Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-14175

Force admin user account to reset its password when using default credential

    Details

    • Edition:
      Community
    • Production Notes:
      None

      Description

      Description

      'Admin' should not use default credential, he should be forced to update it the first time SonarQube detect that it's the case.

      Implementation

      • Add ‘reset_password’ boolean flag to users table.
      • Prepare migration which populates this value as ‘false’, except for admin user who still use admin as password.
        * Local user after successful login which has ‘reset_password’ flag set as true, should be redirected to unskippable form with following fields:

        • Title: Your password has been asked to be reset
        • Old Password
        • New password
        • Confirm password
      • With actionable button Change. After clicking on a button web should use api/users/change_password WS in order to change password of user.
      • Update api/users/change_password in order to prevent updating to the same password
      • Add warning in sonar.log when default admin credentials are detected
      • Update docs about the SQL to reset admin password in order to set the reset_password column to true

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                julien.lancelot Julien Lancelot
                Reporter:
                jacek.poreda Jacek Poreda
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: