Closed danicarrion closed 6 years ago
For the 4th point we can reuse / adapt the forgot password page.
Correct me if I'm wrong @javitonino
Session expiration must be performed by Rails session management, right?
The other part, redirecting if the user logs in and the password is expired is also meant to be performed by backend. Is the target password change page hosted in Central or in Builder?
Frontend wise, you'll need to prepare all API requests to redirect to login on 403. Imagine that you open Builder and a minute later your session expires, we need to be able to handle that.
The change password part will need to be both in central and cartodb, to support SaaS and custom installs.
@danicarrion There are two possible ways to count expiration:
- Time since last login
- Time since last activity
Which are we implementing? We could also do both (and expire whenever one of the two expire) for pretty much the same cost.
Never mind, this is just about password expiration. We can do session expiration in the bonus GDPR track.
Closing this for now. We are only missing setting the default and there is a separate ticket for that.
User passwords need to expire after a period of time. Such period of time will be configurable on a per-organization basis. For users that do not belong to any organization, a site wide default value will apply.
If a given user is logged in when their password is meant to expire, they will be logged out of their sessions. They will be forced to log in again and will be prompted for a new password immediately after.
In detail:
app_config.yml
will be created to store the default value in days of the password validity period. A value of0
means password will never expire by default. https://github.com/CartoDB/cartodb-central/issues/2224/user/USERNAME/organization/settings
) will be created to store the default value in days of the password validity period for a given organization. A value of0
means password will never expire by default for that organization. https://github.com/CartoDB/cartodb-central/issues/2225 and https://github.com/CartoDB/cartodb/issues/13866