Company: Link Technologies
Case No: L11962. Project: 12.10: LinkSOFT version 12.1
Logged By: Sanjay (Link Technologies) on 06 May 2020 08:16AM
Priority: High
Product: Framework
Group: Enhancement
Time Taken: 11.00 (Weight: 11.00)
Version: 12.10.1020
Assigned To: Rashna (Edge Business Solutions)
Circulation: Alvis, Development, Rashna, Sanjay
Resolve By: Thursday, 07 May 2020 12:00 AM [1443 days since logged date]
Status: Closed
Subject: Add Captcha to the login screen to prevent robotic logins to LinkSOFT
Summary:    

We need to add more security to LinkSOFT login. We have decided to add the Captcha as the first step.

This will be a global setting that users can turn OFF if they do not need this security feature.

Requirements:

  1. Add a Web Configuration setting for "LoginCaptchaRequired"
  2. Show CAPTCHA if this configuration is turned ON. Enforce login if turned on
  3. Add an Event Log every time the user enters invalid CAPTCHA to monitor the effectiveness of the captcha
  4. ?If a user account is locked out, send an email notification
Audit Notes:Edited by sanjay on 06/05/20 08:16. Edited by sanjay on 06/05/20 08:16. 
06 May 202008:10AM Comment 1 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 06-05-2020 12:08 PM Time Taken: 4.00

Development work for this case has been completed.

The change will be available in version:11.5.0506

1. The following changes were made(Include Database object names, Program classes and any other relevant information):

  1. Added a new Web Configuration named: "LoginCaptchaRequired"
  2. When the value is "Yes", a CAPTCHA is required for all Logins
  3. By Default, Captcha is turned ON. Users can turn this off by changing the WEB.CONFIG settings for "LoginCaptchaRequired"
     

2. Affected Areas:

  1. Login Form

3. The issue was caused by:

  1. Security Improvement

4. Notes
5. Next Step
: UAT


06 May 202008:16AM Comment 2 by Sanjay (Link Technologies) Assigned To: Alvis (Link Technologies) Followup Date: 06-05-2020 12:16 PM
Assigned to Alvis to complete Requirements # 4

08 May 202001:44PM Comment 3 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 08-05-2020 05:04 PM Time Taken: 2.00

Development work for this case has been completed.

The change will be available in version:11.5.0508

1. The following changes were made(Include Database object names, Program classes and any other relevant information):

  1. Added a template for "user account locked out". This alert is sent when a user is locked out.

2. Affected Areas:

  1. Login page - account locked out

3. The issue was caused by:

  1. Security improvement

4. Notes
5. Next Step
: UAT


08 May 202002:02PM Comment 4 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 08-05-2020 06:02 PM
Proceed with UAT

12 May 202012:31PM Comment 5 by Rashna (Edge Business Solutions) Assigned To: Alvis (Link Technologies) Followup Date: 12-05-2020 02:06 PM Time Taken: 1.00
QA Results
Tests carried out according to requirements specified on the case header

Test Results Summary

Table 1 - Summarised list of issues
NoTest DescriptionPass/Fail
1

Set the configuration  "LoginCaptchaRequired" as Yes in web.config file. This should enable the "CAPTCHA" on the Login Page

Set the configuration  "LoginCaptchaRequired" as No in web.config file. This should remove the "CAPTCHA" on the Login Page

Pass
2

Enter below details to login:

  1. Username - E008
  2. Password - 1234567
The user should not be able to login 
Pass
3

Enter below details to login:

  1. Username - E008
  2. Password - 1234567
  3. CAPTCHA on the screen
The user should be able to login 
Pass
4Click on "Show Another Code" under the "CAPTCHA" this should load a new captchaPass
5

Enter the below login details

  1. Username - E008
  2. Password - 89898989

This will lock the user account

The system should sent an alert with contents from the "User Account Locked Out" template

Fail

  1. Email is not sent. (Email Scheduler is set to "Yes")
  2. The "Email Log" is empty. I validated that the record exist in the table "LT_SYS_MSG_Notifications".?

  1. Environment Details
  2. OS version: Windows Server 2012
  3. Application version: 11.5.0508
  4. Setup: Demo
  5. Server : 10.0.0.14
  6. Database: LINKSOFT-DEMO-11-RASHNA

Next Step

  1. Review 

    13 May 202010:45AM Comment 6 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 13-05-2020 02:43 PM Time Taken: 2.00

    Development work for this case has been completed.

    The change will be available in version:11.5.0512

    1. The following changes were made(Include Database object names, Program classes and any other relevant information):

    1. Corrected date format to use "dd/MM/yyyy" in the date controls.

    2. Affected Areas:

    1. Email Log, Report Email Log
    2. Event Log

    3. The issue was caused by:

    1. Incorrect date format in the menu "Email Log" caused the issue

    4. Notes
    5. Next Step
    : UAT


    13 May 202010:58AM Comment 7 by Rashna (Edge Business Solutions) Assigned To: Rashna (Edge Business Solutions) Followup Date: 13-05-2020 02:56 PM Time Taken: 1.00
    QA Results
    Tests carried out according to requirements specified on the case header

    Test Results Summary

    Table 1 - Summarised list of issues
    NoTest DescriptionPass/Fail
    1

    Enter the below login details

    1. Username - E008
    2. Password - 89898989

    This will lock the user account

    The system should sent an alert with contents from the "User Account Locked Out" template


    Pass
    2Valdiate that "Event Log" and "Email Log" is updated with above.Pass

    Environment Details

    1. OS version: Windows Server 2012
    2. Application version: 11.5.0512
    3. Setup: Demo
    4. Server : 10.0.0.14
    5. Database: LINKSOFT-DEMO-11-RASHNA

    Next Step

    1. Documentation

      27 May 202001:36PM Comment 8 by Rashna (Edge Business Solutions) Assigned To: Rashna (Edge Business Solutions) Followup Date: 27-05-2020 05:10 PM Time Taken: 1.00

      Hi Sanjay, 

      Documentation has been updated at LinkSOFT\LinkWebApplicationsPortal\Logging_into_Linkweb.htm

      Thanks
      Rashna


      If you have any queries regarding this support incident, please email admin@linktechnologies.com.au and include the Case No: L11962 in the subject line of all emails regarding this issue.

      Document size: 16.9 KB
      For call complaints, please contact the Managing Director of the company using this form