mahara-contributors team mailing list archive

Thread
Date

[Bug 1756726] [NEW] Password policy should be applied upon upgrade

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Kristina Hoeppner <1756726@xxxxxxxxxxxxxxxxxx>
Date: Sun, 18 Mar 2018 19:14:15 -0000
Reply-to: Bug 1756726 <1756726@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

In bug #845263 we implemented the password policy. When you upgrade, and
you go to Admin -> Configure site -> Site options -> Security settings,
it shows you the password policy, but existing accounts are not required
to use it unless they change their password.

Only when you change the length of the password or the make-up are
existing accounts required to reset their password.

It would be cleaner if upon upgrade all user accounts are required to
adhere to the password policy as listed in the security settings.

This should be a change similar to the one in /admin/site/options.php
lines 901-911

Additionally, everyone - including the current site admin, but excluding
the root user - are required to adhere.

** Affects: mahara
     Importance: High
         Status: Confirmed

** Affects: mahara/18.04
     Importance: High
         Status: Confirmed

** Affects: mahara/18.10
     Importance: High
         Status: Confirmed

** Also affects: mahara/18.10
   Importance: Undecided
       Status: New

** Also affects: mahara/18.04
   Importance: High
       Status: Confirmed

** Changed in: mahara/18.10
       Status: New => Confirmed

** Changed in: mahara/18.10
   Importance: Undecided => High

** Changed in: mahara/18.10
    Milestone: None => 18.10.0

** Changed in: mahara/18.04
    Milestone: None => 18.04.0

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1756726

Title:
  Password policy should be applied upon upgrade

Status in Mahara:
  Confirmed
Status in Mahara 18.04 series:
  Confirmed
Status in Mahara 18.10 series:
  Confirmed

Bug description:
  In bug #845263 we implemented the password policy. When you upgrade,
  and you go to Admin -> Configure site -> Site options -> Security
  settings, it shows you the password policy, but existing accounts are
  not required to use it unless they change their password.

  Only when you change the length of the password or the make-up are
  existing accounts required to reset their password.

  It would be cleaner if upon upgrade all user accounts are required to
  adhere to the password policy as listed in the security settings.

  This should be a change similar to the one in /admin/site/options.php
  lines 901-911

  Additionally, everyone - including the current site admin, but
  excluding the root user - are required to adhere.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1756726/+subscriptions

Follow ups

[Bug 1756726] Re: Password policy should be applied upon upgrade
From: Cecilia Vela Gurovic, 2018-10-25
[Bug 1756726] Re: Password policy should be applied upon upgrade
From: Robert Lyon, 2018-04-05
[Bug 1756726] A change has been merged
From: Mahara Bot, 2018-03-22
[Bug 1756726] Re: Password policy should be applied upon upgrade
From: Robert Lyon, 2018-03-22
[Bug 1756726] Re: Password policy should be applied upon upgrade
From: Cecilia Vela Gurovic, 2018-03-22
[Bug 1756726] A change has been merged
From: Mahara Bot, 2018-03-22
[Bug 1756726] A patch has been submitted for review
From: Mahara Bot, 2018-03-22
[Bug 1756726] A patch has been submitted for review
From: Mahara Bot, 2018-03-22
[Bug 1756726] A change has been merged
From: Mahara Bot, 2018-03-21
[Bug 1756726] A patch has been submitted for review
From: Mahara Bot, 2018-03-19
[Bug 1756726] Re: Password policy should be applied upon upgrade
From: Robert Lyon, 2018-03-19