You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@allura.apache.org by Ingo <in...@gmx.net> on 2019/05/21 18:14:24 UTC

[allura:tickets] Re: #8287 Backfill all previous_login_details - NEEDS SCRIPT

I think, I didn't get it, yet. Will I need to run this script at the next
Allura upgrade?



---

** [tickets:#8287] Backfill all previous_login_details - NEEDS SCRIPT**

**Status:** review
**Milestone:** unreleased
**Created:** Mon May 20, 2019 04:00 PM UTC by Dave Brondsema
**Last Updated:** Tue May 21, 2019 05:23 PM UTC
**Owner:** Dave Brondsema


With [#8278] `previous_login_details` started getting stored and backfilled after successful logins.  With [#8279] to check for strong enough passwords during login, it relies on checking `previous_login_details` to know what kind of password reset to do, but `previous_login_details` might not be populated yet.  So we should have a script to backfil that field for everyone so we can rely on it.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

[allura:tickets] Re: #8287 Backfill all previous_login_details - NEEDS SCRIPT

Posted by Dave Brondsema <da...@brondsema.net>.

Yes, although its only really necessary if you want to enable the `auth.hibp_failure_force_pwd_change` setting.  That new setting checks partial password hashes against https://haveibeenpwned.com/Passwords and forces affected users to change their password.

(And the "NEEDS SCRIPT" in the ticket title will help us remember to include specific instructions when we make a release changelog).  


---

** [tickets:#8287] Backfill all previous_login_details - NEEDS SCRIPT**

**Status:** review
**Milestone:** unreleased
**Created:** Mon May 20, 2019 04:00 PM UTC by Dave Brondsema
**Last Updated:** Tue May 21, 2019 05:23 PM UTC
**Owner:** Dave Brondsema


With [#8278] `previous_login_details` started getting stored and backfilled after successful logins.  With [#8279] to check for strong enough passwords during login, it relies on checking `previous_login_details` to know what kind of password reset to do, but `previous_login_details` might not be populated yet.  So we should have a script to backfil that field for everyone so we can rely on it.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.