Test policies for accept-invitation
Bug #328109 reported by
Paul Everitt
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
KARL3 |
Fix Released
|
Medium
|
Nat Katin-Borland |
Bug Description
Confirm the policies at http://
Changed in karl3: | |
importance: | Undecided → Medium |
milestone: | none → m3 |
Changed in karl3: | |
status: | Confirmed → Fix Committed |
Changed in karl3: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Update from OSI:
Accept Invitation
-Minimum password length should be a setting in the site configuration to allow for different sites to have different password policies. There was some concern that 8 characters might be too long to require in OSI’s KARL. Making this a setting will remove that concern
-Invitation expiration time? Do invitations expire after a given amount of time? If so, how long? Also, is it possible to make this a configuration in the settings file so sites can pick how secure they want to be?
-If invitations expire and an invitation has expired, when the moderator chooses to resend the invitation, is the expiration counter effectively reset when the new invitation is sent out?
-Test that an invitation expires after it is used. This protects against someone forwarding the invitation email to 10 other users