Feature #22381
closed
Require password reset on initial setup for default admin account
Added by Gregor Schmidt about 8 years ago.
Updated almost 8 years ago.
Description
To improve the security of a fresh Redmine installation, I propose to force a password reset for the default admin account on first login.
If this change is applied, the installation instructions would need to be updated accordingly.
Unit test should not be affected, since they solely rely on fixtures and not default data created using migrations.
The attached patch, adds a migration which sets the must_change_passwd field to true for the default admin account, if it was not used yet (last_login_on: nil). This should make sure, that existing installations are not affected and the changes are only applied during the initial rake db:migrate run.
Files
- Related to Patch #3858: Force the 'admin' account to change the default password added
Thanks for pointing me to the other ticket. Before creating this issue, I was trying to find a similar ticket, but I guess, I was using the wrong search terms.
I just had a look at the patch, you proposed in #3858. It looks, like we both had the same idea. :) Therefore I would propose to close this issue in favour of #3858. (Unfortunately I cannot do that on my own.)
I just wanted to briefly explain, that I was hesitant to create a User instance within the migration, since that sometimes leads to errors involving outdated column caches within ActiveRecord.
- Status changed from New to Closed
- Assignee set to Jean-Philippe Lang
- Target version set to 3.3.0
- Resolution set to Fixed
Gregor Schmidt wrote:
I just wanted to briefly explain, that I was hesitant to create a User instance within the migration, since that sometimes leads to errors involving outdated column caches within ActiveRecord.
Agreed, using model instances in migrations should be avoided as much as possible. Patch committed.
- Subject changed from Require password reset on initial setup to Require password reset on initial setup for default admin account
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by