You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, review-web does not check the age of a password at sign-in. To improve security and ensure compliance with password policies, a check should be added to verify whether a password is too old during the sign-in process.
When a sign-in attempt is made, the system should compare the password's last modified time, stored in the password_last_modified_at field of the Account struct, with the current time. It should then compare this duration with the password expiration period, which is stored in the account policy map under the key b"password expiration period".
If the password is found to be too old, the signIn GraphQL mutation should return an error, with the message indicating the reason. This behavior should be documented in the Rustdoc comment for the signIn mutation so that it appears in the schema.
Expected Behavior:
Once implemented, review-web should:
Check the age of a password during the sign-in process.
If the password is too old, return an error from the signIn mutation with a message indicating this reason.
Document this behavior in the Rustdoc comment for the signIn mutation.
Current Behavior:
Currently, review-web does not check the age of a password at sign-in. As a result, it allows sign-in with a password even if it is older than the specified password expiration period.
Suggested Solution:
Implement a password age check in the signIn GraphQL mutation:
Add code to compare the password_last_modified_at field of the Account struct with the current time, and then compare this duration with the value from the account policy map under the key b"password expiration period".
If the password is too old, return an error from the signIn mutation.
Document this behavior in the Rustdoc comment for the signIn mutation.
password_last_modified_at
Field toAccount
for Password Age Tracking petabi/review-database#81Issue Description:
Currently,
review-web
does not check the age of a password at sign-in. To improve security and ensure compliance with password policies, a check should be added to verify whether a password is too old during the sign-in process.When a sign-in attempt is made, the system should compare the password's last modified time, stored in the
password_last_modified_at
field of theAccount
struct, with the current time. It should then compare this duration with the password expiration period, which is stored in the account policy map under the keyb"password expiration period"
.If the password is found to be too old, the
signIn
GraphQL mutation should return an error, with the message indicating the reason. This behavior should be documented in the Rustdoc comment for thesignIn
mutation so that it appears in the schema.Expected Behavior:
Once implemented,
review-web
should:signIn
mutation with a message indicating this reason.signIn
mutation.Current Behavior:
Currently,
review-web
does not check the age of a password at sign-in. As a result, it allows sign-in with a password even if it is older than the specified password expiration period.Suggested Solution:
Implement a password age check in the
signIn
GraphQL mutation:password_last_modified_at
field of theAccount
struct with the current time, and then compare this duration with the value from the account policy map under the keyb"password expiration period"
.signIn
mutation.signIn
mutation.Requested by @sehkone.
The text was updated successfully, but these errors were encountered: