XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      1/ run phpunit tests
      2/ disable password rotation restrictions and try changing password via change pw page and pw reset (regression testing only)
      3/ enable password rotation restriction (note that current password at the time of enabling is not tracker, I was bitten by this a few times thinking it does not work)
      4/ try changing own password - verify restriction is enforced
      5/ try resetting own password - verify restriction is enforced
      6/ signup as new user via email and verify the first password is tracked too

      Places where password rotation is tracked and enforced:

      • forgotten password
      • change own password
      • user signup

      Places where password rotation is NOT tracked and enforced:

      • using advanced user edit form - for security reasons nobody else should get any indication what was your password before!
      • user upload and automatic creation of passwords
      • web services
      Show
      1/ run phpunit tests 2/ disable password rotation restrictions and try changing password via change pw page and pw reset (regression testing only) 3/ enable password rotation restriction (note that current password at the time of enabling is not tracker, I was bitten by this a few times thinking it does not work) 4/ try changing own password - verify restriction is enforced 5/ try resetting own password - verify restriction is enforced 6/ signup as new user via email and verify the first password is tracked too Places where password rotation is tracked and enforced: forgotten password change own password user signup Places where password rotation is NOT tracked and enforced: using advanced user edit form - for security reasons nobody else should get any indication what was your password before! user upload and automatic creation of passwords web services
    • Affected Branches:
      MOODLE_27_STABLE
    • Fixed Branches:
      MOODLE_29_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      wip_MDL-47830_m29_pwrotation

      Description

      There should be a way to say how many changes of passwords are required before reuse. This idea is to track and enforce restrictions only when changing own password via standard means - that is change password form and password reset process.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                2 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  11/May/15