Add password expiry for manual auth method
Description
Testing Instructions
Testing prerequisites
You need write access in the database for this test.
You need admin access to moodle.
You need to have two manual user account created in your database before doing the upgrade with the patch. One older than 30 days but newer than 60 days, one created within the last 30 days. (You may change the user "timecreated and
timemodified" value in the mdl_user table directly in the database).Update the moodle sourcefile.
Testing instructions
Run the following unit tests:
phpunit auth_manual_testcase auth/manual/tests/manual_test.php phpunit core_user_testcase lib/tests/user_test.php
As an admin, go to the "Password expiration settings" in the manual account auth settings page, put the option "Enable password expiry" to "yes", "Notification threshold" to "2 days" and click "Save changes".
Disconnect from the admin account and login with the old created user account.
You should see a notification message notice you that your password is expired.
Click cancel. You should remains connected.
Disconnect and login as an admin, go to the "Password expiry settings" in the manual account auth settings page, put the option "Enable password expiry" to "no" and click "Save changes".
Disconnect and login with the old created user account.
You should be connected without warnings.
Disconnect and login as an admin, go to the "Password expiry settings" in the manual account auth settings page, put the option "Enable password expiry" to "yes", the option "Password duration" to "60 days" and click "Save changes".
Disconnect and login with the old created user account.
You should be connect without warnings.
Disconnect and login as an admin, go to the "Password expiry settings" in the manual account auth settings page, put the option "Password duration" to "30 days" and click "Save changes".
Disconnect and login with the old created user account.
You should see a message warning you that your password is expired.
Change the password.
Disconnect from this account and reconnect again. You should not see the expiry notification message.
Disconnect from this account.
Login with the newly created user. You should not see the expiry notification message.
Disconnect from this account.
Go to the database and replace the "auth_manual_passwordupdatetime" value in "mdl_user_preferences" table for the old user with a unixtime around 29 days before the time in the value field
Login with the old user account. you should see a warning that your account will expire in 1 day will propose you to change it now. Click cancel and disconnect.
As an admin, go to the "Password expiry settings" in the manual account auth settings page, put the option "Notification threshold" to "Never" and click "Save changes".
Disconnect and login with the old user account. you should not see any warning. Disconnect.
As an admin, go to the "Password expiry settings" in the manual account auth settings page, put the option "Notification threshold" to "2 days" and click "Save changes".
Disconnect and login with the old user account. you should see a notification that your account will expire in 1 day will propose you to change it now. Update it now.
Disconnect and reconnect. You should not see any notification.
Automated test results
Pre-check results
Workaround
caused a regression
has been marked as being related by
Activity
Linking to a report about manual account auth users still being able to log in with an expired password - https://moodle.atlassian.net/browse/MDL-53044#icft=MDL-53044.
I notice that the testing instructions for this issue cover a lot of points, however they don't seem to include testing whether an expired password can still be used to log in.
Note that after this change if a site has both password expiry and guest access, the guest will get a message saying their password has expired https://moodle.atlassian.net/browse/MDL-45814#icft=MDL-45814
Removing docs_required label as this is documented here http://docs.moodle.org/27/en/Manual_accounts
Thanks Marina!
Thanks for your hard work. Your code is now part of Moodle.
Details
Details
Priority
Affects versions
Components
Assignee
Reporter
Peer reviewer
Integrator
Fix versions
Tester
Participants
Pull from Repository
Pull Main Diff URL
Pull Main Branch
Clockify
Start / Stop
Clockify

It may be nice to add password expiry for the manual accounts authentication method.