add password policy
This commit is contained in:
parent
20ad062814
commit
c7fc444c95
|
@ -37,6 +37,10 @@ values =
|
|||
|
||||
[bumpversion:file:passbook/lib/__init__.py]
|
||||
|
||||
[bumpversion:file:passbook/hibp_policy/__init__.py]
|
||||
|
||||
[bumpversion:file:passbook/password_expiry_policy/__init__.py]
|
||||
|
||||
[bumpversion:file:passbook/saml_idp/__init__.py]
|
||||
|
||||
[bumpversion:file:passbook/audit/__init__.py]
|
||||
|
|
|
@ -75,6 +75,7 @@ INSTALLED_APPS = [
|
|||
'passbook.captcha_factor.apps.PassbookCaptchaFactorConfig',
|
||||
'passbook.hibp_policy.apps.PassbookHIBPConfig',
|
||||
'passbook.pretend.apps.PassbookPretendConfig',
|
||||
'passbook.password_expiry_policy.apps.PassbookPasswordExpiryPolicyConfig',
|
||||
]
|
||||
|
||||
# Message Tag fix for bootstrap CSS Classes
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
"""passbook hibp_policy"""
|
||||
__version__ = '0.0.7-alpha'
|
||||
__version__ = '0.1.1-beta'
|
||||
|
|
2
passbook/password_expiry_policy/__init__.py
Normal file
2
passbook/password_expiry_policy/__init__.py
Normal file
|
@ -0,0 +1,2 @@
|
|||
"""passbook password_expiry"""
|
||||
__version__ = '0.1.1-beta'
|
5
passbook/password_expiry_policy/admin.py
Normal file
5
passbook/password_expiry_policy/admin.py
Normal file
|
@ -0,0 +1,5 @@
|
|||
"""Passbook password_expiry_policy Admin"""
|
||||
|
||||
from passbook.lib.admin import admin_autoregister
|
||||
|
||||
admin_autoregister('passbook_password_expiry_policy')
|
11
passbook/password_expiry_policy/apps.py
Normal file
11
passbook/password_expiry_policy/apps.py
Normal file
|
@ -0,0 +1,11 @@
|
|||
"""Passbook password_expiry_policy app config"""
|
||||
|
||||
from django.apps import AppConfig
|
||||
|
||||
|
||||
class PassbookPasswordExpiryPolicyConfig(AppConfig):
|
||||
"""Passbook password_expiry_policy app config"""
|
||||
|
||||
name = 'passbook.password_expiry_policy'
|
||||
label = 'passbook_password_expiry_policy'
|
||||
verbose_name = 'passbook Password Expiry Policy'
|
24
passbook/password_expiry_policy/forms.py
Normal file
24
passbook/password_expiry_policy/forms.py
Normal file
|
@ -0,0 +1,24 @@
|
|||
"""passbook PasswordExpiry Policy forms"""
|
||||
|
||||
from django import forms
|
||||
from django.utils.translation import gettext as _
|
||||
|
||||
from passbook.core.forms.policies import GENERAL_FIELDS
|
||||
from passbook.password_expiry_policy.models import PasswordExpiryPolicy
|
||||
|
||||
|
||||
class PasswordExpiryPolicyForm(forms.ModelForm):
|
||||
"""Edit PasswordExpiryPolicy instances"""
|
||||
|
||||
class Meta:
|
||||
|
||||
model = PasswordExpiryPolicy
|
||||
fields = GENERAL_FIELDS + ['days', 'deny_only']
|
||||
widgets = {
|
||||
'name': forms.TextInput(),
|
||||
'order': forms.NumberInput(),
|
||||
'days': forms.NumberInput(),
|
||||
}
|
||||
labels = {
|
||||
'deny_only': _("Only fail the policy, don't set user's password.")
|
||||
}
|
29
passbook/password_expiry_policy/migrations/0001_initial.py
Normal file
29
passbook/password_expiry_policy/migrations/0001_initial.py
Normal file
|
@ -0,0 +1,29 @@
|
|||
# Generated by Django 2.1.7 on 2019-03-03 13:46
|
||||
|
||||
import django.db.models.deletion
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
initial = True
|
||||
|
||||
dependencies = [
|
||||
('passbook_core', '0016_auto_20190227_1355'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.CreateModel(
|
||||
name='PasswordExpiryPolicy',
|
||||
fields=[
|
||||
('policy_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Policy')),
|
||||
('deny_only', models.BooleanField(default=False)),
|
||||
('days', models.IntegerField()),
|
||||
],
|
||||
options={
|
||||
'verbose_name': 'Password Expiry Policy',
|
||||
'verbose_name_plural': 'Password Expiry Policies',
|
||||
},
|
||||
bases=('passbook_core.policy',),
|
||||
),
|
||||
]
|
40
passbook/password_expiry_policy/models.py
Normal file
40
passbook/password_expiry_policy/models.py
Normal file
|
@ -0,0 +1,40 @@
|
|||
"""passbook password_expiry_policy Models"""
|
||||
from datetime import timedelta
|
||||
from logging import getLogger
|
||||
|
||||
from django.db import models
|
||||
from django.utils.timezone import now
|
||||
from django.utils.translation import gettext as _
|
||||
|
||||
from passbook.core.models import Policy, User
|
||||
|
||||
LOGGER = getLogger(__name__)
|
||||
|
||||
|
||||
class PasswordExpiryPolicy(Policy):
|
||||
"""If password change date is more than x days in the past, call set_unusable_password
|
||||
and show a notice"""
|
||||
|
||||
deny_only = models.BooleanField(default=False)
|
||||
days = models.IntegerField()
|
||||
|
||||
form = 'passbook.password_expiry_policy.forms.PasswordExpiryPolicyForm'
|
||||
|
||||
def passes(self, user: User) -> bool:
|
||||
"""If password change date is more than x days in the past, call set_unusable_password
|
||||
and show a notice"""
|
||||
actual_days = (now() - user.password_change_date).days
|
||||
days_since_expiry = now() - (user.password_change_date + timedelta(days=self.days)).days
|
||||
if actual_days >= self.days:
|
||||
if not self.deny_only:
|
||||
user.set_unusable_password()
|
||||
user.save()
|
||||
return False, _('Password expired %(days)d days ago. Please update your password.' % {
|
||||
'days': days_since_expiry
|
||||
})
|
||||
return False, _('Password has expired.')
|
||||
|
||||
class Meta:
|
||||
|
||||
verbose_name = _('Password Expiry Policy')
|
||||
verbose_name_plural = _('Password Expiry Policies')
|
Reference in a new issue