-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.0.X, 7.1.X, Master
-
Fix Version/s: Master
-
Component/s: Core Infrastructure
-
Labels:
-
Story Points:1
-
Fix Priority:3
-
Git Pull Request:
Summary:
When the user enters the wrong password so many times that their account gets locked, the end time of the lockout is displayed in the server's timezone which can be confusing for a user who uses a different time zone.
Steps to reproduce:
1) set Tomcat's timezone to UTC in setenv
2) set Portal's timezone to a different zone (UTC+2) in Instance Settings / Miscellaneous
and restart the Portal (I am not sure if the latter is necessary)
3) in (Users -> Password Policies -> ) Default Password Policy click: "Edit", and enable lockout (max failure 3, lockout duration 5 mins)
4) apply that Password Policy to a testuser (Click on the 3 dots next to "Default Password Policy" and click on "Assign Members")
5) try to log in with testuser with wrong passwords until being locked out (14:03 in my test)
Actual UI notification: "This account is locked until 12:08" (server's timezone)
Expected UI notification: "This account is locked until 12:08 UTC" (show the timezone information to clear up any confusion)
Reproduced on:
7.0 EE de-59 (latest fixpack)
7.0.x private @74cf8e7d3c41f46193b74079211a25abc0fcbb81
7.1.x private @f332440d02ba3a5f811be380f462b9c290a9e441
Can't test on Master (due to tech reasons)
- relates
-
-
- Closed
-