-
Type:
Regression Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.0.X, 7.1.X, Master
-
Fix Version/s: 7.0.0 DXP FP79, 7.0.10.11 DXP SP11, 7.0.X, 7.1.10 DXP FP10, 7.1.10.2 SP2, 7.1.3 CE GA4, 7.1.X, Master
-
Component/s: Application Security > Password Policies, User Management
-
Branch Version/s:7.1.x, 7.0.x
-
Backported to Branch:Committed
-
Story Points:0.25
-
Fix Priority:5
-
Git Pull Request:
Steps to reproduce
- Create a public user (e.g user1)
- Create a new password policy as the following settings
Name: test policy Password Changes: Changeable Yes Password Expiration: Enable Expiration - Yes Maximum Age - 2 Weeks Warning Time - 1 Weeks Grace Limit - 1 - Assign user1 to test policy
- Change User_.passwordModifiedDate in the database to 1 month ago to simulate the password expiration
- Navigate to Control Panel > Configuration > Server Administration
- Clear the database cache
- Log in as user1
Expected result
The warning message "Your password is expired. You have 0 grace login(s) remaining." displays and the user cannot log out and in again.
Actual result
The warning message "Your password is expired. You have 1 grace login(s) remaining." displays and the user can log out and in indefinitely despite having an expired password.
- is caused by
-
LPS-91021 User is unable to change their password if their current one is expired
- Closed