Password policy should be applied upon upgrade
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Robert Lyon | ||
18.04 |
Fix Released
|
High
|
Robert Lyon | ||
18.10 |
Fix Released
|
High
|
Robert Lyon |
Bug Description
In bug #845263 we implemented the password policy. When you upgrade, and you go to Admin -> Configure site -> Site options -> Security settings, it shows you the password policy, but existing accounts are not required to use it unless they change their password.
Only when you change the length of the password or the make-up are existing accounts required to reset their password.
It would be cleaner if upon upgrade all user accounts are required to adhere to the password policy as listed in the security settings.
This should be a change similar to the one in /admin/
Additionally, everyone - including the current site admin, but excluding the root user - are required to adhere.
Patch for "master" branch: https:/ /reviews. mahara. org/8656