Event Request on Changing Password #328
Comments
|
Is the only ask to add the rule "You can then check that users don't reenter their old passwords as the new password"? Question is if we need an event, or if you should just add that rule to the base product. It's a common security best practice. |
JesperSchulz
added
the
Follow Up
|
@KiprotichKelly, could you look at the question above. Do you still need that event? |
|
Hello @JesperSchulz, having mentioned the security concern, I think adding the rule to the base app will do for me. |
JesperSchulz
added
Approved
|
Based on the above, I will approve this issue for contribution :-) |
|
Since this is still here, can I create a PR? |
|
Absolutely 😊 |
|
Just wondering, in the current implementation the method takes two parameters OldPassword and Password. It is clear about Password, it is a new password that the user sets, but about OldPassword it is not so clear, this field always returns what the user fills in the Old Password field, but it is never set from outside, that is, this field is always empty when opening the password change dialog. Which kind of implies that validation of whether the old password was entered correctly is done externally, in the place where this module is called. Therefore, in order to implement validation inside PasswordDialogManagement it is necessary to pass OldPassword to the Password Dialog page. In such a scenario, the one who uses the OpenChangePasswordDialog method passes OldPassword with the value of the old password from the very beginning, at the moment it is just a Return Value for what the user will enter in the OldPassword field. Do you agree with this addition? |
|
@JesperSchulz in this case it will be two rules 1.Passed OldPassword same as what user fill to OldPassword field in Change Password dialog |
That's how I understand this issue, yes 😊 |
…ch the OldPassword Also in this case we check that the old password matches the entered old password microsoft#328
<!-- Thank you for submitting a Pull Request. If you're new to contributing to BCApps please read our pull request guideline below * https://github.com/microsoft/BCApps/Contributing.md --> #### Summary <!-- Provide a general summary of your changes --> If OldPassword is passed, we check that the new password should match the OldPassword Also in this case we check that the old password matches the entered old password New test #### Work Item(s) <!-- Add the issue number here after the #. The issue needs to be open and approved. Submitting PRs with no linked issues or unapproved issues is highly discouraged. --> Fixes #328 Fixes [AB#506715](https://dynamicssmb2.visualstudio.com/1fcb79e7-ab07-432a-a3c6-6cf5a88ba4a5/_workitems/edit/506715) --------- Co-authored-by: Jesper Schulz-Wedde <JesperSchulz@users.noreply.github.com>
🕮 Describe the issue
I would like to add an event that allows you to implement password policy on old and new password while changing your user passwords
🔧 To Reproduce
The current code only has only one integration event to modify password minimum length only
📣 Expected behavior
The current code works fine, this is an additional feature. You can then check that users don't reenter their old passwords asthe new password
Screenshots
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: