Uploaded image for project: 'Syncope'
  1. Syncope
  2. SYNCOPE-939

Password history not checked when user changes password

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.2.8
    • Fix Version/s: 1.2.9
    • Component/s: None
    • Labels:
      None

      Description

      When a user changes his/her password via the Console, the password history does not appear to be checked. It is only checked when the admin user changes the password. This bug does not appear to be present in the enduser application of Syncope 2.0.0.

      Steps to reproduce (Syncope 1.2.8):

      1) Log onto the console as "admin".
      2) Change the global password policy to have a history of "10".
      3) Now create a new user "alice" with password "password1" and save.
      4) Edit "alice" (again as "admin") and change the password to "password2" and save.
      5) Edit "alice" (again as "admin") and try to change the password back to "password1" -> this should fail.
      6) Logout and log back in as "alice"/"password2".
      7) Click on "alice" and change the password back to "password1".
      8) It displays no error message and "alice" can log back in with "password1" after logging out.

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              coheigea Colm O hEigeartaigh
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: