Skip to content

[NEW] Password history #21607

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sampaiodiego merged 7 commits into from
Apr 21, 2021
Merged

[NEW] Password history #21607

sampaiodiego merged 7 commits into from
Apr 21, 2021

Conversation

@matheusbsilva137
Copy link
Contributor

@matheusbsilva137 matheusbsilva137 commented Apr 16, 2021
edited
Loading

Proposed changes (including videos or screenshots)

  • Store each user's previously used passwords in a passwordHistory field (in the users record);
  • Users' previously used passwords are stored in their passwordHistory even when the setting is disabled;
  • Add "Password History" setting -- when enabled, it blocks users from reusing their most recent passwords;
  • Convert comparePassword file to TypeScript.

Password_Change
Password_History

Issue(s)

Task - ClickUp
Closes RocketChat/feature-requests#299

Steps to test or reproduce

  1. Enable the feature in Administration > Accounts > Password History > Enable Password History;
  2. Attempt to change the user's password in the My Account > Profile section. If the new password is the same as one of the most recently used passwords (the password history history length can be controlled in Administration > Accounts > Password History > Password History Length), an error messsage will be shown in the interface.

Further comments

KevLehman
KevLehman requested changes Apr 19, 2021
View reviewed changes
@sampaiodiego sampaiodiego merged commit cb61ac2 into develop Apr 21, 2021
@sampaiodiego sampaiodiego deleted the password-history branch April 21, 2021 03:52
@sampaiodiego sampaiodiego mentioned this pull request Apr 28, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KevLehman KevLehman KevLehman approved these changes

@sampaiodiego sampaiodiego Awaiting requested review from sampaiodiego

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

A password history prevents to reuse already used passwords

3 participants

@matheusbsilva137 @KevLehman @sampaiodiego