Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password Expiry #163

Open
xburelle opened this issue Jun 5, 2017 · 1 comment
Open

Password Expiry #163

xburelle opened this issue Jun 5, 2017 · 1 comment
Labels
Effort: High Effort: Medium Priority: Medium Status: Available Type: Enhancement

Comments

@xburelle
Copy link

xburelle commented Jun 5, 2017

Goal : Verify programmatically or to be alerted if a password need to be changed due to an expiry value.

Suggestions :

  • Each time a password is changed, an attribute (pwdModifiedTime) is set with the current date.
  • What is the date format to use ? Date.now() give UTC timestamp in milliseconds. It can be the format used to store the date and we convert it to the user.
  • The password expiry attribute (pwdExpiry) is set to 0 by default, and has a day value ("30" days for example). 0 means : never expires.
  • A pwdExpiryTime attribute calculates the timestamp from pwdModifiedTime. It can be set in same time of pwdModifiedTime.
  • (Alert : in UI interface, an alert message warns the user)

So, I have some questions :

  • Do we need to add default attributes, maybe with validAttributes functions ?

  • Do we add another attribute pwdExpired with a boolean value, or in the alert part/expiry management we calculate if (pwdExpiryTime - pwdModifiedTime) > pwdExpiryInMilliseconds ?

  • Do we add functions to have expiry management ? Group.hasExpiredPwd() Archive.hasExpiredPwd()

  • Until there is a setting part, each password expiry for an entry has to be set manually.

I'm interested in working on settings too. You certainly planned to do it. And I like to know more about it :
Which format is used to store the settings? Where do you store it? In the archive? Which features do you want to it?
@perry-mitchell
Copy link
Member

perry-mitchell commented Jul 7, 2017
edited
Loading

Sorry for replying so late @xWayfarer - This is definitely something we'd like to look into quite soon. It would be beneficial to keep it as simple as possible in terms of scope, so what I'd recommend doing would be:

  • Add pass expiry attribute
  • Add pass modified attribute
  • Use only UTC timestamps ((new Date()).getTime();)

Do we add functions to have expiry management ? Group.hasExpiredPwd() Archive.hasExpiredPwd()

I would suggest not to add anything outside of Entry for now. Perhaps a function could be added to the entry decorators called say findEntriesByExpiredPassword. Entry could perhaps have something like hasExpiredPassword().

Do we need to add default attributes, maybe with validAttributes functions ?

The attribute keys go in the Entry class.

Until there is a setting part, each password expiry for an entry has to be set manually.

This is best for now. Settings can come later.

Which format is used to store the settings? Where do you store it? In the archive? Which features do you want to it?

A very loaded question 😅.. but the settings thing hasn't been decided just yet. It should be something that makes sense and is quite portable between platforms that buttercup runs on. I'm open to discussion, but that should occur here.

@xburelle xburelle mentioned this issue Jul 14, 2017
Closed
@perry-mitchell perry-mitchell mentioned this issue Aug 11, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Effort: High Effort: Medium Priority: Medium Status: Available Type: Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xburelle @perry-mitchell