Defect #1554
closedChanging the password should clear block login date
100%
Description
Tested on version 9.3.4
Changing the password should clear blockLoginDate the same way it clears unsuccessfulAttempts.
Use-case:Password policy is:
- Login blocking time (seconds): 1800
- Maximum number of unsuccessful login attempts: 5
A user makes (at least) 5 unsuccessful attempts to login. So his login is blocked.
He goes to the administrator for help. The administrator changes the password and tells it to the user.
The user tries to login with the new password. But it doesn't work for next X minutes.
Updated by Ondřej Kopr about 5 years ago
- Status changed from New to In Progress
I confirm the broken behavior. Password change must clear block login date and unsuccessful attempts.
Updated by Ondřej Kopr about 5 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondřej Kopr to Vít Švanda
- % Done changed from 0 to 90
I add clear block login state into feature: #845
commit: https://github.com/bcvsolutions/CzechIdMng/commit/b2e2eea89b0afea4844da008adcd60d699b792fd
documentaion: https://wiki.czechidm.com/devel/documentation/security/dev/password-policies#password_and_blockunblock_login
Test is included.
Please Vitek could you make a review please?
Updated by Vít Švanda almost 5 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Ondřej Kopr
- % Done changed from 90 to 100
I tested it. Now it works well. Thanks for that.
Updated by Ondřej Kopr almost 5 years ago
- Status changed from Resolved to Closed