go2null / redmine_account_policy Goto Github PK

After a user logs in for the first time, they are unable to change their password from the my account menu (greyed out)

Steps to reproduce

1. Create a new user (either with a generated or manually input password)
2. Have that user log in with that password
3. Have the user try to change their password

Users must wait at least 24 hours before they can change their password

Hello,
We were trying to use only the account lock on wrong passwords feature (would be nice if by default all features are disabled btw). So we have put 0s to disable other policies.
Then on login we got internal error:

NoMethodError (undefined method `to_date' for nil:NilClass
Did you mean?  to_a):
  plugins/redmine_account_policy/lib/redmine_account_policy/user_patch.rb:97:in `account_unused?'
  plugins/redmine_account_policy/lib/redmine_account_policy/account_controller_patch.rb:36:in `block in lock_unused_accounts!'
  plugins/redmine_account_policy/lib/redmine_account_policy/account_controller_patch.rb:35:in `lock_unused_accounts!'
  plugins/redmine_account_policy/lib/redmine_account_policy/account_controller_patch.rb:16:in `run_account_policy_daily_tasks'
  plugins/redmine_account_policy/lib/redmine_account_policy/controller_account_success_authentication_after_hook.rb:11:in `controller_account_success_authentication_after'
  lib/redmine/hook.rb:61:in `block (2 levels) in call_hook'
  lib/redmine/hook.rb:61:in `each'
  lib/redmine/hook.rb:61:in `block in call_hook'
  lib/redmine/hook.rb:58:in `tap'
  lib/redmine/hook.rb:58:in `call_hook'
  lib/redmine/hook.rb:91:in `call_hook'
  app/controllers/account_controller.rb:262:in `successful_authentication'
  plugins/redmine_account_policy/lib/redmine_account_policy/account_controller_patch.rb:233:in `successful_authentication_with_account_policy'
  app/controllers/account_controller.rb:203:in `password_authentication'
  plugins/redmine_account_policy/lib/redmine_account_policy/account_controller_patch.rb:163:in `password_authentication_with_account_policy'
  app/controllers/account_controller.rb:189:in `authenticate_user'
  app/controllers/account_controller.rb:40:in `login'
  lib/redmine/sudo_mode.rb:63:in `sudo_mode'
  plugins/redmine_dmsf/lib/redmine_dmsf/webdav/no_parse.rb:33:in `call'

Setting values on the options didn't fix the issue. Only removing the plugin allowed users to login again. Curiously, the plugin have worked correctly right after installation. Can you look into it?
Thanks

Instead, password_min_unique is reset twice

Plugin is not showing in the redmine and the policies are not working. I didn't find any issue while installing this plugin.
I am not able to configure this plugin from redmine

Steps to reproduce

1. Go to a user account's edit menu
2. Check 'Must change password at next logon'
3. Have the user log in

I tried wrong passwords until my user was blocked. After that, I entered the correct password and was authenticated as if I wasn't blocked. It seems Redmine still tries to authenticate the user instead of blocking him from any attempt during the timeout.

I have installed this plugin in the below environment.
Redmine version 3.3.1.stable
Ruby version 2.2.3-p173 (2015-08-18) [x86_64-linux]
Rails version 4.2.7.1
Environment production
Database adapter Mysql2

But the plugin is not showing in the redmine.

Hey would be great if could add XP Date to users

• Admin can view & set
• Email warnings regarding account XP
• User can view own XP date

The password is expired notification email uses the password expiry warning header, which calls a variable that is not set (days_left) for obvious reasons.

When the user changes their password, they are blocked from changing their password, but no indication of their status is provided - the 'Change Password' button is simply gone.

I'm trying the plugin with Redmine 3.4.12 and Ruby 2.3.8 Rails 4.2.11.1.

saving the plugin customization the form is emptied.

from http://www.redmine.org/plugins/redmine_account_policy
by Ivan Tsybanenko 6 months ago

Mysql2::Error: Column length too big for column 'old_salts' (max = 21845); 

use BLOB or TEXT instead:

ALTER TABLE `users` ADD `old_salts` varchar(59520)

Change line 10 in /db/migrate/002_add_old_salts_to_users.rb from :string to :text.
Migration is OK

Planned integration with my_users has parent_id added in the create_mock_user as well as in run_daily_cron

Both methods fail if no parent_id column!

run_daily_cron should not reset account_policy_checked_on - functions should be separate to allow testing of mechanisms (reset_daily_cron?)

Redmine currently only ensures that a new password does not match the current one - allow administrators ability to enforce that new password does not match N previous passwords

In current Redmine implementation, lost password behaves differently depending on user status and on user existence.

This allows 'real' accounts to be identifiable through this view.

As admin, if I choose ldap authentication for a user, I can't save. Redmine returns that my password doesn't comply to password policy, probably because I haven't entered any password.

Will there be an update to make it work with redmine 4.0 and ruby 5?

In Plugin Configure screen

• Change Redmine Settings -> Authentication tab text a link to Authentication:/settings?tab=authentication tab
• Password Complexity: 3 (added in 8711e1a)
• Password Expiry: Email warning: 14 (added in 72ab98c in #19)
• Password Reuse:
  • 4 uniques; (fixed in 42bcbd9 in #19)
  • 1 day wait;
  • remove TODO in label

A warning, preferably on each login several days in advance, is a reasonable user expectation.

If the Admin resets a user password and checks "Must change password at next logon",

• the user is allowed to login without the change password prompt, and
• the "change password" link in the "My account" is disabled.

Looks like the labels were changed from

rap_body_login_lockout_header
rap_body_login_lockout

to

rap_mail_body_login_failure
rap_mail_body_login_lockout

However, the actual mail templates were not updated to reflect this change, resulting in a translation missing error in the form of

translation missing: en.rap_body_login_lockout_header

translation missing: en.rap_body_login_lockout

You have received this notification because you have either subscribed to it, or are involved in it.

When running command rake redmine:plugins:migrate RAILS_ENV=production we get following error

Migrating redmine_account_policy (Redmine Account Policy plugin)...
== 1 AddOldHashedPasswordsToUsers: migrating ==================================
-- add_column(:users, :old_hashed_passwords, :string, {:null=>true, :limit=>3968})
-> 0.1325s
== 1 AddOldHashedPasswordsToUsers: migrated (0.1326s) =========================

== 2 AddOldSaltsToUsers: migrating ============================================
-- add_column(:users, :old_salts, :string, {:null=>true, :limit=>59520})
rake aborted!
StandardError: An error has occurred, all later migrations canceled:

Mysql2::Error: Column length too big for column 'old_salts' (max = 21845); use BLOB or TEXT instead: ALTER TABLE users ADD old_salts varchar(59520)
/var/www/redmine-3.3.0/plugins/redmine_account_policy/db/migrate/002_add_old_salts_to_users.rb:8:in change' /var/www/redmine-3.3.0/lib/redmine/plugin.rb:481:inmigrate_plugin'
/var/www/redmine-3.3.0/lib/redmine/plugin.rb:453:in migrate' /var/www/redmine-3.3.0/lib/redmine/plugin.rb:467:inblock in migrate'
/var/www/redmine-3.3.0/lib/redmine/plugin.rb:466:in each' /var/www/redmine-3.3.0/lib/redmine/plugin.rb:466:inmigrate'
/var/www/redmine-3.3.0/lib/tasks/redmine.rake:127:in block (3 levels) in <top (required)>' ActiveRecord::StatementInvalid: Mysql2::Error: Column length too big for column 'old_salts' (max = 21845); use BLOB or TEXT instead: ALTER TABLEusersADDold_saltsvarchar(59520) /var/www/redmine-3.3.0/plugins/redmine_account_policy/db/migrate/002_add_old_salts_to_users.rb:8:inchange'
/var/www/redmine-3.3.0/lib/redmine/plugin.rb:481:in migrate_plugin' /var/www/redmine-3.3.0/lib/redmine/plugin.rb:453:inmigrate'
/var/www/redmine-3.3.0/lib/redmine/plugin.rb:467:in block in migrate' /var/www/redmine-3.3.0/lib/redmine/plugin.rb:466:ineach'
/var/www/redmine-3.3.0/lib/redmine/plugin.rb:466:in migrate' /var/www/redmine-3.3.0/lib/tasks/redmine.rake:127:inblock (3 levels) in <top (required)>'
Mysql2::Error: Column length too big for column 'old_salts' (max = 21845); use BLOB or TEXT instead
/var/www/redmine-3.3.0/plugins/redmine_account_policy/db/migrate/002_add_old_salts_to_users.rb:8:in change' /var/www/redmine-3.3.0/lib/redmine/plugin.rb:481:inmigrate_plugin'
/var/www/redmine-3.3.0/lib/redmine/plugin.rb:453:in migrate' /var/www/redmine-3.3.0/lib/redmine/plugin.rb:467:inblock in migrate'
/var/www/redmine-3.3.0/lib/redmine/plugin.rb:466:in each' /var/www/redmine-3.3.0/lib/redmine/plugin.rb:466:inmigrate'
/var/www/redmine-3.3.0/lib/tasks/redmine.rake:127:in `block (3 levels) in <top (required)>'
Tasks: TOP => redmine:plugins:migrate
(See full trace by running task with --trace)