You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Sumit Pandit (JIRA)" <ji...@apache.org> on 2012/08/17 12:17:37 UTC
[jira] [Commented] (OFBIZ-5009) Enforce user to reset his password
in a pre-defined regular interval of time.
[ https://issues.apache.org/jira/browse/OFBIZ-5009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13436641#comment-13436641 ]
Sumit Pandit commented on OFBIZ-5009:
-------------------------------------
Following is implementation plan -
* *security.properties* : Provide configuration for following control points :
** Enabling / Disabling of the functionality.
** Maximum number of days within user has to change the password.
** Number of days back to password expire date, when user start getting password expiration alerts.
* *Data model*
** Entity name : UserLoginPasswordHistory : Existing entity.
* *Business logic*
** Create UserLoginPasswordHistory record when a new user is created (if configured).
** Expire and then Create UserLoginPasswordHistory record when user update existing password.
** Everytime, when user login check for password expiration. If password expired then display change password screen to user. And if password not yet expired but it is close to expire display alert message to user about its expiration.
--
Regards
Sumit Pandit
> Enforce user to reset his password in a pre-defined regular interval of time.
> -----------------------------------------------------------------------------
>
> Key: OFBIZ-5009
> URL: https://issues.apache.org/jira/browse/OFBIZ-5009
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Sumit Pandit
> Attachments: Password-expiration-alert.GIF, Password-Expired-Alert.GIF
>
>
> For a user account in system, we can set password age for an additional security.
> Proposed system will start suggesting to user to reset his password few days before password expiration. Then Once password expired, system will enforce him to reset his password before processing further.
> Following will be control points and would be part of system configuration-
> * *Control Points -*
> ** Admin can enable/disable the reset password functionality.
> *** -It will control by a flag in propriety file where admin can enable/disable it by setting true/false.
> ** Number of days in which password will expired.
> *** - It will defined in propriety file so that admin can control it.
> ** Number of days before when password expiration alert display at user's screen.
> *** - It will defined in propriety file so that admin can control it.
> * *How should it processed -*
> ** After user logged-in, display password expiration notification message to user if his password will expire in comming days.
> ** After user logged-in, display change password screen, when password is expired. i.e. The difference in days since last time password updated is exceed to number of days specified in system policies. Enforce user to reset his password.
> * *What will be the out-put -*
> ** Please find the screenhot in attachment.
> ** Password is about to expire : Password-expiration-alert.gif : Observe alert message after login.
> ** Password is expired : Password-Expired-Alert : Observe the alert message with reset password screen.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira