#8287 Backfill all previous_login_details - NEEDS SCRIPT

v1.11.0
closed
None
General
nobody
2019-06-17
2019-05-20
No

With [#8278] previous_login_details started getting stored and backfilled after successful logins. With [#8279] to check for strong enough passwords during login, it relies on checking previous_login_details to know what kind of password reset to do, but previous_login_details might not be populated yet. So we should have a script to backfil that field for everyone so we can rely on it.

Related

Tickets: #8278
Tickets: #8279

Discussion

  • Dave Brondsema

    Dave Brondsema - 2019-05-21
    • status: in-progress --> review
     
    • Ingo

      Ingo - 2019-05-21

      I think, I didn't get it, yet. Will I need to run this script at the next
      Allura upgrade?

       
      • Dave Brondsema

        Dave Brondsema - 2019-05-21

        Yes, although its only really necessary if you want to enable the auth.hibp_failure_force_pwd_change setting. That new setting checks partial password hashes against https://haveibeenpwned.com/Passwords and forces affected users to change their password.

        (And the "NEEDS SCRIPT" in the ticket title will help us remember to include specific instructions when we make a release changelog).

         
  • Dave Brondsema

    Dave Brondsema - 2019-05-21

    db/8287

    paste script path/to/your.ini allura/scripts/backfill_previous_login_details.py Or run with task manager allura.scripts.backfill_previous_login_details.BackfillPreviousLoginDetails

     
  • Kenton Taylor

    Kenton Taylor - 2019-05-21
    • status: review --> closed
     
  • Dave Brondsema

    Dave Brondsema - 2019-06-17
    • Milestone: unreleased --> v1.11.0
     

Log in to post a comment.