User Story #199 (closed)
Opened 18 years ago
Closed 18 years ago
Implement account locking functionality.
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | minor | Milestone: | 3.0-M3 |
Component: | Security | Keywords: | users, login, iteration1 |
Cc: | cxallan, bwzloranger | Story Points: | n.a. |
Sprint: | n.a. | Importance: | n.a. |
Total Remaining Time: | n.a. | Estimated Remaining Time: | n.a. |
Description
For example after too many failed login attempts or after a prelonged period of non-use, accounts could be lockable. This could be a boolean on either the password table or on the experimenter table (mapped in Hibernate?) or in its own table with a field for explanation.
Change History (4)
comment:1 Changed 18 years ago by jmoore
- Keywords iteration1 added
comment:2 Changed 18 years ago by jmoore
r760 provides the basic infrastructure for this. Any account with a null or missing password entry is locked. All Experimenters which are created through IUpdate will initially be locked until an IAdmin method calls sets a password. (changePassword for example)
comment:3 Changed 18 years ago by jmoore
- Cc callan brain added
r761 has all tests passing. More tests needed but above semantics now hold. Use IAdmin for your account creation needs.
comment:4 Changed 18 years ago by jmoore
- Resolution set to fixed
- Status changed from new to closed
This is implemented with the rest of user password functionality. See #181.
#181 will get us most of the way to account locking. As long as we are using one password entry per Experimenter, then simply removing the password entry will lock an account.