Project

General

Profile

Actions

Feature #3349

closed

Implement password management for technical accounts

Added by Peter Štrunc over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Jiří Koula
Target version:
Start date:
05/02/2023
Due date:
% Done:

100%

Estimated time:
Owner:
Jiří Koula

Description

Current state

Backend

PasswordChangeController
  • main entry point for password changes
  • passwordChange(UUID, PasswordChangeDto)
    • hardcoded IdmIdentityDto lookup
    • authenticates, if identity is not authenticated
      • for unauthenticated password change, or mustChange when logging in with expired password
    • Checks permission for password change after authentication
    • Calls identityService.passwordChange(identity, PasswordChangeDto)
      IdmIdentityService
  • Publishes IdmIdentityEvent.PASSWORD
    • identity-password-validate-processor(acc)
      • Fetches all identity accounts
      • Validates provided accounts (password change type)
      • Validates against system password policies for each account
    • identity-password-validate-processor(core)
      • Validates all aspects of password change (original pwd requirement, policies, change type)
    • identity-uniform-password-processor
      • Handles uniform password stuff and password filter echo
      • Uses identity only for account searches
    • identity-password-processor
      • saves PasswordDto and handles password age from idm password policy
    • core-identity-demo-change-processor
      • for monitoring changes on admin identity
    • identity-password-provisioning-processor
      • setup echo
      • call provisioningService.changePassword(identity, passwordChangeDto)
      • process results and handle password filter
    • identity-password-change-notification
      • Notifies identity of password change
        ProvisioningService
  • Calls provisioning executor changePassword
    • uses dto and PasswordChangeDto as input (no need for identity)

Frontend

All of frontend only works with identity and its accounts

PasswordChangeComponent
  • Renders form and sends requests to backend controller
  • hard coupling on identityManager and identityService
    PasswordChangeRoute
    PasswordRoute
    PasswordChangeForm

Requirements

Enable use case of changing account’s password from account detail
Support identity account and Technical accounts
Support accounts without owner (AccAccount)

Proposed changes

Backend

Introduce a new interface PasswordManageable
Extract common password management logic into common predecessors for all password processors
Move logic from PasswordController somewhere, where it can be generalized for different PasswordManageables
Move event type PASSWORD from IdmIdentityEventType to a new event type, which is not tied to IdmIdentity
  • Make all password processors react to this new event
    Update tests and write new ones for tech account password management

Frontend

Make PasswordChangeComponent take managers as a prop, so that we can supply correct managers
introduce new routes for password change on account detail
  • No need for other tabs such as Password details and Tokens, just change form
Actions #1

Updated by Peter Štrunc over 1 year ago

  • Target version changed from 1.1.0 to 1.2.0
Actions #2

Updated by Peter Štrunc about 1 year ago

  • Assignee changed from Peter Štrunc to Jiří Koula
  • Owner set to Jiří Koula
Actions #3

Updated by Peter Štrunc about 1 year ago

  • Sprint set to IdStory + Procorp - 01 (Oct 02 - Oct 18)
Actions #4

Updated by Jiří Koula about 1 year ago

  • % Done changed from 0 to 40
Actions #5

Updated by Jiří Koula about 1 year ago

  • % Done changed from 40 to 70
Actions #6

Updated by Jiří Koula about 1 year ago

  • % Done changed from 70 to 80
Actions #7

Updated by Jiří Koula about 1 year ago

  • Status changed from New to In Progress
Actions #8

Updated by Jiří Koula about 1 year ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Jiří Koula to Peter Štrunc
Actions #9

Updated by Peter Štrunc about 1 year ago

  • Sprint changed from IdStory + Procorp - 01 (Oct 02 - Oct 18) to IdStory + Procorp - 2 (Oct 18 - Nov 01)
Actions #10

Updated by Peter Štrunc about 1 year ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Peter Štrunc to Jiří Koula
  • % Done changed from 80 to 100

Reviewed and merged to develop

Actions #11

Updated by Martin Kolombo about 1 year ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF