-
Notifications
You must be signed in to change notification settings - Fork 537
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
If AllowAccountReset is set to false, the user can not change the password even if it expires so he can not log in anymore #6261
Comments
you didnt quite follow the bug template report |
also can you run |
Server Software
Client Device
Do you use external auth at all like ldap/saml/azure? Your config.json file
|
Thank u :) I will have a look when I get chance for you! I have a feeling it's calling the password reset function, and that function has a checker for allowaccountreset==false, so it might be returning false and not actually changing the password. Can u try logging in, resetting pass, login with new pass, then login with old pass? Does it still let u login with old pass after u change it to new pass Or does it just go back to the u need to change password screen? |
Describe the bug
When domain.passwordrequirements.reset is set to X and domain.passwordrequirements.allowaccountreset is set to 'false' then X days after user creation the user cannot log in anymore (because once he enters his credentials he will be prompted to change his password but later the new password he entered does not work)
NOTE: According to meshcentral-config-schema.json
domain.passwordrequirements.reset = Number of days after which the user is required to change the account password.
domain.passwordrequirements.allowaccountreset = If set to false, the account reset option on the login screen will not be available to users.
To Reproduce
Steps to reproduce the behaviour:
Expected behaviour
With this config, a user can not change his password unless the password expires.
When the password expires, you'll be prompted to enter a new one. Then the new password works.
Workaround
Setting domain.passwordrequirements.allowaccountreset = true avoids the problem.
Maybe there is no need to fix this scenario, but improve documentation (meshcentral-config-schema.json descriptions) this way (or similar):
domain.passwordrequirements.reset = Number of days after which the user is required to change the account password. 0 means the password never expires. NOTE: If you set this to a non-zero value, please be sure to set domain.passwordrequirements.allowaccountreset to true.
domain.passwordrequirements.allowaccountreset = If set to false, the account reset option on the login screen will not be available to users. NOTE: Set to true if you set domain.passwordrequirements.reset to a non-zero value.
The text was updated successfully, but these errors were encountered: