search

keratin / authn

Prototype version of AuthN service. See: keratin/authn-server
https://keratin.tech
GNU Lesser General Public License v3.0
34 stars 0 forks source link

Forced password change #42

Closed cainlevy closed 7 years ago

cainlevy commented 7 years ago

Accounts may sometimes need a forced password change. This could happen if the host app has cause to believe the account has been compromised, or shares credentials leaked in some other company's data breach. This could also be useful when importing legacy accounts with unsupported password formats into AuthN.

In those cases, the password may be "expired". This will revoke any current sessions (note that access tokens will continue to run out their lifetime), and begin failing successful logins until the password has been changed.

Upgrading

This change requires a new database field. Current deployments of AuthN are expected to be able to run bin/rails db:migrate (possibly with docker exec or heroku run). The feature will be stubbed out until the migration has run and the processes have restarted. This stub should be removed in a following release.

fixes #15

coveralls commented 7 years ago

Coverage Status

Coverage increased (+0.03%) to 99.391% when pulling 3244f2b295a4c8ae493b267a29c426965ba37e07 on forced_password_change into 3a916ff35a08b871bee91613d3d105239542ad33 on master.