You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@allura.apache.org by Dave Brondsema <da...@brondsema.net> on 2019/05/20 16:00:21 UTC

[allura:tickets] #8287 Backfill all previous_login_details - NEEDS SCRIPT



---

** [tickets:#8287] Backfill all previous_login_details - NEEDS SCRIPT**

**Status:** in-progress
**Milestone:** unreleased
**Created:** Mon May 20, 2019 04:00 PM UTC by Dave Brondsema
**Last Updated:** Mon May 20, 2019 04:00 PM UTC
**Owner:** Dave Brondsema


With [#8278] `previous_login_details` started getting stored and backfilled after successful logins.  With [#8279] to check for strong enough passwords during login, it relies on checking `previous_login_details` to know what kind of password reset to do, but `previous_login_details` might not be populated yet.  So we should have a script to backfil that field for everyone so we can rely on it.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #8287 Backfill all previous_login_details - NEEDS SCRIPT

Posted by Kenton Taylor <kt...@slashdotmedia.com>.

- **status**: review --> closed



---

** [tickets:#8287] Backfill all previous_login_details - NEEDS SCRIPT**

**Status:** closed
**Milestone:** unreleased
**Created:** Mon May 20, 2019 04:00 PM UTC by Dave Brondsema
**Last Updated:** Tue May 21, 2019 06:54 PM UTC
**Owner:** Dave Brondsema


With [#8278] `previous_login_details` started getting stored and backfilled after successful logins.  With [#8279] to check for strong enough passwords during login, it relies on checking `previous_login_details` to know what kind of password reset to do, but `previous_login_details` might not be populated yet.  So we should have a script to backfil that field for everyone so we can rely on it.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] Re: #8287 Backfill all previous_login_details - NEEDS SCRIPT

Posted by Dave Brondsema <da...@brondsema.net>.

Yes, although its only really necessary if you want to enable the `auth.hibp_failure_force_pwd_change` setting.  That new setting checks partial password hashes against https://haveibeenpwned.com/Passwords and forces affected users to change their password.

(And the "NEEDS SCRIPT" in the ticket title will help us remember to include specific instructions when we make a release changelog).  


---

** [tickets:#8287] Backfill all previous_login_details - NEEDS SCRIPT**

**Status:** review
**Milestone:** unreleased
**Created:** Mon May 20, 2019 04:00 PM UTC by Dave Brondsema
**Last Updated:** Tue May 21, 2019 05:23 PM UTC
**Owner:** Dave Brondsema


With [#8278] `previous_login_details` started getting stored and backfilled after successful logins.  With [#8279] to check for strong enough passwords during login, it relies on checking `previous_login_details` to know what kind of password reset to do, but `previous_login_details` might not be populated yet.  So we should have a script to backfil that field for everyone so we can rely on it.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] Re: #8287 Backfill all previous_login_details - NEEDS SCRIPT

Posted by Ingo <in...@gmx.net>.

I think, I didn't get it, yet. Will I need to run this script at the next
Allura upgrade?



---

** [tickets:#8287] Backfill all previous_login_details - NEEDS SCRIPT**

**Status:** review
**Milestone:** unreleased
**Created:** Mon May 20, 2019 04:00 PM UTC by Dave Brondsema
**Last Updated:** Tue May 21, 2019 05:23 PM UTC
**Owner:** Dave Brondsema


With [#8278] `previous_login_details` started getting stored and backfilled after successful logins.  With [#8279] to check for strong enough passwords during login, it relies on checking `previous_login_details` to know what kind of password reset to do, but `previous_login_details` might not be populated yet.  So we should have a script to backfil that field for everyone so we can rely on it.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] #8287 Backfill all previous_login_details - NEEDS SCRIPT

Posted by Dave Brondsema <da...@brondsema.net>.

- **status**: in-progress --> review
- **Comment**:

db/8287

`paste script path/to/your.ini allura/scripts/backfill_previous_login_details.py` Or run with task manager `allura.scripts.backfill_previous_login_details.BackfillPreviousLoginDetails`



---

** [tickets:#8287] Backfill all previous_login_details - NEEDS SCRIPT**

**Status:** review
**Milestone:** unreleased
**Created:** Mon May 20, 2019 04:00 PM UTC by Dave Brondsema
**Last Updated:** Mon May 20, 2019 04:00 PM UTC
**Owner:** Dave Brondsema


With [#8278] `previous_login_details` started getting stored and backfilled after successful logins.  With [#8279] to check for strong enough passwords during login, it relies on checking `previous_login_details` to know what kind of password reset to do, but `previous_login_details` might not be populated yet.  So we should have a script to backfil that field for everyone so we can rely on it.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.