View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 254
IDProjectCategoryView StatusDate SubmittedLast Update
14638Feature requestsSecuritypublic2019-03-12 17:432023-02-08 17:03
ReporterDenisChenu Assigned Toc_schmitz  
PriorityhighSeverityfeature 
Status acknowledgedResolutionopen 
Summary14638: One time password : add "time out"
Description

One time password seems unlimited in time. A one time pasword generate today still valid in 10 years.
(I didn't test a lot one time password …)
I think it's a good idea to have a limited in time one-time password.

Additional Information
  1. Add a datetime (created ?) column in one time password
  2. Add a 'timelimit' one time password in config
  3. When an user come with a one time password check if datetime + timelimit is over (or not) and show an error message

After we can start to work on https://bugs.limesurvey.org/view.php?id=14049
Where we replace all password send by a one time password send.

Tagssecurity
Bug heat254
Story point estimate5
Users affected %10

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2019-03-12 17:45

developer   ~50931

To disable potential incompatibility with previous system using one-time password : set the default to null/0 => mean unlimited.
I dislike to have a bad security by default but if it's different : it broke different usage.

BUT : maybe set it to one hour by default : it's OK because we broke API.
DenisChenu

DenisChenu

2023-02-08 16:41

developer   ~73754

@ollehar : it's not already fixed here ?
ollehar

ollehar

2023-02-08 17:02

administrator   ~73756

Not sure :d No table for onetime pwd?
ollehar

ollehar

2023-02-08 17:03

administrator   ~73757

Oh it's a column in the users table, one_time_pw.

Issue History

Date Modified Username Field Change
2019-03-12 17:43 DenisChenu New Issue
2019-03-12 17:45 DenisChenu Note Added: 50931
2021-03-07 21:08 c_schmitz Tag Attached: security
2021-03-07 21:26 c_schmitz Assigned To => c_schmitz
2021-03-07 21:26 c_schmitz Status new => acknowledged
2023-02-08 16:39 ollehar Story point estimate => 5
2023-02-08 16:39 ollehar Users affected % => 10
2023-02-08 16:39 ollehar Priority none => high
2023-02-08 16:41 DenisChenu Note Added: 73754
2023-02-08 17:02 ollehar Note Added: 73756
2023-02-08 17:02 ollehar Bug heat 252 => 254
2023-02-08 17:03 ollehar Note Added: 73757