Password policy should be applied upon upgrade

Bug #1756726 reported by Kristina Hoeppner on 2018-03-18
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Robert Lyon
18.04
High
Robert Lyon
18.10
High
Robert Lyon

Bug Description

In bug #845263 we implemented the password policy. When you upgrade, and you go to Admin -> Configure site -> Site options -> Security settings, it shows you the password policy, but existing accounts are not required to use it unless they change their password.

Only when you change the length of the password or the make-up are existing accounts required to reset their password.

It would be cleaner if upon upgrade all user accounts are required to adhere to the password policy as listed in the security settings.

This should be a change similar to the one in /admin/site/options.php lines 901-911

Additionally, everyone - including the current site admin, but excluding the root user - are required to adhere.

Reviewed: https://reviews.mahara.org/8656
Committed: https://git.mahara.org/mahara/mahara/commit/c7259178d4f48ce83c054e04d2642ae6798e9d88
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit c7259178d4f48ce83c054e04d2642ae6798e9d88
Author: Robert Lyon <email address hidden>
Date: Mon Mar 19 13:22:29 2018 +1300

Bug 1756726: Apply password policy on upgrade

Force all users on internal auth to reset their password on login
after upgrade

behatnotneeded

Change-Id: Ia988a0a7b939969bf0638eb410d17e1c88282c31
Signed-off-by: Robert Lyon <email address hidden>

Mahara Bot (dev-mahara) wrote :

Patch for "master" branch: https://reviews.mahara.org/8685

Reviewed: https://reviews.mahara.org/8685
Committed: https://git.mahara.org/mahara/mahara/commit/453c088b485475854f43b2345eb066d2f6e0e209
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit 453c088b485475854f43b2345eb066d2f6e0e209
Author: Robert Lyon <email address hidden>
Date: Thu Mar 22 13:10:25 2018 +1300

Bug 1756726: Only run the password reset if no policy

behatnotneeded

Change-Id: Ic45a568c23094c74532ac3fabe77a06477d77e71
Signed-off-by: Robert Lyon <email address hidden>

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/8684
Committed: https://git.mahara.org/mahara/mahara/commit/bc109ad5bc20b822268e34aa703f74b567856174
Submitter: Robert Lyon (<email address hidden>)
Branch: 18.04_STABLE

commit bc109ad5bc20b822268e34aa703f74b567856174
Author: Robert Lyon <email address hidden>
Date: Mon Mar 19 13:22:29 2018 +1300

Bug 1756726: Apply password policy on upgrade

Force all users on internal auth to reset their password on login
after upgrade

behatnotneeded

Change-Id: Ia988a0a7b939969bf0638eb410d17e1c88282c31
Signed-off-by: Robert Lyon <email address hidden>

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers