We have moved to GitHub Issues
Created by Ranjit J. Vaity 18 Jan 2018, 13:57:09 Updated by Ranjit J. Vaity 20 Aug 2018, 08:57:32Tags: Up For Grabs PR Consider for sprint
Is duplicated by: U4-10819
Subtask of: U4-11011
Thank your for wonderful CMS and community. :)
Umbraco CMS version: 7.7.1
What did you do? I have written a funtionality that will trigger a Job that runs daily mid-night to check all the users whose password is not changed for n days (Configured to 6 months = 180 days). Email notifications will start 15 days before expiry date. and if user changes password, "Password Last Changed" is expected to be updated with current date but this does not happen as db field stays NULL.
Create couple of users in Umbraco instance.
What did you expect to happen? I expect User db field "Password Last Changed" to be updated with new current dates.
What actually happened? By default this field is NULL in the db and stays NULL even after multiple password change. Just to mention "User Last updated" date changes as expected but on Password field. Please see the attached file. Password is changed on 18 Jan 2018. But password last changed remains as NULL.
Please help !
Thanks, Ranjit J. Vaity
Seems like a bug.
Note: password expiry is not best practice any more and actually considered to weaken security. You shouldn't do it. https://www.ncsc.gov.uk/articles/problems-forcing-regular-password-expiry
Still, we should update dates when changes occur. If anyone has some time to look at this problem then we'd be happy to look at a pull request to fix this.
Currently experience the same/similar issue which lead me to this bug
We have a base of around 2000 members. member accounts are locked after three failed password attempts, at which point we manually unlock the account when requested by the member.
What did you do? Removed lock from members account and reset password.
What did you expect to happen? Expected account to remain unlocked and failed attempts to revert to zero
What actually happened? Account reverts back to locked when user next tries to login, but the last locked out date is not updated. Nothing failed login attempt entries or lock out messages in Umbraco logs.
Additional info: As with Ranjit, we also have 4 tasks executing (via HangFire, at 15 minutes intervals, 2 of which interact with member data) which pull down information regarding member subscriptions from a third party.
The problem for ourselves seems to occur whilst the task is running. You can see from the images provided taken twenty minutes apart today that my account has reverted to locked, failed attempts has reverted to three, with no attempts to log in, as well as no change to the lockout date.
We have no logic regarding member lockout/reactivation/failed password reset etc. present in the site codebase at our clients request.
Log excerpt attached, some user/back office data starred out. Any help/insight is appreciated.
I've fixed the issue and created a pull request here: https://github.com/umbraco/Umbraco-CMS/pull/2463
Another PR for this one: https://github.com/umbraco/Umbraco-CMS/pull/2461 which is a simpler approach but doesn't solve the underying problem if the API is used differently
@Shandem the problem occurs in three different places that I know of: 1. change password on your own profile 2. change password in user section 3. change password after password reset. That's why I changed it in this underlying spot to address all three in the same spot.
Yup all good! Just wanted to make a note that we've got another one to review too, awesome work! we'll keep you posted when we get to reviewing
👍 cheers :)
Hello All, Thank you very much for efforts and time¨. Much appreciated¨
Backwards Compatible: True
Fix Submitted: None
Affected versions: 7.4.3, 7.7.1
Due in version: 7.12.0