mirror of
https://github.com/discourse/discourse.git
synced 2024-11-29 20:24:05 -06:00
e97ef7e9af
This commit adds the ability for site administrators to mark users' passwords as expired. Note that this commit does not add any client side interface to mark a user's password as expired. The following changes are introduced in this commit: 1. Adds a `user_passwords` table and `UserPassword` model. While the `user_passwords` table is currently used to only store expired passwords, it will be used in the future to store a user's current password as well. 2. Adds a `UserPasswordExpirer.expire_user_password` method which can be used from the Rails console to mark a user's password as expired. 3. Updates `SessionsController#create` to check that the user's current password has not been marked as expired after confirming the password. If the password is determined to be expired based on the existence of a `UserPassword` record with the `password_expired_at` column set, we will not log the user in and will display a password expired notice. A forgot password email is automatically send out to the user as well.
38 lines
1.3 KiB
Ruby
38 lines
1.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class UserPassword < ActiveRecord::Base
|
|
validates :user_id, presence: true
|
|
|
|
validates :user_id,
|
|
uniqueness: {
|
|
scope: :password_expired_at,
|
|
},
|
|
if: -> { password_expired_at.nil? }
|
|
|
|
validates :password_hash, presence: true, length: { is: 64 }, uniqueness: { scope: :user_id }
|
|
validates :password_salt, presence: true, length: { is: 32 }
|
|
validates :password_algorithm, presence: true, length: { maximum: 64 }
|
|
|
|
belongs_to :user
|
|
end
|
|
|
|
# == Schema Information
|
|
#
|
|
# Table name: user_passwords
|
|
#
|
|
# id :integer not null, primary key
|
|
# user_id :integer not null
|
|
# password_hash :string(64) not null
|
|
# password_salt :string(32) not null
|
|
# password_algorithm :string(64) not null
|
|
# password_expired_at :datetime
|
|
# created_at :datetime not null
|
|
# updated_at :datetime not null
|
|
#
|
|
# Indexes
|
|
#
|
|
# idx_user_passwords_on_user_id_and_expired_at_and_hash (user_id,password_expired_at,password_hash)
|
|
# index_user_passwords_on_user_id (user_id) UNIQUE WHERE (password_expired_at IS NULL)
|
|
# index_user_passwords_on_user_id_and_password_hash (user_id,password_hash) UNIQUE
|
|
#
|