Yes, although its only really necessary if you want to enable the `auth.hibp_failure_force_pwd_change` setting. That new setting checks partial password hashes against https://haveibeenpwned.com/Passwords and forces affected users to change their password.
(And the "NEEDS SCRIPT" in the ticket title will help us remember to include specific instructions when we make a release changelog). --- ** [tickets:#8287] Backfill all previous_login_details - NEEDS SCRIPT** **Status:** review **Milestone:** unreleased **Created:** Mon May 20, 2019 04:00 PM UTC by Dave Brondsema **Last Updated:** Tue May 21, 2019 05:23 PM UTC **Owner:** Dave Brondsema With [#8278] `previous_login_details` started getting stored and backfilled after successful logins. With [#8279] to check for strong enough passwords during login, it relies on checking `previous_login_details` to know what kind of password reset to do, but `previous_login_details` might not be populated yet. So we should have a script to backfil that field for everyone so we can rely on it. --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
