XMLWordPrintable

Details

    • MOODLE_27_STABLE
    • MOODLE_29_STABLE
    • wip_MDL-47830_m29_pwrotation
    • Hide

      1/ run phpunit tests
      2/ disable password rotation restrictions and try changing password via change pw page and pw reset (regression testing only)
      3/ enable password rotation restriction (note that current password at the time of enabling is not tracker, I was bitten by this a few times thinking it does not work)
      4/ try changing own password - verify restriction is enforced
      5/ try resetting own password - verify restriction is enforced
      6/ signup as new user via email and verify the first password is tracked too

      Places where password rotation is tracked and enforced:

      • forgotten password
      • change own password
      • user signup

      Places where password rotation is NOT tracked and enforced:

      • using advanced user edit form - for security reasons nobody else should get any indication what was your password before!
      • user upload and automatic creation of passwords
      • web services
      Show
      1/ run phpunit tests 2/ disable password rotation restrictions and try changing password via change pw page and pw reset (regression testing only) 3/ enable password rotation restriction (note that current password at the time of enabling is not tracker, I was bitten by this a few times thinking it does not work) 4/ try changing own password - verify restriction is enforced 5/ try resetting own password - verify restriction is enforced 6/ signup as new user via email and verify the first password is tracked too Places where password rotation is tracked and enforced: forgotten password change own password user signup Places where password rotation is NOT tracked and enforced: using advanced user edit form - for security reasons nobody else should get any indication what was your password before! user upload and automatic creation of passwords web services

    Description

      There should be a way to say how many changes of passwords are required before reuse. This idea is to track and enforce restrictions only when changing own password via standard means - that is change password form and password reset process.

      Attachments

        Issue Links

          Activity

            People

              skodak Petr Skoda
              skodak Petr Skoda
              Sam Hemelryk Sam Hemelryk
              Simey Lameze Simey Lameze
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
              Votes:
              2 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                11/May/15