Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0038187 | Openbravo ERP | A. Platform | public | 2018-03-21 11:10 | 2018-05-09 19:29 |
|
| Reporter | jarmendariz | |
| Assigned To | jarmendariz | |
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | | Fixed in Version | 3.0PR18Q3 | |
| Merge Request Status | |
| Review Assigned To | caristu |
| OBNetwork customer | |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0038187: Change password should enforce a minimum password strength policy |
| Description | Currently, when a user changes their password, any password will be accepted no matter it is secure enough or not.
A minimum password strength rule should be implemented in the places where the user's password can be changed.
See http://wiki.openbravo.com/wiki/Projects:Password_Policy [^] |
| Steps To Reproduce | See above |
| Proposed Solution | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | related to | design defect | 0037838 | | new | Retail | Retail Modules | [UX] The form inputs validation is not properly displayed | | blocks | defect | 0038362 | | closed | jarmendariz | Openbravo ERP | API Change: Remove unused goToUpdatePassword() in LoginHandler |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2018-03-21 11:10 | jarmendariz | New Issue | |
| 2018-03-21 11:10 | jarmendariz | Assigned To | => platform |
| 2018-03-21 11:10 | jarmendariz | Modules | => Core |
| 2018-03-21 11:10 | jarmendariz | Triggers an Emergency Pack | => No |
| 2018-03-21 11:12 | jarmendariz | Assigned To | platform => jarmendariz |
| 2018-03-21 11:12 | jarmendariz | Status | new => scheduled |
| 2018-03-23 10:15 | caristu | Relationship added | related to 0037838 |
| 2018-04-13 10:29 | jarmendariz | Relationship added | blocks 0038362 |
| 2018-04-16 14:36 | hgbot | Checkin | |
| 2018-04-16 14:36 | hgbot | Note Added: 0103901 | |
| 2018-04-16 14:36 | hgbot | Checkin | |
| 2018-04-16 14:36 | hgbot | Note Added: 0103902 | |
| 2018-04-17 08:51 | hgbot | Checkin | |
| 2018-04-17 08:51 | hgbot | Note Added: 0103926 | |
| 2018-04-17 08:51 | hgbot | Status | scheduled => resolved |
| 2018-04-17 08:51 | hgbot | Resolution | open => fixed |
| 2018-04-17 08:51 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/dfa56c984c8a52892a9791bdfe04de023a3b58a6 [^] |
| 2018-04-17 08:52 | hgbot | Checkin | |
| 2018-04-17 08:52 | hgbot | Note Added: 0103927 | |
| 2018-04-17 08:52 | hgbot | Checkin | |
| 2018-04-17 08:52 | hgbot | Note Added: 0103928 | |
| 2018-04-18 12:51 | hgbot | Checkin | |
| 2018-04-18 12:51 | hgbot | Note Added: 0103969 | |
| 2018-04-27 13:25 | alostale | Review Assigned To | => caristu |
| 2018-05-03 10:21 | caristu | Note Added: 0104224 | |
| 2018-05-03 10:21 | caristu | Status | resolved => closed |
| 2018-05-03 10:21 | caristu | Fixed in Version | => 3.0PR18Q3 |
| 2018-05-09 19:29 | hudsonbot | Checkin | |
| 2018-05-09 19:29 | hudsonbot | Note Added: 0104383 | |
|
Notes |
|
|
(0103901)
|
|
hgbot
|
|
2018-04-16 14:36
|
|
Repository: tools/automation/int
Changeset: ee05aa228a7dd930ebc048b411c26139b9787fac
Author: Javier Armendáriz <javier.armendariz <at> openbravo.com>
Date: Thu Apr 05 09:59:32 2018 +0200
URL: http://code.openbravo.com/tools/automation/int/rev/ee05aa228a7dd930ebc048b411c26139b9787fac [^]
Related to issue 38187: Adding test cases to test password policy checks
Refactored code and created test cases to test either login and user widget page
checks for password strength
---
M src-test/com/openbravo/test/integration/erp/data/generalsetup/security/user/UserData.java
M src-test/com/openbravo/test/integration/erp/gui/LoginPage.java
M src-test/com/openbravo/test/integration/erp/modules/client/application/navigationbarcomponents/gui/UserProfile.java
A src-test/com/openbravo/test/integration/erp/data/ChangeExpiredPasswordData.java
A src-test/com/openbravo/test/integration/erp/modules/client/application/testscripts/change_password/CheckPasswordFromLoginPage.java
A src-test/com/openbravo/test/integration/erp/modules/client/application/testscripts/change_password/CheckPasswordFromUserProfile.java
A src-test/com/openbravo/test/integration/erp/modules/client/application/testscripts/change_password/CreateTemporaryUserTest.java
---
|
|
|
|
(0103902)
|
|
hgbot
|
|
2018-04-16 14:36
|
|
Repository: tools/automation/int
Changeset: a582f0cddc533eee5f109ec3346158490c1942f0
Author: Javier Armendáriz <javier.armendariz <at> openbravo.com>
Date: Thu Apr 05 10:00:07 2018 +0200
URL: http://code.openbravo.com/tools/automation/int/rev/a582f0cddc533eee5f109ec3346158490c1942f0 [^]
Related to issue 38187: Fixing change password test.
