| Subject: | Encrypt password on POS Change password screen |
| Summary: | When upgrading from version 9 to 11, we reset the password of all users. These passwords are not known to users. The administrator needs to reset all user accounts before they can log in. Can we change the upgrade to keep the existing passwords, however, force a password change for BackOffice users? The following tasks need to be done: - Change the upgrade script to keep the existing password and force password change.
- When passwords are changed from "POS ~> Change Password Form", force the password format to encrypted (1) and encrypt the password.
|
| Audit Notes: | Edited by alvis on 17/10/19 13:04. Edited by alvis on 15/10/19 13:28. |
| 14 Oct 2019 | 05:13PM Comment 1 by Alvis (Link Technologies) Case 11789 added to project 11.004.BETA |
| 15 Oct 2019 | 01:33PM Comment 2 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 15-10-2019 05:28 PM Time Taken: 8.00 |
| Development work for this case has been completed. The change will be available in version:11.4.1015 1. The following changes were made(Include Database object names, Program classes and any other relevant information): - When the database is upgraded from version 9 and prior, the back-office user's password is retained. These users are tagged to "Force Password Change" on the next login.
- When a user logs in, the system checks if the password format is encrypted. When it finds that the password is NOT encrypted, it automatically encrypts it and retains the same password.
2. Affected Areas: - Upgrade a database from version 9, then login to POS or LinkWEB. The system will encrypt the password and redirect the user to change password.
3. The issue was caused by: - Improvement
4. Notes:
5. Next Step: UAT |
|
| 17 Oct 2019 | 01:04PM Comment 3 by Alvis (Link Technologies) Case 11789 removed from project 11.004.BETA |
| 17 Oct 2019 | 01:04PM Comment 4 by Alvis (Link Technologies) Case 11789 added to project 11.004.BETA |
| 21 Oct 2019 | 01:17PM Comment 5 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 21-10-2019 05:10 PM Time Taken: 1.00 |
| QA Results Tests carried out according to requirements specified on the case header Test Results Summary Table 1 - Summarised list of issues | No | Test Description | Pass/Fail | | 1 | Create a user as "Grace Singh" with password as "Gs0410" in version 949. Verify the record in table Sy_user. The username and password can be extracted. Upgrade the database to version 11.4.1018, the password would be seen in table aspnet_membership | Pass | | 2 | Verify in the upgraded database that "Force Password Change" is enabled. | Pass | | 3 | Log into POS, this will popup password change. Verify at this point that the existing password has been encrypted in table aspnet_membership | Pass | | 4 | Change password and login.Password should be encrypted in table aspnet_membership | Pass |
Environment Details - OS version: Windows Server 2012
- Application version: 11.4.1018
- Setup: Demo
- Server : 10.0.0.14
- Database: LINKSOFT-DEMO-11-RASHNA
Next Step: - Closure
|
|