Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-14586

Force system administrator to secure the admin user account

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 8.8
    • Component/s: Web, Web API
    • Labels:
    • Edition:
      Community
    • Production Notes:
      None

      Description

      Redirect system administrators to new page

      If the current user is a system administrator, and is not "admin", redirect to a new page where they are asked to change the user "admin"'s password.

      As long as the default credentials aren't changed, or "admin" isn't deactivated, the system administrator cannot interact with the SonarQube UI in any other way.

      Once performed, the user can use the SonarQube UI again.

      Send a new flag to the frontend to block this page if not useful

      We must update /api/navigation/global and send a new flag only for system administrators to make sure users don't type the new path manually, and get an unusable form. This new flag is called instanceUsesDefaultAdminCredentials, and returns a boolean (and will not be provided for any user that's not a system administrator).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              wouter.admiraal Wouter Admiraal
              Reporter:
              wouter.admiraal Wouter Admiraal
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: