https://tracker.ceph.com/https://tracker.ceph.com/favicon.ico2018-07-04T12:03:52ZCeph Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1161962018-07-04T12:03:52ZLenz Grimmer
<ul><li><strong>Assignee</strong> deleted (<del><i>Lenz Grimmer</i></del>)</li><li><strong>Tags</strong> set to <i>dashboard</i></li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1197092018-08-31T11:09:26ZLenz Grimmer
<ul><li><strong>Category</strong> changed from <i>132</i> to <i>150</i></li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1291662019-02-12T11:03:10ZElzbieta Dziomdziora
<ul><li><strong>Assignee</strong> set to <i>Elzbieta Dziomdziora</i></li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1377972019-06-04T06:17:36ZElzbieta Dziomdziora
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Fix Under Review</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1377982019-06-04T06:17:44ZElzbieta Dziomdziora
<ul><li><strong>% Done</strong> changed from <i>100</i> to <i>80</i></li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1380082019-06-06T07:49:26ZLenz Grimmer
<ul><li><strong>Pull request ID</strong> set to <i>28405</i></li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1389622019-06-17T13:10:33ZTiago Melo
<ul></ul><p>I think we need to improve a few aspects of this process.<br />Here are the steps I would recommend:</p>
<p>1. The admin should be able to enable a field requiring the users to change his password next time he tries to log in.<br />This can be done during creation or update of the user.</p>
<p>2. When a user tries to login and the "reset password" flag is enabled, the login should fail.<br />The backend should respond with a special token that will be used to reset the password.<br />This token should have a TTL and be stored.<br />Maybe we could use the same field as the SSO, and send the redirect URL.</p>
<p>2.1 If a user tries to login again and there is already a reset token that has expired, the user should be disabled.</p>
<p>3. The user should be redirected to page, similar to login, where it does not need to be logged in. <br />The URL of this page should contain the token sent by the backend.<br />p.e.: localhost/#/reset/<TOKEN></p>
<p>4. For extra security we should ask the user to type twice the new password.<br />After the user types the passwords and press "submit", we should attach the token to the request.</p>
<p>6. The backend will verify all the data and then change the user password.<br />If the TTL has expired, we should disabled the user account and show a message telling the user to contact an admin.</p> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1406032019-07-12T15:48:55ZLenz Grimmer
<ul><li><strong>Tags</strong> set to <i>security</i></li><li><strong>Target version</strong> set to <i>v15.0.0</i></li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1406112019-07-12T15:53:23ZLenz Grimmer
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed child" href="/issues/40248">Feature #40248</a>: mgr/dashboard: As a user, I want to change my password</i> added</li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1406152019-07-12T15:54:40ZLenz Grimmer
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed child" href="/issues/25229">Feature #25229</a>: mgr/dashboard: Provide user enable/disable capability</i> added</li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1406232019-07-12T15:55:25ZLenz Grimmer
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed child" href="/issues/25232">Feature #25232</a>: mgr/dashboard: Support minimum password complexity rules </i> added</li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1406252019-07-12T15:55:31ZLenz Grimmer
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed child parent" href="/issues/40329">Feature #40329</a>: mgr/dashboard: It should be possible to set an expiration date for the user password</i> added</li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1406352019-07-12T15:58:35ZLenz Grimmer
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-3 priority-4 priority-default closed child" href="/issues/39999">Feature #39999</a>: mgr/dashboard: Prevent brute-force/dictionary attacks against existing local user accounts</i> added</li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1419732019-07-29T09:25:50ZElzbieta Dziomdziora
<ul></ul><p>My plan for this ticket is to create a checkbox, where admin can decide whether the user has to or doesnt has to change the password. The value is set in access_control file under name forceCheckPwd, and it is going to be checked during login phase.<br />According to the ticket 40329, it will have expiration date, which will be checked when the forceCheckPwd is true. <br />When the time for changing password will expire,there will be massage to contact the admin. <br />When it will be possible to change password then the user will be navigate to the changePassword page.</p> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1479492019-10-08T09:21:43ZLenz Grimmer
<ul><li><strong>Pull request ID</strong> changed from <i>28405</i> to <i>29529</i></li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1545202019-12-17T08:45:30ZTatjana Dehler
<ul><li><strong>Status</strong> changed from <i>Fix Under Review</i> to <i>In Progress</i></li><li><strong>Assignee</strong> changed from <i>Elzbieta Dziomdziora</i> to <i>Tatjana Dehler</i></li><li><strong>% Done</strong> changed from <i>80</i> to <i>20</i></li><li><strong>Pull request ID</strong> deleted (<del><i>29529</i></del>)</li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1551972020-01-08T09:01:10ZTatjana Dehler
<ul><li><strong>Pull request ID</strong> set to <i>32543</i></li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1560672020-01-17T09:10:04ZTatjana Dehler
<ul><li><strong>Assignee</strong> changed from <i>Tatjana Dehler</i> to <i>Volker Theile</i></li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1567892020-01-24T09:37:23ZVolker Theile
<ul><li><strong>Priority</strong> changed from <i>Normal</i> to <i>Urgent</i></li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1592442020-02-21T15:46:11ZLenz Grimmer
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Resolved</i></li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1723552020-08-05T14:41:53ZErnesto Puerta
<ul><li><strong>Copied to</strong> <i><a class="issue tracker-9 status-6 priority-4 priority-default closed" href="/issues/46837">Backport #46837</a>: nautilus: mgr/dashboard: user management improvements (password change, password complexity, ...)</i> added</li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1723572020-08-05T14:42:00ZErnesto Puerta
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Pending Backport</i></li><li><strong>Backport</strong> set to <i>nautilus</i></li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1754822020-09-21T14:50:48ZErnesto Puerta
<ul><li><strong>Status</strong> changed from <i>Pending Backport</i> to <i>Closed</i></li><li><strong>Backport</strong> deleted (<del><i>nautilus</i></del>)</li></ul><p>For clean/safe backport it requires more <a href="https://tracker.ceph.com/issues/46837#note-4" class="external">than 11 additionall PRs</a></p>
<p>Closing.</p> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1767842020-10-06T10:45:10ZErnesto Puerta
<ul><li><strong>Parent task</strong> set to <i>#47765</i></li></ul> Dashboard - Feature #24655: mgr/dashboard: Enforce password change upon first loginhttps://tracker.ceph.com/issues/24655?journal_id=1919002021-04-15T17:30:15ZErnesto Puerta
<ul><li><strong>Project</strong> changed from <i>mgr</i> to <i>Dashboard</i></li><li><strong>Category</strong> changed from <i>150</i> to <i>Component - Users & Roles</i></li></ul>