Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.2.8
-
None
-
None
Description
When a user changes his/her password via the Console, the password history does not appear to be checked. It is only checked when the admin user changes the password. This bug does not appear to be present in the enduser application of Syncope 2.0.0.
Steps to reproduce (Syncope 1.2.8):
1) Log onto the console as "admin".
2) Change the global password policy to have a history of "10".
3) Now create a new user "alice" with password "password1" and save.
4) Edit "alice" (again as "admin") and change the password to "password2" and save.
5) Edit "alice" (again as "admin") and try to change the password back to "password1" -> this should fail.
6) Logout and log back in as "alice"/"password2".
7) Click on "alice" and change the password back to "password1".
8) It displays no error message and "alice" can log back in with "password1" after logging out.