Historical Password Check #7767
-
|
Does anyone know if there is an extension point (or at least if it seems feasible) that would allow me to:
My goal would be to have the historical password (encrypted salt / hash) data stored right with the User document record. I probably would expose a setting to limit number of historical password data being stored. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Hmm, there is no suitable event I'm aware of (like |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @Piedone, I will take a look at the ILoginFormEvent and see if that provides me an entrance. If I find a way to pull it off that doesn't feel to crazy, I would be open to having it be a feature pull request, but like you said, it might end up just staying a third-party module as I understand the sensitivity of the topic. I will close this at this time and try and swing by later with what I actually implemented |
Beta Was this translation helpful? Give feedback.
-
|
No problem. Now I just noticed a copy-paste error above though: the action I was referring to is `AccountController.ChangePassword()" |
Beta Was this translation helpful? Give feedback.
Hmm, there is no suitable event I'm aware of (like
ILoginFormEventis for login). On the short term, you could overrideAccountController.ILoginFormEvent()with your route and handle the password change yourself. On the longer term you could add an event handler for it, however, I'm not sure if generally people would accept an event handler that exposes a password directly (even though of course you can get that out somehow anyway but it can encourage security-unconscious behavior).