GDPR implementation and password enhancements

Submitted by Anna Géczi on 15 October, 2019 - 09:07
Basic
Description
Summary

PCS NG version 1.9.2.8 (prod and all test systems)

GDPR acceptance page

PCS user accounts are created upon RNE OTRS request by the RNE support team. The first time they login in PCS instead of being redirected to the dashboard they should be redirected to the GDPR acceptance page.

The page shows two checkboxes (unchecked by default) with the following text:

  • I have read the RNE privacy notice and agree to the processing of my personal data by RNE according to the GDPR (General Data Protection Regulation).
  • I agree that RNE can send to my email address the PCS Newsletter. You can withdraw your agreement at any time. In this case please contact us at support.pcs@rne.eu.

The first checkbox must be checked in order to be able to proceed or access any other PCS page. Once checked an 'I agree' button becomes enabled. Upon clicking on 'I agree' the system should store the current date and time in RNE_GDPR_ACCEPTED_DATE and update PCS_NEWSLETTER_SUBSCRIPTION to 1 if the second checkbox was checked.

Ask for password change after GDPR acceptance

It should be a separate step dependent on separate fields. The password change shows up if last login date is null and the GDPR page shows up if acceptance date is null.

Password hashing algorithm improvement

Because we will ask all users to change their password we should take advantage to improve the security of the passwords. New encryption is applied and minimum length too (6 digits).

JIRA nr.
https://extranet.netcetera.biz/jira/browse/RNE014-2085
Issue type
Story
Priority
Major
Details
Planned for Patch Release
Monday, 4 June, 2018
Taken in Patch Release
Tuesday, 12 June, 2018