search

tarak / django-password-policies

Django unicode-aware password policies.
Other
59 stars 92 forks source link

Added PASSWORD_CHECK_ONLY_AT_LOGIN #28

Closed lip77us closed 9 years ago

lip77us commented 9 years ago

New setting (PASSWORD_CHECK_ONLY_AT_LOGIN) to allow user to not get logged off in the middle of an active session if they timeout their password.

tarak commented 9 years ago

Thx.

lip77us commented 9 years ago

Tarak,

Thanks for acting so quickly.

We really like your package. We were also able to implement the force password change after admin reset by adding the check box like you recommended to auth screens. Also added PASSWORD_DURATION_INACTIVE_SECONDS to my local image by implementing a custom ModelBackend which checks how long it has been since you last logged in and if it has been more than PASSWORD_DURATION_INACTIVE_SECONDS, sets the PasswordChangeRequired row. Finally, we implemented PASSWORD_USE_PASSWDCQ setting to make a call out to passwdcq password checker by implementing a new validator and making a subprocess32.Popen call out to pwqcheck.

Paul Lipkin paul@kisensum.com mailto:ryan@kisensum.com (510) 282-3126

Kisensum|2150 Shattuck Avenue|Berkeley, CA

Tarak Blah mailto:notifications@github.com January 24, 2015 at 6:24 AM

Thx.

— Reply to this email directly or view it on GitHub https://github.com/tarak/django-password-policies/pull/28#issuecomment-71319175.

tarak commented 9 years ago

I did not know passwdcq. PR request is welcome.

I was thinking of uploading a new version to PyPI. Should I wait for a PR or give you more time?

One more thing. The documentation available in the docs folder needs to be updated. I can add the setting PASSWORD_CHECK_ONLY_AT_LOGIN to the documentation. If you intend to write some more code that adds significant features to this app I would really appreciate it if you would also write some documentation.

And tests if you'd like...

lip77us commented 9 years ago

I am good for now. Thank you for adding to the documentation. I will make sure that I update that in the future. If we add tests in our image, I will be sure and update the repository when I do that as well.

Tarak Blah mailto:notifications@github.com January 24, 2015 at 8:41 AM

I did not know passwdcq. PR request is welcome.

I was thinking of uploading a new version to PyPI. Should I wait for a PR or give you more time?

One more thing. The documentation available in the docs folder needs to be updated. I can add the setting PASSWORD_CHECK_ONLY_AT_LOGIN to the documentation. If you intend to write some more code that adds significant features to this app I would really appreciate it if you would also write some documentation.

And tests if you'd like...

— Reply to this email directly or view it on GitHub https://github.com/tarak/django-password-policies/pull/28#issuecomment-71326076.

tarak commented 9 years ago

Just uploaded 0.3.1 to PyPI. Updated documentation as well. thx again!