Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[NEW] Password history #21607

Merged
merged 7 commits into from
Apr 21, 2021
Merged

[NEW] Password history #21607

merged 7 commits into from
Apr 21, 2021

Conversation

matheusbsilva137
Copy link
Member

@matheusbsilva137 matheusbsilva137 commented Apr 16, 2021

Proposed changes (including videos or screenshots)

  • Store each user's previously used passwords in a passwordHistory field (in the users record);
  • Users' previously used passwords are stored in their passwordHistory even when the setting is disabled;
  • Add "Password History" setting -- when enabled, it blocks users from reusing their most recent passwords;
  • Convert comparePassword file to TypeScript.

Password_Change
Password_History

Issue(s)

Task - ClickUp
Closes RocketChat/feature-requests#299

Steps to test or reproduce

  1. Enable the feature in Administration > Accounts > Password History > Enable Password History;
  2. Attempt to change the user's password in the My Account > Profile section. If the new password is the same as one of the most recently used passwords (the password history history length can be controlled in Administration > Accounts > Password History > Password History Length), an error messsage will be shown in the interface.

Further comments

server/lib/compareUserPassword.ts Outdated Show resolved Hide resolved
server/lib/compareUserPasswordHistory.ts Show resolved Hide resolved
server/lib/compareUserPasswordHistory.ts Show resolved Hide resolved
server/methods/saveUserProfile.js Outdated Show resolved Hide resolved
@sampaiodiego sampaiodiego merged commit cb61ac2 into develop Apr 21, 2021
@sampaiodiego sampaiodiego deleted the password-history branch April 21, 2021 03:52
@sampaiodiego sampaiodiego mentioned this pull request Apr 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

A password history prevents to reuse already used passwords
3 participants