{user.email}"
PasswordResetEmail.notification_email(user).deliver
rescue Exception => err
puts "FAILED trying to email: #{user.email}. Error: #{err}"
end
end
When you need to reset their passwords:
random_password = User.send(:generate_token, 'encrypted_password').slice(0, 20)
user.password = random_password
user.password_confirmation = random_password
if user.save
ReauthEnforcer.perform_on(user)
user.send_reset_password_instructions
else
puts user.errors.full_messages
end