posted Nov 30, 2018, 5:14 PM by Unknown user
The Security module has been updated with a robust "password rules enforcement" piece under the namespace qbo.Security.PasswordCompliance. You can use these features out-of-the-box, using the default settings.
Key Features: - When a password is to be changed, the piece runs checks against a set of rules, customized in a new app setting for qbo.Security -> PasswordRuleSet.
- Render a custom human readable version of these rules as instructions for the user, customized in another app setting in qbo.Security -> PasswordRulesText.
- Extend and add new rule functionality"plugin style" via a new qbo.Security.PasswordCompliance project.
- Responsive UI feedback on why a password was rejected.
SVN: - The plugin project qbo.Security.PasswordCompliance is completely optional, and only needs to be included if more functionality is desired.
- The updates are aligned with the latest in trunk as of the date of this post, however there are a few points to check that this will not break your build.
- SecurityWeb, MortgageWeb and ApplicationWeb must be up to date to deploy this change. Login.ForcePasswordChange.xslt, BrokerProfile.Account.xslt and Theme.Core.xslt respectively have been updated with a few JavaScript tweaks to call the correct functionality.
- Ensure you are able to compile new C# 7.0 features.
Successful Deployment checks: - Person, or another security module, has the settings PasswordRuleSet and PasswordRulesText.
- Person.config contains a statement CheckPasswordReuse and InsertPassword, and does NOT contain SetPassword.
- An attempt to change a password returns informative rule error text, or succeeds.
New tests have been added to qbo.Security.Tests in relation to this new functionality. |
|