Are there any django apps for force expiring the password of the user after certain interval like 30 days? I am using djangp's auth and want to extend it or use a community app.
What I have tried so far:
What I am confused about:
Please note that I don't want to use middleware as it will be a resource constraint.
You seem on the right track. Set the date of the last password updated, check if the timedelta is greater than 30 days, if so redirect to the change password page. Your Login view should essentially stay the same except don't actually login the user to the request object if the timedelta is greater than 30 days.
from datetime import date, timedelta
from django.contrib.auth import authenticate, login
def my_view(request):
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
if date.today() - user.password_date > timedelta(days=30):
# Redirect to password change page
else:
login(request, user)
# Redirect to a success page.
else:
# Return a 'disabled account' error message
else:
# Return an 'invalid login' error message.
Well, there is django-passwords-policies, http://tarak.github.io/django-password-policies/topics/force.password.change.html
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With