airajena opened a new pull request, #5367: URL: https://github.com/apache/fineract/pull/5367
## Description Implements FINERACT-2005: Prohibit password re-use with a configurable global setting. ## Changes - Added new global configuration `restrict-reuse-of-password` (enabled by default, value=3) - Added [getPasswordReuseRestrictionCount()](cci:1://file:///c:/Users/airaj/OneDrive/Desktop/gsoc/fineract/fineract-provider/src/main/java/org/apache/fineract/infrastructure/configuration/domain/ConfigurationDomainServiceJpa.java:551:4-560:5) method to [ConfigurationDomainService](cci:2://file:///c:/Users/airaj/OneDrive/Desktop/gsoc/fineract/fineract-core/src/main/java/org/apache/fineract/infrastructure/configuration/domain/ConfigurationDomainService.java:24:0-153:1) - Updated [AppUserWritePlatformServiceJpaRepositoryImpl](cci:2://file:///c:/Users/airaj/OneDrive/Desktop/gsoc/fineract/fineract-provider/src/main/java/org/apache/fineract/useradministration/service/AppUserWritePlatformServiceJpaRepositoryImpl.java:71:0-340:1) to use the configurable value instead of hardcoded constant - If the configuration is disabled OR value is 0, password reuse check is skipped entirely ## How It Works - **Enabled (default)**: Checks last N passwords (configurable, default=3). Throws `PasswordPreviouslyUsedException` if match found. - **Disabled**: Password reuse check is completely skipped. ## Related Issue Resolves FINERACT-2005 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
