qbo.Security.PasswordCompliance - Plugin Extensible Password Rules Enforcement

posted Nov 30, 2018, 5:14 PM by Unknown user
The Security module has been updated with a robust "password rules enforcement" piece under the namespace qbo.Security.PasswordCompliance. You can use these features out-of-the-box, using the default settings.

Key Features:
  • When a password is to be changed, the piece runs checks against a set of rules, customized in a new app setting for qbo.Security -> PasswordRuleSet.
  • Render a custom human readable version of these rules as instructions for the user, customized in another app setting in qbo.Security -> PasswordRulesText.
  • Extend and add new rule functionality"plugin style" via a new qbo.Security.PasswordCompliance project.
  • Responsive UI feedback on why a password was rejected.
  • The plugin project qbo.Security.PasswordCompliance is completely optional, and only needs to be included if more functionality is desired.
  • The updates are aligned with the latest in trunk as of the date of this post, however there are a few points to check that this will not break your build.
    1.  SecurityWeb, MortgageWeb and ApplicationWeb must be up to date to deploy this change. Login.ForcePasswordChange.xslt, BrokerProfile.Account.xslt and Theme.Core.xslt respectively have been updated with a few JavaScript tweaks to call the correct functionality.
    2.  Ensure you are able to compile new C# 7.0 features.
Successful Deployment checks:
  • Person, or another security module, has the settings PasswordRuleSet and PasswordRulesText.
  • Person.config contains a statement CheckPasswordReuse and InsertPassword, and does NOT contain SetPassword.
  • An attempt to change a password returns informative rule error text, or succeeds.
New tests have been added to qbo.Security.Tests in relation to this new functionality.