Master passwort requirements: Require existing members to change their passwords-setting #4507
Assignees
Labels
enhancement
New feature or request
Comments
BlackDex
added a commit
to BlackDex/vaultwarden
that referenced
this issue
Aug 26, 2024
We didn't returned the master password policy for the user. If the `Require existing members to change their passwords` check was enabled this should trigger the login to show a change password dialog. All the master password policies are merged into one during the login response and it will contain the max values and all `true` values which are set by all the different orgs if a user is an accepted member. Fixes dani-garcia#4507 Signed-off-by: BlackDex <black.dex@gmail.com>
BlackDex
added a commit
to BlackDex/vaultwarden
that referenced
this issue
Aug 26, 2024
We didn't returned the master password policy for the user. If the `Require existing members to change their passwords` check was enabled this should trigger the login to show a change password dialog. All the master password policies are merged into one during the login response and it will contain the max values and all `true` values which are set by all the different orgs if a user is an accepted member. Fixes dani-garcia#4507 Signed-off-by: BlackDex <black.dex@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We recently set up a master password-policy and expected the flag
"Require existing members to change their passwords" to enforce noncompliant users to update their password on the next login (as documented here)
This does not apply: Our testuser with a noncompliant password can still log in and no enforcement takes place. The new master password policy will only apply when user tries to change his password.
We are using Version 1.30.5
To Reproduce
The text was updated successfully, but these errors were encountered: