| Subject: | Enforce Password Expiration |
| Summary: | Add a feature to Enforce Password Expiration based on a configured number of days - The policy must force the user to change their password
- The old password cannot be the same as the new password
- If the user does not change the password, they cannot use the system. After changing the password, they can use the system.
|
| Audit Notes: | Edited by alvis on 28/11/19 15:55. |
| 28 Nov 2019 | 03:59PM Comment 1 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 29-11-2019 03:56 PM Time Taken: 2.00 |
| Development work for this case has been completed. The change will be available in version:11.4.1128 1. The following changes were made(Include Database object names, Program classes and any other relevant information): - Added a system process "SYS010 Enforce Password Expiration". This process has a configuration to define the expiry days.
- Changed the login process to show the "Change Password" screen only when the user is forced to change password.
- Changed password screen to validate old and new password cannot be the same.
2. Affected Areas: - Process SYS010 Enforce Password Expiration
- Force a user to change password then log in by the user. User should not be able to see any other menus.
3. The issue was caused by: - New feature
4. Notes:
5. Next Step: UAT |
|
| 02 Dec 2019 | 08:56AM Comment 2 by Rashna (Edge Business Solutions) Assigned To: Alvis (Link Technologies) Followup Date: 03-12-2019 08:13 AM Time Taken: 2.00 Notes: Edited by rashna on 02/12/19 09:00. |
| QA Results Tests carried out according to requirements specified on the case header Test Results Summary Table 1 - Summarised list of issues | No | Test Description | Pass/Fail | | 1 | Added a system process "SYS010 Enforce Password Expiration". This process has a configuration to define the expiry days. Test the process is executed without errors
| Pass | | 2 | Set the password expiry as -2, and run the process. This should expire the password for user admins | Pass | | 3 | Validate that the change password screen is populated for the users to change password at password expiry | Password is expired and user is able to login into Backoffice and Reporter with the expired password. This should not be allowed. | | 4 | Changed the login process to show the "Change Password" screen only when the user is forced to change password. | Pass | | 5 | Changed password screen to validate old and new password cannot be the same. | Pass |
Environment Details - OS version: Windows Server 2012
- Application version: 11.4.1129
- Setup: Demo
- Server : 10.0.0.14
- Database: LINKSOFT-DEMO-11-RASHNA
Next Step: - Review
|
|
| 02 Dec 2019 | 11:48AM Comment 3 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 03-12-2019 11:43 AM Time Taken: 1.00 |
| Hi Rashna, We do not stop the user from login to reports as we do not have a change password form in this module. For back-office, since we are migrating the modules to the web, we will not invest time to adding change password feature to back office. regards
Alvis/Sanjay |
|
| 02 Dec 2019 | 12:52PM Comment 4 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 03-12-2019 12:50 PM Time Taken: 1.00 |
| Hi Sanjay, Documentation has been updated under "Linkweb Portal - Company Administration - Process". Thanks
Rashna |
|