Project

General

Profile

Actions

Task #266

closed

Password policy agenda, entity

Added by Ondřej Kopr almost 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ondřej Kopr
Category:
Password
Target version:
Start date:
01/10/2017
Due date:
% Done:

100%

Estimated time:
Owner:

Description

  • Create password policy agenda (crud) with entity,
  • entity with:
  • min/max password length,
  • min/max upper character,
  • min/max lower character,
  • min numbers,
  • min special non-alphanumeric characters,
  • use weak password dictonary (bool) #250,
  • check indentity properties (email, name, username, ...),
  • max password age,
  • warning before change passwords,
  • min password age for rechange,
  • ...,
  • how many rules must fulfill,
  • enhanced quality control passwords (just checkbox, implements in another task)

Related issues

Related to IdStory Identity Manager - Task #263: Passwords policyClosedOndřej Kopr01/09/2017

Actions
Related to IdStory Identity Manager - Task #268: Generate passwordClosedOndřej Kopr01/10/2017

Actions
Actions #1

Updated by Ondřej Kopr almost 8 years ago

  • Related to Task #263: Passwords policy added
Actions #2

Updated by Ondřej Kopr almost 8 years ago

  • Category set to Password
  • Target version set to Citrine (7.3.0)
Actions #3

Updated by Ondřej Kopr almost 8 years ago

  • % Done changed from 0 to 50
Actions #4

Updated by Ondřej Kopr almost 8 years ago

  • Assignee set to Ondřej Kopr
Actions #5

Updated by Ondřej Kopr almost 8 years ago

  • BE - create crud repository for password policy,
  • FE - create agenda with crud,
  • create password generator with two type - RANDOM created password and PASSPHRASE + dictonary
  • to PasswordPolicy add validation for password policy
Actions #6

Updated by Ondřej Kopr almost 8 years ago

  • % Done changed from 50 to 70
Actions #7

Updated by Ondřej Kopr almost 8 years ago

  • Before provisioning password change to systems is validate new password for all user systems,
  • for now is new password validate also for user with superAdminRole.

(DefaultProvisioningService, IdentityPasswordProcessor)

Actions #8

Updated by Ondřej Kopr almost 8 years ago

  • % Done changed from 70 to 90
Please do codereview a check functionality:
  • Base agenda for password policy,
  • password validation for IDM,
  • password validation for systems,
  • default password generate,
  • validation messages.

Thank you

Actions #9

Updated by Ondřej Kopr almost 8 years ago

  • Status changed from New to In Progress
Actions #10

Updated by Ondřej Kopr almost 8 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Ondřej Kopr to Radek Tomiška
Actions #11

Updated by Radek Tomiška almost 8 years ago

  • Related to Task #268: Generate password added
Actions #12

Updated by Radek Tomiška almost 8 years ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Radek Tomiška to Ondřej Kopr
  • % Done changed from 90 to 70
I did test and review and found some issues:
  • password policy detail should be the same as role detail (headers, panels, tabs ...)
  • add columns to password policy table:
    • standard policy
    • type will be first with some width (smallest as possible)
    • other important columns ...
  • prevent tab label break (enhanced quality control)
  • tab with systems - remove bulk operations at all
  • all details - showLoading is shown twice
  • policy save - duplicit standard policy is not saved. Please change behaviour about standard policy:
    • standard policy will be saved every time - just change previous standard policy to newly chosen policy
    • if standard policy for password validation is not found, then password change will work without it
    • if standard policy for password generation is not found, then password generation will work without it (use existing FE func)
    • add policy name to notification message (will be in message history)
    • hide form fields, when policy types (type, generation alg.) are changed - only valid fields will be shown
    • identity attributes enumeration is dead in editation (fill some attribute - save - open detail again)
      *some notification messages are not translated (error result codes)
  • remove btoa conversion from passwords - use the second deserializer for GuardedStrings (accent characters does not work in password now)
  • when password is successfully changed, then all error validation message should be hidden
  • when enhanced quality control is on, then validation message about password length is missing.
  • if standard policy exists is checked even if dm password is not changed.
  • what to do, when some password policies are in collision - e.g. min vs max password length?
  • nullpointer occurs on identity login, when password valid till is undefined
  • LoginDto - skipMustChange is propagated to client after login and could be defined in login. Hide this information to client or separate LoginDto (in / out)
  • PasswordChangeDto - magPasswordAge - the same as LoginDto
  • Password change works even when minPasswordAge is filled
  • IdmPassword - constructor is defined before fields
  • IdmPasswordPolicyRepository - find default type could return one password policy
  • Disabled password policy is used
  • IdmPasswordPolicyService, IdmPasswordService - javadoc is missing
  • IdmPasswordPolicy - wrong column names - see https://proj.bcvsolutions.eu/ngidm/doku.php?id=navrh:identifikatory
  • PasswordGenarator - Assert.notNull should be used instead custom method
  • wrong permisions on policies (FE) - RULE_...
  • remove redundant "public" modifier in all interfaces
  • IdmPasswordPolicyController - endpoint "/validate" and "/generate" colide with default endpoints (if some policy will have name "validate" etc.)
  • InitApplicationData - move default password policies to InitDemoData
Nice:
  • Using more result models in password validation
Actions #13

