[
https://issues.apache.org/jira/browse/SYNCOPE-939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved SYNCOPE-939.
-----------------------------------------
Resolution: Fixed
Assignee: Colm O hEigeartaigh
This issue has been fixed since 1.2.8..possibly by the fix for SYNCOPE-928.
> Password history not checked when user changes password
> -------------------------------------------------------
>
> Key: SYNCOPE-939
> URL: https://issues.apache.org/jira/browse/SYNCOPE-939
> Project: Syncope
> Issue Type: Bug
> Affects Versions: 1.2.8
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 1.2.9
>
>
> When a user changes his/her password via the Console, the password history
> does not appear to be checked. It is only checked when the admin user changes
> the password. This bug does not appear to be present in the enduser
> application of Syncope 2.0.0.
> Steps to reproduce (Syncope 1.2.8):
> 1) Log onto the console as "admin".
> 2) Change the global password policy to have a history of "10".
> 3) Now create a new user "alice" with password "password1" and save.
> 4) Edit "alice" (again as "admin") and change the password to "password2" and
> save.
> 5) Edit "alice" (again as "admin") and try to change the password back to
> "password1" -> this should fail.
> 6) Logout and log back in as "alice"/"password2".
> 7) Click on "alice" and change the password back to "password1".
> 8) It displays no error message and "alice" can log back in with "password1"
> after logging out.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
