Company: Link Technologies
Case No: L11789. Project: 11.40: LinkSOFT Version 11.4
Logged By: Alvis (Link Technologies) on 17 Oct 2019 01:04PM
Priority: High
Product: Point of Sale
Group: Enhancement
Time Taken: 9.00 (Weight: 9.00)
Version: 11.4.0302
Assigned To: Sanjay (Link Technologies)
Circulation: Alvis, Development, Rashna, Sanjay
Resolve By: Tuesday, 15 October 2019 05:28 PM [1645 days since logged date]
Status: Closed
Subject: Encrypt password on POS Change password screen
Summary:    

When upgrading from version 9 to 11, we reset the password of all users. These passwords are not known to users. The administrator needs to reset all user accounts before they can log in.

Can we change the upgrade to keep the existing passwords, however, force a password change for BackOffice users?

The following tasks need to be done:

  1. Change the upgrade script to keep the existing password and force password change.
  2. When passwords are changed from "POS ~> Change Password Form", force the password format to encrypted (1) and encrypt the password.
Audit Notes:Edited by alvis on 17/10/19 13:04. Edited by alvis on 15/10/19 13:28. 
14 Oct 201905:13PM Comment 1 by Alvis (Link Technologies) Case 11789 added to project 11.004.BETA
15 Oct 201901:33PM Comment 2 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 15-10-2019 05:28 PM Time Taken: 8.00

Development work for this case has been completed.

The change will be available in version:11.4.1015

1. The following changes were made(Include Database object names, Program classes and any other relevant information):

  1. When the database is upgraded from version 9 and prior, the back-office user's password is retained. These users are tagged to "Force Password Change" on the next login.
  2. When a user logs in, the system checks if the password format is encrypted. When it finds that the password is NOT encrypted, it automatically encrypts it and retains the same password.

2. Affected Areas:

  1. Upgrade a database from version 9, then login to POS or LinkWEB. The system will encrypt the password and redirect the user to change password.

3. The issue was caused by:

  1. Improvement

4. Notes
5. Next Step
: UAT


17 Oct 201901:04PM Comment 3 by Alvis (Link Technologies) Case 11789 removed from project 11.004.BETA
17 Oct 201901:04PM Comment 4 by Alvis (Link Technologies) Case 11789 added to project 11.004.BETA
21 Oct 201901:17PM Comment 5 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 21-10-2019 05:10 PM Time Taken: 1.00
QA Results
Tests carried out according to requirements specified on the case header

Test Results Summary

Table 1 - Summarised list of issues
NoTest DescriptionPass/Fail
1

Create a user as "Grace Singh" with password as "Gs0410" in version 949. Verify the record in table Sy_user. The username and password can be extracted.

Upgrade the database to version 11.4.1018, the password would be seen in table aspnet_membership

Pass
2Verify in the upgraded database that "Force Password Change" is enabled.Pass
3Log into POS, this will popup password change. Verify at this point that the existing password has been encrypted in table aspnet_membership Pass
4Change password and login.Password should be encrypted in table aspnet_membership  Pass

Environment Details

  1. OS version: Windows Server 2012
  2. Application version: 11.4.1018
  3. Setup: Demo
  4. Server : 10.0.0.14
  5. Database: LINKSOFT-DEMO-11-RASHNA

Next Step

  1. Closure

    If you have any queries regarding this support incident, please email admin@linktechnologies.com.au and include the Case No: L11789 in the subject line of all emails regarding this issue.

    Document size: 8.0 KB
    For call complaints, please contact the Managing Director of the company using this form