Skip to content

Let admins invalidate the password of selected users #879

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

Let admins invalidate the password of selected users #879

wants to merge 6 commits into from

Conversation

@Marc-Andrieu
Copy link
Member

@Marc-Andrieu Marc-Andrieu commented Oct 17, 2025
edited
Loading

Description

Summary

Let admins to mark a range of users with a stamp to compel them to change their password, effectively making a password change campaign.
This changes in the logic for password modification (no putting the same) and on authorization (authentication should instead lead saying that yes we know it's [probably] you but we don't authorize, you need to change the password)

Changes Made

  • Add boolean column should_change_password in CoreUser, not nullable, default false
  • Add endpoint to let an admin set should_change_password for one user
  • Do something to authenticate without authorizing and put instead an error or something...

Type of Change

  • 🐛 Bug fix (non-breaking change which fixes an issue)
  • ✨ New feature (non-breaking change which adds functionality)
  • 🔨 Refactor (non-breaking change that neither fixes a bug nor adds a feature)
  • 🔧 Infra CI/CD (changes to configs of workflows)
  • 💥 BREAKING CHANGE (fix or feature that require a new minimal version of the front-end)

Impact & Scope

  • Core functionality changes
  • Single module changes
  • Multiple modules changes
  • Database migrations required
  • Other

Testing

  • Added/modified tests that pass the CI
  • Tested in a pre-prod
  • Tested this locally

Documentation

  • Updated docs accordingly (docs.myecl.fr) :
  • Code includes docstrings
  • No documentation needed
  • Inline comments

@Marc-Andrieu Marc-Andrieu self-assigned this Oct 17, 2025
@Marc-Andrieu Marc-Andrieu added help wanted Extra attention is needed core authentication feat New feature or request migration labels Oct 17, 2025
@codecov
Copy link

codecov bot commented Oct 17, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 73.07692% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.65%. Comparing base (513a563) to head (1af98b3).

Files with missing lines Patch % Lines
app/core/users/endpoints_users.py 69.56% 7 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #879      +/-   ##
==========================================
- Coverage   85.67%   85.65%   -0.03%     
==========================================
  Files         189      189              
  Lines       14572    14589      +17     
==========================================
+ Hits        12485    12496      +11     
- Misses       2087     2093       +6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Marc-Andrieu Marc-Andrieu force-pushed the security/password-invalidation branch from 0c66557 to 1af98b3 Compare October 17, 2025 10:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Marc-Andrieu Marc-Andrieu

Labels

authentication core feat New feature or request help wanted Extra attention is needed migration

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Marc-Andrieu