Login Functionality Enhancement

Owned by Gaurav
Jul 27, 2023
4 min read

Overview 

Login functionality is enhanced to provide more security in Login. In this version , Two Factor authentication is introduced in Vienna Framework. Furthermore there are few enhancements like password expiration, lock user if number of failed login attempts exceeds the defined limit.  

Note: Now with this new release Vienna Advantage Framework (4.2.0.0), user can login with Search Key (User ID) only. User is prohibited to login with Name. 

 

Product Version and dependency 

New Login feature is supported by the below-mentioned modules:  

  1. Vienna Advantage Framework Version - 4.1.7.0 

Implementation  

 In order to implement new Login functionality, these two windows are being used:  

  1. System Config  

  2. User  

New options introduced in these windows are explained below. 

 

System Config  

 In order to achieve password expiration functionality and Lock user if failed login attempts exceed the defined limit, two new keys are added in System Config window.  

  1.  Password_Valid_Upto  

  2.  Failed_Login_Count  

 

S No. 

Name 

Description 

 Password_Valid_Upto 

This key used to define validity of user password. Value of this key defines validity of password for said number of months. 

For example if value of this key is 3, this means any new password will be valid for next 3 months. If value of this key is 0, then password will not expire.  

If User deletes this key, then by default password's validity will be 3 months.  

Failed_Login_Count 

This key defines number of wrong login attempts a user can perform before his/her account gets locked. Value of this key defines allowed wrong login attempts to each user.   

For example, if value is 5 and user tried wrong credentials 5 times, then his/her account will be locked. After that if user try to login with correct credentials, still user will not be able to login. User has to request administrator to change password to login again.  

2FA Feature (Google Authenticator) 

To support 2FA authentication feature introduce new field 2FA Enabled checkbox on user window.  After entering login credentials, if 2FA Enabled checkbox is checked on user window, user will be asked to scan QR Code for the first time. Once user scan QR Code on the Google Authenticator app installed on user's mobile phone, user needs to enter the OTP in the OTP field. Once user enters correct OTP user will be navigated to either home screen or to the Role selection screen based on the login settings. For the first time, QR code will be displayed on the login page, after that OTP will be asked every time while logging in to the system if 2FA enabled checkbox is checked on user window for the user. 

How Password Reset will work. 

In order for password reset functionality to work, value of Password_Valid_Upto should be greater than 0 or this key should not be in system config. In both these cases, user will be asked to reset his/her password. 

Whatever the value defined for Password_Valid_Upto, accordingly password will expire and ask user to reset the password. 

 

NOTE: If "Password_Valid_Upto" key is not available in System config, then default value for password expiration is 3 months. 

Password Validation 

Whenever user will try to insert/update login password, password will be validated by the Framework. If password is not strong enough as per validations of framework, password will not be allowed to save in DB. New password guidelines are as follow: 

  1. Password should have minimum 5 characters. 

  2. Password must start with a character. 

  3. Password must have 1 lower case and 1 upper case character. 

  4. Password must contain at least 1 digit. 

  5. Password must contain a special character. @$!%*?& are allowed special characters.@$!%*?& @$!%*?& 

 How Login Fail will work. 

In order for Login Attempts exceed defined limit functionality to work, value of Failed_Login_Count should be greater than 0 OR this key should not be in system config. In both these cases, System will check value of "Failed Login Count" field for that user in user window. if total failed login attempt by user are more than limit defined, then system will return message: Account locked. Max wrong attempts reached.  

If account is locked, then only administrator can unlock that account. So user have to contact administrator to unlock his account. 

NOTE:  

  1. If "Failed_Login_Count" key is not available in System config, then default value is 5. 

  1. SuperUser can attempt any no. Of wrong attempts. 

Other Enhancement 

 

Login Messages  

Till now, if there were any issue related to wrong credentials, role is not defined, user is not login user. System displays "Username not match with password". This release onwards, user will get exact message based on what is wrong while login. These messages are as follows. 

 

  1. If Login user is unchecked, then system return "User cannot login into system". 

  2. if username is wrong, then system return "Username is incorrect". 

  3. If role is not defined for user, then system return " No role defined for this user". 

  4. If account is locked, then system return "User account is locked. Maximum failed login attempts exceeds the defined limit. Please contact to administrator.". 

  5. If password is incorrect, then system return "Username not match with Password. 

 

New User's password 

Till now, whenever a user creates a new user, that user can login directly into the system. This release onwards, whenever a new user is created, then on very first login that user will be forced to reset his password.  When user enter credentials and click login, user will be navigated to new page where user has to enter his new password. User has no option to skip that page. Only if user enter new password, user will be navigated to home page. 

Similarly, when a user change any other user's password, then that other user will be forced to create new password on login. If a user change own password, then that user login into system directly without creating new password on login time.