Modified NAV0050 test to use a temporary user instead of the admin one
and changed the new password to a more secure one in order to make it pass.
---
M src-test/com/openbravo/test/integration/erp/modules/client/application/testscripts/navigationbarcomponents/userprofile/ChangePassword.java
M src-test/com/openbravo/test/integration/erp/modules/client/application/testsuites/navigationbarcomponents/NAV0050_ChangePassword.java
---
|
|
|
|
(0103926)
|
|
hgbot
|
|
2018-04-17 08:51
|
|
Repository: erp/devel/pi
Changeset: dfa56c984c8a52892a9791bdfe04de023a3b58a6
Author: Javier Armendáriz <javier.armendariz <at> openbravo.com>
Date: Tue Apr 17 08:36:29 2018 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/dfa56c984c8a52892a9791bdfe04de023a3b58a6 [^]
Fixes issue 38187: Enforce minimum password strength policy
---
M modules/org.openbravo.client.application/src-db/database/sourcedata/AD_MESSAGE.xml
M modules/org.openbravo.client.application/src/org/openbravo/client/application/navigationbarcomponents/UserInfoWidgetActionHandler.java
M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/navbar/ob-user-profile-widget.js
M src-db/database/sourcedata/AD_MESSAGE.xml
M src-test/src/org/openbravo/test/AllAntTaskTests.java
M src-test/src/org/openbravo/test/AllQuickAntTaskTests.java
M src-test/src/org/openbravo/test/AllTests.java
M src-test/src/org/openbravo/test/AntTaskTests.java
M src/org/openbravo/base/secureApp/LoginHandler.java
M src/org/openbravo/erpCommon/security/Login.java
A src-test/src/org/openbravo/test/security/PasswordStrengthCheckerTest.java
A src/org/openbravo/authentication/ChangePasswordException.java
A src/org/openbravo/service/password/PasswordStrengthChecker.java
---
|
|
|
|
(0103927)
|
|
hgbot
|
|
2018-04-17 08:52
|
|
Repository: erp/pmods/org.openbravo.mobile.core
Changeset: 7831ad26106868d1132df60b4d874716a1a0ea0d
Author: Javier Armendáriz <javier.armendariz <at> openbravo.com>
Date: Tue Apr 17 08:43:31 2018 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.core/rev/7831ad26106868d1132df60b4d874716a1a0ea0d [^]
Related to issue 38187: Enforce minimum password strength policy
---
M src-db/database/sourcedata/AD_MESSAGE.xml
M web/org.openbravo.mobile.core/assets/css/ob-login.css
M web/org.openbravo.mobile.core/source/component/dialog/ob-expirationpassword.js
M web/org.openbravo.mobile.core/source/model/ob-terminal-model.js
---
|
|
|
|
(0103928)
|
|
hgbot
|
|
2018-04-17 08:52
|
|
Repository: tools/automation/pi-mobile
Changeset: 37b4d64b4f10c799cccf0e7f8f8762e44e1d7edd
Author: Javier Armendáriz <javier.armendariz <at> openbravo.com>
Date: Thu Apr 05 16:35:12 2018 +0200
URL: http://code.openbravo.com/tools/automation/pi-mobile/rev/37b4d64b4f10c799cccf0e7f8f8762e44e1d7edd [^]
Related to issue 38187: Adding test case for Login screen.
Adding a test case to verify that password policy is enforced in POS as
well as the rest of the system.
---
M src-test/org/openbravo/test/mobile/retail/mobilecore/selenium/TestIdCore.java
M src-test/org/openbravo/test/mobile/retail/mobilecore/selenium/terminals/MobileCoreTerminalHelper.java
M src-test/org/openbravo/test/mobile/retail/pack/selenium/tests/system/I31796_ChangePassword.java
A src-test/org/openbravo/test/mobile/retail/pack/selenium/tests/loginout/ChangeExpiredPassword.java
---
|
|
|
|
(0103969)
|
|
hgbot
|
|
2018-04-18 12:51
|
|
Repository: tools/automation/pi-mobile
Changeset: 82fe485ff492d9ffde2999c16c304dfda13f6376
Author: Javier Armendáriz <javier.armendariz <at> openbravo.com>
Date: Tue Apr 17 11:11:32 2018 +0200
URL: http://code.openbravo.com/tools/automation/pi-mobile/rev/82fe485ff492d9ffde2999c16c304dfda13f6376 [^]
Related to issue 38187: Improved login with expired user test.
Improved test case by removing the test user after the test finishes and leaving
the terminal logged in.
---
M src-test/org/openbravo/test/mobile/retail/mobilecore/selenium/TestIdCore.java
M src-test/org/openbravo/test/mobile/retail/pack/selenium/tests/loginout/ChangeExpiredPassword.java
---
|
|
|
|
|
|
|
|
|
|