Opened 10 years ago

Closed 10 years ago

#804 closed (fixed)

Administrator option to require that a user must change password at next log-in

Reported by: olle Owned by: olle
Milestone: Proteios SE 2.19.0 Keywords:
Cc:

Description

Administrator should be able to require that a user must change password at next log-in, before continuing.

  1. When this setting is active, the user should be directed to a password change form directly after log-in, with a message stating that the password must be changed before continuing.
  2. Entering the same password as when used to log-in, should not be permitted, i.e. the password must be changed to something different.
  3. The only menu item that should be active should be File->Logout.

Change History (6)

comment:1 Changed 10 years ago by olle

Status: newassigned

Ticket accepted.

comment:2 Changed 10 years ago by olle

Functionality discussion regarding when and how the password change requirement flag can be set:

  • The administrator should be able to set the password change requirement flag both for a new and an existing user. The former case simplifies creation of several new user accounts sharing a standard password for first log-in, while the latter case may be used when one has indications that a user's password has leaked out, or one wants to enforce change of password after regular time intervals.
  • When creating a new user account, it is natural to set the password change requirement flag when the password is set.
  • For an existing user, it should be possible to set the password change requirement flag without setting a password. This allows the user to log in with the old password (which is normally unknown to the administrator) before changing it.
  • For an existing user, the administrator should get an indication whether the password change requirement flag is currently set for a user. It should also be possible for the administrator to reset the flag, if it was set erroneously.

comment:3 Changed 10 years ago by olle

Design discussion:

The task is a simple one, but requires cooperation of several classes to be implemented.

  • The flag may be stored as an extra column in the Users table, but it seems over-kill to change the database schema for a feature, that is very seldom used. The flag will therefore be coupled to the existence of a lock file in the <Proteios SE file directory>/conf/ directory, where also the user preferences file is stored. The lock file will have name <user log-in name>_change_password.lck, e.g. for user with log-in name "demo2", the lock file will have name "demo2_change_password.lck".
  • A new class/file core/LockFile.java in api/core/ will be introduced to manage lock files for a user. It will have a public creator LockFile(String userName, String suffix), where the suffix will be set to "_change_password" for this application. It will also have public methods boolean exists(), void save(), and void delete() to control its functionality.
  • New classes/files gui/form/ProfilePasswordChangeRequiredForm.java and gui/form/PasswordChangeRequiredCheckbox.java, both in client/servlet/ will be introduced for the GUI implementation, while new class/file action/user/SetPasswordChangeRequired.java in client/servlet/ will manage the password change requirement flag settings for an existing user.
  • The following file/class in api/core/ will be updated to implement password change requirement:
    1. core/User.java
  • The following files/classes in client/servlet/ will be updated to implement password change requirement:
    1. action/execute/Login.java
    2. action/user/AddUser.java
    3. action/user/ChangeMyPassword.java
    4. action/user/ViewActiveUser.java
    5. action/user/ViewMyProfileAction.java
    6. gui/form/NewUserForm.java
    7. gui/MainMenu.java
    8. locale/en/dictionary
Last edited 10 years ago by olle (previous) (diff)

comment:4 Changed 10 years ago by olle

(In [4463]) Refs #804. Refactoring of some files/classes in client/servlet/ related to user account management, in order to make the code format more consistent.

comment:5 Changed 10 years ago by olle

(In [4464]) Refs #804. First version of support for allowing the administrator to require that a user must change password at next log-in, before continuing.

Files/classes related to allowing the administrator to set the flag:

New files/classes:

  1. core/LockFile.java in api/core/
  2. gui/form/ProfilePasswordChangeRequiredForm.java in client/servlet/
  3. gui/form/PasswordChangeRequiredCheckbox.java in client/servlet/
  4. action/user/SetPasswordChangeRequired.java in client/servlet/

Updated files/classes:

  1. action/user/AddUser.java in client/servlet/
  2. action/user/ViewActiveUser.java in client/servlet/
  3. gui/form/NewUserForm.java in client/servlet/
  4. locale/en/dictionary in client/servlet/

Files/classes related to the affected user:

New files/classes:

  1. core/User.java in api/core/

Updated files/classes:

  1. action/execute/Login.java in client/servlet/
  2. action/user/ChangeMyPassword.java in client/servlet/
  3. action/user/ViewMyProfileAction.java in client/servlet/
  4. gui/MainMenu.java in client/servlet/

comment:6 Changed 10 years ago by olle

Resolution: fixed
Status: assignedclosed

Ticket closed as the requested functionality has been added.

Note: See TracTickets for help on using tickets.