Apache Allura™

Forge software for hosting software projects

Brought to you by: alexluberg, brondsem, ccruz, deshani, and 11 others

#8279 Additional login security checks

Milestone: v1.11.0

Status: closed

Owner: Dave Brondsema

Labels: None

Component: General

Reviewer: nobody

Updated: 2019-06-17

Created: 2019-04-25

Creator: Dave Brondsema

Private: No

Using previous login details from [#8278], if someone logs in from a new location and has a potentially compromised password (per the HIBP check), it could be good to block the login and force a password reset via email. If 2FA is successful though, probably let that through. Make optional, configurable, and customizable with auth providers.

Tickets: ~~#8278~~
Tickets: ~~#8287~~

Discussion

Dave Brondsema - 2019-05-14

status: open --> review
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2019-05-14

Branch db/8279

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Kenton Taylor - 2019-05-17

status: review --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2019-06-17

Milestone: unreleased --> v1.11.0
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Apache Allura™

Forge software for hosting software projects

Milestone

Searches

Help

#8279 Additional login security checks

Related

Discussion