Prevent LORIS from expiring the admin user

aces / Loris

LORIS is a web-accessible database solution for longitudinal multi-site studies.

GNU General Public License v3.0

142 stars 172 forks source link

Prevent LORIS from expiring the admin user #7954

Open gdevenyi opened 2 years ago

gdevenyi commented 2 years ago

Discussed in https://github.com/aces/Loris/discussions/7949

^{Originally posted by **gdevenyi** January 12, 2022} I have inherited a LORIS instance that has been lightly used in the past year, and which I have not logged into. I tried to login today to find: ![image](https://user-images.githubusercontent.com/3001850/149187502-fdb82c46-251a-4e6f-a0fd-73a9ed935355.png) This shouldn't happen.

ridz1208 commented 2 years ago

@driusan I think the resetpassword.php script should be able to handle this usecase, or... prevent "superusers" from ever being locked out?

not sure

driusan commented 2 years ago

it would make sense to me to have resetpassword.php handle the expiry date too. I don't like the idea of adding more special casing for he superuser.. especially around having it bypass a security measure.

gdevenyi commented 2 years ago

I don't like the idea of adding more special casing for he superuser.. especially around having it bypass a security measure.

If LORIS ever intends to offer managed cloud instances which don't require daily babysitting, you may want to reconsider allowing the superuser to be expired unable to login requiring database edits.