[JOC-1237] Change of password should be enforced whenever a password is changed for a user - SOS JIRA

XML

Word

Printable

Details

Type: Feature
Status: Deferred (View Workflow)
Priority: Minor
Resolution: Unresolved
Affects Version/s: 2.2.2
Fix Version/s: None
Component/s: JOC Cockpit Web Service
Labels:
None

Description

Current Situation

Users can change their password just from the Profile page. Administrators can change the password for user accounts from the Manage Identity Services page: in tis situation
- the GUI forces the user to change the password if the password was assigned by an administrator.
- the REST API enforce password change only if requested by the flag forcePasswordChange=true in the REST API call.
The API call
- joc/api/authentication/auth/store
can change the password for an account. The password change flag is set only if the post body contains forcePasswordChange=true

Example

{identityServiceName: "JOC-INITIAL",…}
accounts: [{account: "root", password: "root", disabled: false, forcePasswordChange: true, roles: ["all"]}]
0: {account: "test", password: "12345", disabled: false, forcePasswordChange: true, roles: ["all"]}
account: "test"
disabled: false
forcePasswordChange: true
password: "12345"
roles: ["all"]
identityServiceName: "JOC-INITIAL"

Desired Behavior

The REST API call
- joc/api/authentication/auth/store
should no longer check the value of the forcePasswordChange flag but should always set the flag to true if the password is changed by an administrator for an account.

Attachments

Activity

People

Assignee:: Uwe Risse

Reporter:: Uwe Risse

Approver:: Kanika Agrawal

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21 February 2022 15:44

Updated:: 21 February 2022 17:26