Feature #47765: mgr/dashboard: security improvements
mgr/dashboard: Enforce password change upon first login
For local user accounts, it should be possible to enforce a password change upon the first login to the dashboard. This could be determined by either having a flag associated with the user (e.g. "reset_password"), or by checking a "last login" timestamp (which would also make it possible to enforce a password change after a certain period of time). With regards to issue #24654 it might actually be feasible to have the "reset_password" flag as well.
#7 Updated by Tiago Melo over 1 year ago
I think we need to improve a few aspects of this process.
Here are the steps I would recommend:
1. The admin should be able to enable a field requiring the users to change his password next time he tries to log in.
This can be done during creation or update of the user.
2. When a user tries to login and the "reset password" flag is enabled, the login should fail.
The backend should respond with a special token that will be used to reset the password.
This token should have a TTL and be stored.
Maybe we could use the same field as the SSO, and send the redirect URL.
2.1 If a user tries to login again and there is already a reset token that has expired, the user should be disabled.
3. The user should be redirected to page, similar to login, where it does not need to be logged in.
The URL of this page should contain the token sent by the backend.
4. For extra security we should ask the user to type twice the new password.
After the user types the passwords and press "submit", we should attach the token to the request.
6. The backend will verify all the data and then change the user password.
If the TTL has expired, we should disabled the user account and show a message telling the user to contact an admin.
#14 Updated by Elzbieta Dziomdziora over 1 year ago
My plan for this ticket is to create a checkbox, where admin can decide whether the user has to or doesnt has to change the password. The value is set in access_control file under name forceCheckPwd, and it is going to be checked during login phase.
According to the ticket 40329, it will have expiration date, which will be checked when the forceCheckPwd is true.
When the time for changing password will expire,there will be massage to contact the admin.
When it will be possible to change password then the user will be navigate to the changePassword page.