Skip to content

Let admins invalidate the password of selected users #879

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Marc-Andrieu wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

Let admins invalidate the password of selected users #879

Marc-Andrieu wants to merge 8 commits into from

Conversation

@Marc-Andrieu
Copy link
Member

@Marc-Andrieu Marc-Andrieu commented Oct 17, 2025
edited
Loading

Description

Summary

Let admins to mark a range of users with a stamp to compel them to change their password, effectively making a password change campaign.
This changes in the logic for password modification (no putting the same) and on authorization (authentication should instead lead saying that yes we know it's [probably] you but we don't authorize, you need to change the password)

Changes Made

  • Add boolean column should_change_password in CoreUser, not nullable, default false
  • Add endpoint to let an admin set should_change_password for one user
  • Disable resetting the password with a flow different from re-validating the email address
  • Do something to authenticate without authorizing and put instead an error or something... --> DESIGN TO BE DISCUSSED
Details

Type of Change

  • 🐛 Bug fix (non-breaking change which fixes an issue)
  • ✨ New feature (non-breaking change which adds functionality)
  • 🔨 Refactor (non-breaking change that neither fixes a bug nor adds a feature)
  • 🔧 Infra CI/CD (changes to configs of workflows)
  • 💥 BREAKING CHANGE (fix or feature that require a new minimal version of the front-end)

Impact & Scope

  • Core functionality changes
  • Single module changes
  • Multiple modules changes
  • Database migrations required
  • Other

Testing

  • Added/modified tests that pass the CI
  • Tested in a pre-prod
  • Tested this locally

Documentation

  • Updated docs accordingly (docs.myecl.fr) :
  • Code includes docstrings
  • No documentation needed
  • Inline comments

@Marc-Andrieu Marc-Andrieu self-assigned this Oct 17, 2025
@Marc-Andrieu Marc-Andrieu added help wanted Extra attention is needed core authentication feat New feature or request migration labels Oct 17, 2025
@codecov
Copy link

codecov bot commented Oct 17, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 72.00000% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 84.84%. Comparing base (dfc6359) to head (2c53461).

Files with missing lines Patch % Lines
app/core/users/endpoints_users.py 69.56% 7 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #879      +/-   ##
==========================================
- Coverage   84.86%   84.84%   -0.03%     
==========================================
  Files         199      199              
  Lines       14094    14110      +16     
==========================================
+ Hits        11961    11971      +10     
- Misses       2133     2139       +6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Marc-Andrieu Marc-Andrieu force-pushed the security/password-invalidation branch from 0c66557 to 1af98b3 Compare October 17, 2025 10:02
@Marc-Andrieu Marc-Andrieu mentioned this pull request Nov 29, 2025
Merged
22 tasks
Marc-Andrieu added a commit that referenced this pull request Jan 6, 2026
@Marc-Andrieu
Rename MyECLPay to MyPayment for genericity & bump CalypSSO (#914)
5ad761e 
# Description

## Summary

<!--BRIEF description: DONT'T EXPLAIN the code: JUSTIFY what this PR is
for!-->

Renaming MyECLPay to MyPayment for 2 reasons:
- Compatibility with CalypSSO: For #879 I need a change on CalypSSO, but
the current latest (2.6.1) breaks Hyperion, hence this refacto is
required
- Genericity: not hard-coding our school's name in the internal payment
solution to make it easier to fork and deploy for other schools

<!--#### Sources at the end-->

## Issues/PR dependencies

<!--Use a keyword, then #123 for the same repo or
aeecleclair/RepoName#123 for another-->

### Issues to be resolved

<!--Keywords: "closes", "fixes", "resolves" -->
<!--Fixes #-->

### Required PRs

<!--Keywords: "depends on", "blocked by" -->
<!--Depends on #-->

## Changes Made

<!--DESCRIBE the changes: tell the BIG STEPS, use a CHECKLIST to show
progress. You can explain below how the code works.-->

- [x] Renaming myeclpay to mypayment to fix CalypSSO compatibility
- [x] Refacto for CalypSSO to work
- [x] Refactor the displayname for the front-end

## Additional Notes

<!--Anything relevant that does not quite fit in the summary-->

<!--Don't touch thses two tags-->
<details>
<summary>

# Classification

</summary>

## Type of Change

- [x] 🐛 Bug fix (non-breaking change which fixes an issue)
- [ ] ✨ New feature (non-breaking change which adds functionality)
- [x] 🔨 Refactor (non-breaking change that neither fixes a bug nor adds
a feature)
- [ ] 🔧 Infra CI/CD (changes to configs of workflows)
- [x] 💥 BREAKING CHANGE (fix or feature that require a new minimal
version of the front-end)
- [ ] 😶‍🌫️ No impact for the end-users

## Impact & Scope

- [x] Core functionality changes
- [ ] Single module changes
- [ ] Multiple modules changes
- [x] Database migrations required
- [ ] Other: ... <!--Not module-oriented: write something!-->

## Testing

- [x] 1. Tested this locally
- [x] 2. Added/modified tests that pass the CI (or tested in a
downstream fork)
- [ ] 3. Tested in a deployed pre-prod
- [ ] 0. Untestable (exceptionally), will be tested in prod directly

## Documentation

- [ ] Updated [the docs](docs.myecl.fr) accordingly : <!--[Docs#0 -
Title](https://github.com/aeecleclair/myecl-documentation/pull/0)-->
- [ ] `"` Docstrings
- [ ] `#` Inline comments
- [x] No documentation needed

</details>
@Marc-Andrieu Marc-Andrieu force-pushed the security/password-invalidation branch from 1af98b3 to 2c53461 Compare January 19, 2026 13:16
@Marc-Andrieu
Copy link
Member Author

Marc-Andrieu commented Jan 21, 2026

Missing:

  • Discuss the business logic of this PoC with whomever wants
  • CalypSSO minor release to have the current Hyperion tests pass again
  • Add a new set of Hyperion tests to ensure the strong constraints on a known compromised account are correctly enforced and don't allow a pirate to get authorization nor change the password without having access to the emails.
  • Lengthen a bit the docstrings of some endpoints in the core to account for the flow regarding a supposedly compromised account

@Marc-Andrieu Marc-Andrieu mentioned this pull request Jan 21, 2026
Draft
@Marc-Andrieu
Copy link
Member Author

Marc-Andrieu commented Jan 21, 2026

Back-end of aeecleclair/CalypSSO#189

@Marc-Andrieu Marc-Andrieu force-pushed the security/password-invalidation branch from bd1e720 to 0acca2e Compare January 23, 2026 13:58
@Marc-Andrieu Marc-Andrieu force-pushed the security/password-invalidation branch from 0acca2e to 62ce1ea Compare January 23, 2026 14:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Marc-Andrieu Marc-Andrieu

Labels

authentication core feat New feature or request help wanted Extra attention is needed migration

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Marc-Andrieu