2019-03-03 16:12:05 +00:00
|
|
|
"""passbook password_expiry_policy Models"""
|
|
|
|
|
from datetime import timedelta
|
2020-07-20 13:58:48 +00:00
|
|
|
from typing import Type
|
2019-03-03 16:12:05 +00:00
|
|
|
|
|
|
|
|
from django.db import models
|
2020-07-20 13:58:48 +00:00
|
|
|
from django.forms import ModelForm
|
2019-03-03 16:12:05 +00:00
|
|
|
from django.utils.timezone import now
|
|
|
|
|
from django.utils.translation import gettext as _
|
2020-08-21 22:42:15 +00:00
|
|
|
from rest_framework.serializers import BaseSerializer
|
2019-10-01 08:24:10 +00:00
|
|
|
from structlog import get_logger
|
2019-03-03 16:12:05 +00:00
|
|
|
|
2020-05-16 16:07:00 +00:00
|
|
|
from passbook.policies.models import Policy
|
2020-02-20 12:52:05 +00:00
|
|
|
from passbook.policies.types import PolicyRequest, PolicyResult
|
2019-03-03 16:12:05 +00:00
|
|
|
|
2019-10-04 08:08:53 +00:00
|
|
|
LOGGER = get_logger()
|
2019-03-03 16:12:05 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class PasswordExpiryPolicy(Policy):
|
2020-05-20 11:47:58 +00:00
|
|
|
"""If password change date is more than x days in the past, invalidate the user's password
|
2019-03-03 16:12:05 +00:00
|
|
|
and show a notice"""
|
|
|
|
|
|
|
|
|
|
deny_only = models.BooleanField(default=False)
|
|
|
|
|
days = models.IntegerField()
|
|
|
|
|
|
2020-08-21 22:42:15 +00:00
|
|
|
@property
|
|
|
|
|
def serializer(self) -> BaseSerializer:
|
|
|
|
|
from passbook.policies.expiry.api import PasswordExpiryPolicySerializer
|
|
|
|
|
|
|
|
|
|
return PasswordExpiryPolicySerializer
|
|
|
|
|
|
2020-09-29 08:32:41 +00:00
|
|
|
@property
|
2020-07-20 13:58:48 +00:00
|
|
|
def form(self) -> Type[ModelForm]:
|
|
|
|
|
from passbook.policies.expiry.forms import PasswordExpiryPolicyForm
|
|
|
|
|
|
|
|
|
|
return PasswordExpiryPolicyForm
|
2019-03-03 16:12:05 +00:00
|
|
|
|
2019-10-03 08:45:31 +00:00
|
|
|
def passes(self, request: PolicyRequest) -> PolicyResult:
|
2019-03-03 16:12:05 +00:00
|
|
|
"""If password change date is more than x days in the past, call set_unusable_password
|
|
|
|
|
and show a notice"""
|
2019-10-03 08:45:31 +00:00
|
|
|
actual_days = (now() - request.user.password_change_date).days
|
2019-12-31 11:51:16 +00:00
|
|
|
days_since_expiry = (
|
|
|
|
|
now() - (request.user.password_change_date + timedelta(days=self.days))
|
|
|
|
|
).days
|
2019-03-03 16:12:05 +00:00
|
|
|
if actual_days >= self.days:
|
|
|
|
|
if not self.deny_only:
|
2019-10-03 08:45:31 +00:00
|
|
|
request.user.set_unusable_password()
|
|
|
|
|
request.user.save()
|
2019-12-31 11:51:16 +00:00
|
|
|
message = _(
|
|
|
|
|
(
|
|
|
|
|
"Password expired %(days)d days ago. "
|
|
|
|
|
"Please update your password."
|
|
|
|
|
)
|
|
|
|
|
% {"days": days_since_expiry}
|
|
|
|
|
)
|
2019-10-01 08:17:39 +00:00
|
|
|
return PolicyResult(False, message)
|
2019-12-31 11:51:16 +00:00
|
|
|
return PolicyResult(False, _("Password has expired."))
|
2019-10-01 08:17:39 +00:00
|
|
|
return PolicyResult(True)
|
2019-03-03 16:12:05 +00:00
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
|
|
2019-12-31 11:51:16 +00:00
|
|
|
verbose_name = _("Password Expiry Policy")
|
|
|
|
|
verbose_name_plural = _("Password Expiry Policies")
|
