Ends in:
0 DAY
15 HRS
20 MIN
50 SEC
Ends in:
0 D
15 H
20 M
50 S
Open Closed

Bug - Should change password on next login should enforce password to be different #5126


User avatar
0
mkinc created
  • ABP Framework version: v7.2.1
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): Separated AuthServer
  • Steps to reproduce the issue:
    • Create user, enabling the 'Should change password on next login'.
    • Login as user
    • When prompted for new password, use the original password for current, new and new (repeat)
  • Expected behaviour: Error on submit / validation error that doesn't allow submit.
  • Actual behaviour: Password is allowed and user is logged in.

I can't really see any justification to suggest this isn't a bug since forcing a user to change password on next login is something used for security. Untested: Does this affect the 'Force users to periodically change password' feature as well?


5 Answer(s)
  • User Avatar
    0
    nlachmuthDev created

    Hi,

    thanks for your report. I created an internal ticket for this and will get back to you.

    Kind regards Nico

  • User Avatar
    0
    mkinc created

    Thanks. When can I expect to hear about this? Can we get the question back for this?

  • User Avatar
    0
    nlachmuthDev created

    The fix will be included in the preview version for 7.3. I refunded the question.

  • User Avatar
    0
    mkinc created

    Thanks Nico.

    We'll try updating to 7.3 when it's not in preview and let you know if we have any issues with the behaviour.

    Matt

  • User Avatar
    0
    nlachmuthDev created

    Ok i will close this issue for now then. Feel free to reopen it its not working when updating.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19