pinax / django-user-accounts

User accounts for Django
MIT License
1.22k stars 356 forks source link

Make password expiration possible for all users #330

Open stanim opened 4 years ago

stanim commented 4 years ago

For our application we need password expiration for all users. In order to implement this we would introduce a new setting: ACCOUNT_PASSWORD_EXPIRY_SKIP (string) which would default to "staff" for backwards compatibility. Other values could be: "none" and "superuser". This would be coded in ExpiredPasswordMiddleware.

We could provide a pull request if the project is open to it. Let us know what you think.

ekobayu commented 4 years ago

Hi @stanim , Sorry maybe I'm in wrong room, I want to ask about password expiry. I have been setup and followed instructions in here https://django-user-accounts.readthedocs.io/en/latest/usage.html#enabling-password-expiration

But nothing changes or happen when new register user have been signup. I have been setup account expiry in 60 seconds and nothing changes for password expiry.

Did I miss something ?

Thanks

jonathan-s commented 3 years ago

@ekobayu Was it for a staff user, right now the middleware only works for staff users. @stanim I'd also add it's pretty easy to just switch out the middleware for a middleware that works for all users.