Updated by Ondřej Kopr almost 8 years ago

  • % Done changed from 70 to 80
  • I was try to unite detail with role detail, please check design :),
  • add columns: generateType, enchancedControl, minPasswordLength, maxPasswordLength. Also print info about default type,
  • tab label was reduced (enhanced control),
  • remove bulk operations,
  • showloading was reduced only to once,
  • policy save - all your notes was implemented,
  • btoa was removed, Guarded string - replace deserializer,
  • after success password change was removed valdiation message,
  • enhanced control and validation message about length was fixed, but problem was comparing enhanced error and minimal rules to fulfill, everything is now ok,
  • add validation to password policy attributes,
  • disabled password policy is no longer used,
  • permisions on policies (FE) updated,
  • modifier in all interfaces changed,
  • Method Assert.NotNull is not used in class PasswordGenerator, you work to much :D,
  • javadoc for services was added.

Some you issue now is still missing.

Actions #14

Updated by Ondřej Kopr almost 8 years ago

  • % Done changed from 80 to 90
Continue:
  • localization validation message,
  • add method Asssert.NotNull,
  • add @JsonIgnore to not used attributes in DTOs - loginDto, passwordValidationDto,
  • add better update method for change default type, thank you for information,
  • test init application, fix create default password policies,
  • add help block and change localization message to password policy detail (basic, advanced, characters),
  • endpoints generate and validat was changed to similar logic like search/quick -> validate/default and generate/default,
  • update ERD diagram.

For new logic (save default type policy change old one) create new tests.

Please check password policy now try to found hidden teapot.

Actions #15

Updated by Ondřej Kopr almost 8 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Ondřej Kopr to Radek Tomiška
Actions #16

Updated by Radek Tomiška almost 8 years ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Radek Tomiška to Ondřej Kopr
Almost everything was done, thx. I've founded some issues:
  • hide form fields, when policy type is empty (or prefill some default type)
  • when minimum length or password expiration is filled, then maximums are required (they could be empty)
  • onEnter on form does not works
  • Use @Enumerated(EnumType.STRING) for all enums used in entities
  • when standard policy is changed, then previous default policy detail is shown - default policy checkbox is still checked
  • add date format for dates in error notifications (passwod could be changed after 2011-05-02)

I like new help blocks and alerts on forms, very nice. Source code looks nice too, good job.

Actions #17

Updated by Ondřej Kopr almost 8 years ago

  • I added default type for new created password policy (validate),
  • added enumerated to type and typeGenerate columns (is necessary to drop these columns type and generate_type int -> varchar),
  • enter save now works,
  • fix validation when save password policy (check to min and max length),
  • add check to defaultPolicy into componentWillRecieveNextProps,

For better display error message with date, i used method _prepareParams in FlashMessagesManager -> check to date

Actions #18

Updated by Ondřej Kopr almost 8 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Ondřej Kopr to Radek Tomiška
Actions #19

Updated by Radek Tomiška almost 8 years ago

  • Status changed from Needs feedback to Closed
  • Assignee changed from Radek Tomiška to Ondřej Kopr
  • % Done changed from 90 to 100

It works, everything looks fine, thx.

Actions

Also available in: Atom PDF