Company: Link Technologies
Case No: L11843. Project: 11.40: LinkSOFT Version 11.4
Logged By: Alvis (Link Technologies) on 28 Nov 2019 03:55PM
Priority: Medium
Product: Framework
Group: New Feature
Time Taken: 6.00 (Weight: 6.00)
Version: 11.4.0302
Assigned To: Sanjay (Link Technologies)
Circulation: Alvis, Development, Rashna, Sanjay
Resolve By: Friday, 29 November 2019 12:00 AM [1602 days since logged date]
Status: Closed
Subject: Enforce Password Expiration
Summary:    

Add a feature to Enforce Password Expiration based on a configured number of days

  1. The policy must force the user to change their password
  2. The old password cannot be the same as the new password
  3. If the user does not change the password, they cannot use the system. After changing the password, they can use the system.
Audit Notes:Edited by alvis on 28/11/19 15:55. 
28 Nov 201903:59PM Comment 1 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 29-11-2019 03:56 PM Time Taken: 2.00

Development work for this case has been completed.

The change will be available in version:11.4.1128

1. The following changes were made(Include Database object names, Program classes and any other relevant information):

  1. Added a system process "SYS010 Enforce Password Expiration". This process has a configuration to define the expiry days.
  2. Changed the login process to show the "Change Password" screen only when the user is forced to change password.
  3. Changed password screen to validate old and new password cannot be the same.

2. Affected Areas:

  1. Process SYS010 Enforce Password Expiration
  2. Force a user to change password then log in by the user. User should not be able to see any other menus.

3. The issue was caused by:

  1. New feature

4. Notes
5. Next Step
: UAT


02 Dec 201908:56AM Comment 2 by Rashna (Edge Business Solutions) Assigned To: Alvis (Link Technologies) Followup Date: 03-12-2019 08:13 AM Time Taken: 2.00 Notes: Edited by rashna on 02/12/19 09:00. 
QA Results
Tests carried out according to requirements specified on the case header

Test Results Summary

Table 1 - Summarised list of issues
NoTest DescriptionPass/Fail
1

Added a system process "SYS010 Enforce Password Expiration". This process has a configuration to define the expiry days.

Test the process is executed without errors 

Pass
2Set the password expiry as -2, and run the process. This should expire the password for user adminsPass
3Validate that the change password screen is populated for the users to change password at password expiryPassword is expired and user is able to login into Backoffice and Reporter with the expired password. This should not be allowed.
4

Changed the login process to show the "Change Password" screen only when the user is forced to change password.

Pass
5

Changed password screen to validate old and new password cannot be the same.

Pass

Environment Details

  1. OS version: Windows Server 2012
  2. Application version: 11.4.1129
  3. Setup: Demo
  4. Server : 10.0.0.14
  5. Database: LINKSOFT-DEMO-11-RASHNA

Next Step

  1. Review

    02 Dec 201911:48AM Comment 3 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 03-12-2019 11:43 AM Time Taken: 1.00

    Hi Rashna,

    We do not stop the user from login to reports as we do not have a change password form in this module. 

    For back-office, since we are migrating the modules to the web, we will not invest time to adding change password feature to back office.

    regards
    Alvis/Sanjay


    02 Dec 201912:52PM Comment 4 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 03-12-2019 12:50 PM Time Taken: 1.00

    Hi Sanjay, 

    Documentation has been updated under "Linkweb Portal - Company Administration - Process".

    Thanks
    Rashna


    If you have any queries regarding this support incident, please email admin@linktechnologies.com.au and include the Case No: L11843 in the subject line of all emails regarding this issue.

    Document size: 9.2 KB
    For call complaints, please contact the Managing Director of the company using this form