https://pulp.plan.io/https://pulp.plan.io/favicon.ico2016-10-24T00:55:33ZPulpPulp - Story #2366: As a user, my password can be expiredhttps://pulp.plan.io/issues/2366?journal_id=152532016-10-24T00:55:33Zttereshcttereshc@redhat.com
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/15253/diff?detail_id=15997">diff</a>)</li></ul> Pulp - Story #2366: As a user, my password can be expiredhttps://pulp.plan.io/issues/2366?journal_id=152592016-10-24T01:02:08Zttereshcttereshc@redhat.com
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-11 priority-6 priority-default closed" href="/issues/2090">Task #2090</a>: Create a plan for user/auth in 3.0</i> added</li></ul> Pulp - Story #2366: As a user, my password can be expiredhttps://pulp.plan.io/issues/2366?journal_id=152712016-10-24T13:30:00Zbmbouterbmbouter@redhat.com
<ul></ul><p>I think of this story as capturing the use case to change a password. Changing a password causes all existing JWT tokens to expire which is a side-effect of the changing the password. I think the config portion should be removed from this story because that is part of <a class="issue tracker-3 status-12 priority-6 priority-default closed" title="Story: As a user, I can configure the expiration period for JWT tokens (CLOSED - DUPLICATE)" href="https://pulp.plan.io/issues/2367">#2367</a></p> Pulp - Story #2366: As a user, my password can be expiredhttps://pulp.plan.io/issues/2366?journal_id=152732016-10-24T14:27:09Zttereshcttereshc@redhat.com
<ul></ul><p>I thought that password change will be captured by the work on User model but now I agree that it makes sense to track it separately.<br>
I also imagined that password expiration time and JWT expiration time can be different. It is also would be more clear for users what setting they set, in case they use basic auth on every request (password expiration) or when they use some kind of external auth (only JWT expiration makes sense). I suggest not to remove but to move config portion from this story to <a class="issue tracker-3 status-12 priority-6 priority-default closed" title="Story: As a user, I can configure the expiration period for JWT tokens (CLOSED - DUPLICATE)" href="https://pulp.plan.io/issues/2367">#2367</a>, so there will be two different config options to implement in it.<br>
What do you think?</p> Pulp - Story #2366: As a user, my password can be expiredhttps://pulp.plan.io/issues/2366?journal_id=152962016-10-24T14:46:57Zbmbouterbmbouter@redhat.com
<ul></ul><p>I imagined only 1 config and it would be the valid length a JWT token is accepted for. I did not think we would require users to change their passwords. When I read the title about a password "expiring" I thought you meant a JWT expiring. I don't think passwords should be required to be changed.</p> Pulp - Story #2366: As a user, my password can be expiredhttps://pulp.plan.io/issues/2366?journal_id=153022016-10-24T16:05:47Zttereshcttereshc@redhat.com
<ul><li><strong>Status</strong> changed from <i>NEW</i> to <i>CLOSED - WONTFIX</i></li></ul> Pulp - Story #2366: As a user, my password can be expiredhttps://pulp.plan.io/issues/2366?journal_id=385792019-04-15T20:23:45Zbmbouterbmbouter@redhat.com
<ul><li><strong>Tags</strong> <i>Pulp 2</i> added</li></ul>