Project

General

Profile

Actions

Task #2679

closed

Change minimum number of days for password validity check

Added by Vladimír Kotýnek about 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
High
Assignee:
Radek Tomiška
Category:
Password policy
Target version:
Start date:
02/10/2021
Due date:
% Done:

100%

Estimated time:
24.00 h
Owner:

Description

Requirements: https://wiki.czechidm.com/priv/navrh/selektivni_minimalni_platnost_hesla

In the current version of CzechIdM when the "minimum number of days for password validity" (condition) in password policy is set, password of the user can be changed only once in given number of days. No exceptions.

I'd like to change this behavior to:
  1. if the user changes his/her own password, the condition is mandatory
  2. if the user changes password to some other user (e. g. as an admin, help desk operator, manager...), the condition is never checked. Also during the next password change of this user the condition is not checked too
  3. if the password change comes from the password filter it always equals to the #1 case - the condition is mandatory
  4. if the password has set "must change" flag to true, the condition is never checked

This new behavior should be implicit - admin will not be able to enable the original behavior.

The condition is often used to prevent users from multiple password changes in a row to end up with the same password again. However when the user needs new password to be set by admin and change of the password is requred the condition prevents the user from doing it.


Related issues

Related to IdStory Identity Manager - Feature #2325: REST endpoint and behavior for password filterClosedOndřej Kopr06/16/202008/31/2020

Actions
Related to IdStory Identity Manager - Task #2714: Password policy: Implement BE bulk action for delete password policyClosedRadek Tomiška03/09/2021

Actions
Related to IdStory Identity Manager - Task #2738: Prove that password filter reacts properly to PASSWORD_CANNOT_CHANGE result codeRejectedOndrej Husník03/29/2021

Actions
Related to IdStory Identity Manager - Task #2858: Check Minimum number of days when changing password via password filter using superAdminRejectedVladimír Kotýnek06/16/2021

Actions
Actions #1

Updated by Vít Švanda about 3 years ago

  • Estimated time set to 24.00 h
Actions #2

Updated by Vít Švanda about 3 years ago

  • Priority changed from Normal to High
Actions #3

Updated by Radek Tomiška about 3 years ago

  • Status changed from New to In Progress
Actions #4

Updated by Radek Tomiška about 3 years ago

  • Related to Feature #2325: REST endpoint and behavior for password filter added
Actions #5

Updated by Radek Tomiška about 3 years ago

  • Related to Task #2714: Password policy: Implement BE bulk action for delete password policy added
Actions #6

Updated by Radek Tomiška about 3 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Radek Tomiška to Ondrej Husník
  • % Done changed from 0 to 90
Actions #7

Updated by Ondrej Husník almost 3 years ago

  • Related to Task #2738: Prove that password filter reacts properly to PASSWORD_CANNOT_CHANGE result code added
Actions #8

Updated by Ondrej Husník almost 3 years ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Ondrej Husník to Radek Tomiška
  • % Done changed from 90 to 100

I tested this feature and tried described scenarios. All of them seem to be working properly. I simulated password changes, invoked normally by pressing CTRL+ALT+DEL in Win, by querying password filter endpoints from SoapUI. This route also worked.
I dared to improve the localization little bit.
https://github.com/bcvsolutions/CzechIdMng/commit/2f4579ca117b7ce3b725972393ba3cd2b4353097
Splitting new feature and code refactoring into two separate commits would be appreciated next time. Except this it looks good. Good job.

Actions #9

Updated by Radek Tomiška almost 3 years ago

  • Status changed from Resolved to Closed
Actions #10

Updated by Vladimír Kotýnek almost 3 years ago

  • Related to Task #2858: Check Minimum number of days when changing password via password filter using superAdmin added
Actions

Also available in: Atom PDF