Project

General

Profile

Actions

Feature #21421

closed

Security Notifications when security related things are changed

Added by Jan from Planio www.plan.io about 9 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed

Description

As a user I want to receive an email whenever something security related (e.g. my password, my account email address) is changed.

As an admin, I would like to receive also emails about global changes (e.g. "login required" disactivated) or the addition/removal of other admins.

The attached patch series against current trunk implements this. Would be great if that could be included in one of the next releases. Thanks!


Files

0001-Store-user-s-IP-address-for-the-duration-of-the-requ.patch (2.37 KB) 0001-Store-user-s-IP-address-for-the-duration-of-the-requ.patch Jan from Planio www.plan.io, 2015-12-04 09:29
0005-Harmonize-setting-labels.patch (4.29 KB) 0005-Harmonize-setting-labels.patch Jan from Planio www.plan.io, 2015-12-04 09:29
0000-Add-optional-user-parameter-to-I18n-format_time-to-o.patch (1.21 KB) 0000-Add-optional-user-parameter-to-I18n-format_time-to-o.patch Jan from Planio www.plan.io, 2015-12-11 12:33
0002-Add-Mailer-security_notification.patch (6.68 KB) 0002-Add-Mailer-security_notification.patch Jan from Planio www.plan.io, 2015-12-11 12:33
0004-Send-a-security-notification-when-a-user-s-email-add.patch (8.83 KB) 0004-Send-a-security-notification-when-a-user-s-email-add.patch Jan from Planio www.plan.io, 2015-12-12 14:30
0006-Send-a-security-notification-when-certain-settings-a.patch (5.64 KB) 0006-Send-a-security-notification-when-certain-settings-a.patch Jan from Planio www.plan.io, 2015-12-13 07:10
0003-Send-a-security-notification-when-a-user-s-password-.patch (4.03 KB) 0003-Send-a-security-notification-when-a-user-s-password-.patch Jan from Planio www.plan.io, 2015-12-13 08:13
0007-Send-a-security-notification-when-users-gain-or-loos.patch (8.34 KB) 0007-Send-a-security-notification-when-users-gain-or-loos.patch Jan from Planio www.plan.io, 2015-12-13 08:36
0008-Allow-overriding-of-originator-and-remote_ip-causing-a-s.patch (4.61 KB) 0008-Allow-overriding-of-originator-and-remote_ip-causing-a-s.patch Jan from Planio www.plan.io, 2015-12-13 09:38

Related issues

Related to Redmine - Defect #23369: encoding error in locales de.ymlClosed

Actions
Related to Redmine - Defect #32193: Add turn on/off button to control sending security notificationsNew

Actions
Actions #1

Updated by Jan from Planio www.plan.io about 9 years ago

  • Description updated (diff)
Actions #2

Updated by Jean-Philippe Lang about 9 years ago

  • Target version changed from Candidate for next major release to 3.3.0

Nice addition but maybe a bit late for 3.2.0. I'm assigning it to 3.3.0

Actions #3

Updated by Jan from Planio www.plan.io about 9 years ago

Jean-Philippe Lang wrote:

Nice addition but maybe a bit late for 3.2.0. I'm assigning it to 3.3.0

Thanks for your feedback. 3.3.0 would be great!

After review, I'm also updating the patch series:

  • replace bogus gmail address with more appropriate example.foo address
  • rebase on current master (fixed a test)
  • use correct time zone for mails
Actions #4

Updated by Jan from Planio www.plan.io about 9 years ago

  • File deleted (0002-Add-Mailer-security_notification.patch)
Actions #5

Updated by Jan from Planio www.plan.io about 9 years ago

  • File deleted (0007-Send-a-security-notification-when-users-gain-or-loos.patch)
Actions #6

Updated by Jan from Planio www.plan.io about 9 years ago

  • File deleted (0004-Send-a-security-notification-when-a-user-s-email-add.patch)
Actions #7

Updated by Jan from Planio www.plan.io about 9 years ago

Fix Patch 4 so that the user whose email address is changed gets the mail (not the current user). They might differ in case an admin changes email addresses for a different user.

Actions #8

Updated by Jan from Planio www.plan.io about 9 years ago

  • File deleted (0007-Send-a-security-notification-when-users-gain-or-loos.patch)
Actions #9

Updated by Jan from Planio www.plan.io about 9 years ago

  • File deleted (0006-Send-a-security-notification-when-certain-settings-a.patch)
Actions #10

Updated by Jan from Planio www.plan.io about 9 years ago

Fix patches 6 and 7 so that security notifications only get sent to active admins only.

Actions #11

Updated by Jan from Planio www.plan.io about 9 years ago

  • File deleted (0003-Send-a-security-notification-when-a-user-s-password-.patch)
Actions #12

Updated by Jan from Planio www.plan.io about 9 years ago

Fix patch 3 to also send a security notification when the user's password is changed after a lost password.

Actions #13

Updated by Jan from Planio www.plan.io about 9 years ago

  • File deleted (0007-Send-a-security-notification-when-users-gain-or-loos.patch)
Actions #15

Updated by Jan from Planio www.plan.io about 9 years ago

Adding patch 8 which allows overriding of originator and remote_ip causing a security notification and use these overrides in lost password procedure (where no real session is initiated).

Actions #16

Updated by Jean-Philippe Lang over 8 years ago

  • Status changed from New to Closed
  • Assignee set to Jean-Philippe Lang
  • Resolution set to Fixed

Feature added with a few changes, eg. we're sending one email about changed settings to all admins instead of one email to each amdin for each setting.
Thanks.

Actions #17

Updated by Toshi MARUYAMA over 8 years ago

  • Related to Defect #23369: encoding error in locales de.yml added
Actions #18

Updated by Joel Bearden over 8 years ago

This is a nice feature. How do I turn these notifications off? Or limit the recipient list?

Actions #19

Updated by Toshi MARUYAMA over 8 years ago

Joel Bearden wrote:

This is a nice feature. How do I turn these notifications off? Or limit the recipient list?

Please create new feature issue.

Actions #20

Updated by Go MAEDA about 5 years ago

  • Related to Defect #32193: Add turn on/off button to control sending security notifications added
Actions

Also available in: Atom PDF