Do not allow users in pre-release and staging environments to login using password=password (including in different cases) from the web app #1348

petmongrels · 2024-09-23T09:30:15Z

The check should be on the frontend
Show a nice error message when this happens to the user with details of what they can do.

Simple workarounds are:

login to the same user from prod and change password (only if these are not customer users)
login via super admin or org admin and change password

…ult password is used

petmongrels · 2024-09-30T14:25:25Z

the message saying password change is required is too short. people will not know what is wrong
lets make a case insensitive check

1t5j0y self-assigned this Sep 27, 2024

1t5j0y added a commit that referenced this issue Sep 27, 2024

#1348 | Disallow login to webapp in non prod environments if old defa…

60f9969

…ult password is used

1t5j0y added a commit that referenced this issue Oct 1, 2024

#1348 | Case insensitive check for insecure password and updated message

89d60b6

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Do not allow users in pre-release and staging environments to login using password=password (including in different cases) from the web app #1348

Do not allow users in pre-release and staging environments to login using password=password (including in different cases) from the web app #1348

petmongrels commented Sep 23, 2024

petmongrels commented Sep 30, 2024 •

edited

Loading

Do not allow users in pre-release and staging environments to login using password=password (including in different cases) from the web app #1348

Do not allow users in pre-release and staging environments to login using password=password (including in different cases) from the web app #1348

Comments

petmongrels commented Sep 23, 2024

petmongrels commented Sep 30, 2024 • edited Loading

petmongrels commented Sep 30, 2024 •

edited

Loading