Module
password_security
Describe the bug
If the password expired of any user but if the user turn on the two factor authentication then it’s not able to redirect to the reset password link. I mean the user successfully able to login even if the password expired.
To Reproduce
Affected versions:16
Steps to reproduce the behavior:
1.Turn on the two-factor authentication for a user whose password is already expired.
2.Open an incognito window (or a different browser session) and log in using that user’s credentials.
3.After entering the username and password, the system redirects to the two-factor authentication page to enter the verification code.
4.Enter the authentication code and click login.
The user is successfully logged into Odoo even though the password is expi
Expected behavior
If a user's password has expired, the system should not allow a complete login without first forcing the user to reset their password.
When two-factor authentication is enabled, the system should still enforce the password expiration rule. Therefore, one of the following behaviors should occur:
Option 1 (Preferred):
After entering the username and password, if the password has expired, the user should be redirected directly to the password reset page instead of being taken to the two-factor authentication page.
Option 2:
If the system allows the two-factor authentication step first, then after entering the authentication code, the user should be redirected to the password reset page instead of being logged into Odoo.
Module
password_security
Describe the bug
If the password expired of any user but if the user turn on the two factor authentication then it’s not able to redirect to the reset password link. I mean the user successfully able to login even if the password expired.
To Reproduce
Affected versions:16
Steps to reproduce the behavior:
1.Turn on the two-factor authentication for a user whose password is already expired.
2.Open an incognito window (or a different browser session) and log in using that user’s credentials.
3.After entering the username and password, the system redirects to the two-factor authentication page to enter the verification code.
4.Enter the authentication code and click login.
The user is successfully logged into Odoo even though the password is expi
Expected behavior
If a user's password has expired, the system should not allow a complete login without first forcing the user to reset their password.
When two-factor authentication is enabled, the system should still enforce the password expiration rule. Therefore, one of the following behaviors should occur:
Option 1 (Preferred):
After entering the username and password, if the password has expired, the user should be redirected directly to the password reset page instead of being taken to the two-factor authentication page.
Option 2:
If the system allows the two-factor authentication step first, then after entering the authentication code, the user should be redirected to the password reset page instead of being logged into Odoo.