Mahara

Password policy should be applied upon upgrade

Bug #1756726 reported by Kristina Hoeppner on 2018-03-18

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Mahara	Fix Released	High	Robert Lyon	Mahara 18.04.0
18.04	Fix Released	High	Robert Lyon	Mahara 18.04.0
18.10	Fix Released	High	Robert Lyon	Mahara 18.10.0

Bug Description

In bug #845263 we implemented the password policy. When you upgrade, and you go to Admin -> Configure site -> Site options -> Security settings, it shows you the password policy, but existing accounts are not required to use it unless they change their password.

Only when you change the length of the password or the make-up are existing accounts required to reset their password.

It would be cleaner if upon upgrade all user accounts are required to adhere to the password policy as listed in the security settings.

This should be a change similar to the one in /admin/site/options.php lines 901-911

Additionally, everyone - including the current site admin, but excluding the root user - are required to adhere.

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-19: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/8656

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-21: A change has been merged

Reviewed: https://reviews.mahara.org/8656
Committed: https://git.mahara.org/mahara/mahara/commit/c7259178d4f48ce83c054e04d2642ae6798e9d88
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit c7259178d4f48ce83c054e04d2642ae6798e9d88
Author: Robert Lyon <email address hidden>
Date: Mon Mar 19 13:22:29 2018 +1300

Bug 1756726: Apply password policy on upgrade

Force all users on internal auth to reset their password on login
after upgrade

behatnotneeded

Change-Id: Ia988a0a7b939969bf0638eb410d17e1c88282c31
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-21: A patch has been submitted for review

Patch for "18.04_STABLE" branch: https://reviews.mahara.org/8684

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-22:

Patch for "master" branch: https://reviews.mahara.org/8685

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-22: A change has been merged

Reviewed: https://reviews.mahara.org/8685
Committed: https://git.mahara.org/mahara/mahara/commit/453c088b485475854f43b2345eb066d2f6e0e209
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit 453c088b485475854f43b2345eb066d2f6e0e209
Author: Robert Lyon <email address hidden>
Date: Thu Mar 22 13:10:25 2018 +1300

Bug 1756726: Only run the password reset if no policy

behatnotneeded

Change-Id: Ic45a568c23094c74532ac3fabe77a06477d77e71
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2018-03-22:

Reviewed: https://reviews.mahara.org/8684
Committed: https://git.mahara.org/mahara/mahara/commit/bc109ad5bc20b822268e34aa703f74b567856174
Submitter: Robert Lyon (<email address hidden>)
Branch: 18.04_STABLE

commit bc109ad5bc20b822268e34aa703f74b567856174
Author: Robert Lyon <email address hidden>
Date: Mon Mar 19 13:22:29 2018 +1300

Bug 1756726: Apply password policy on upgrade

Force all users on internal auth to reset their password on login
after upgrade

behatnotneeded

Change-Id: Ia988a0a7b939969bf0638eb410d17e1c88282c31
Signed-off-by: Robert Lyon <email address hidden>

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.