Django强制密码到期 [英] Django force password expiration

问题描述

是否有django应用程序在一定间隔(例如30天)后强制使用户密码过期?我正在使用djangp的身份验证，并希望对其进行扩展或使用社区应用.

Are there any django apps for force expiring the password of the user after certain interval like 30 days? I am using djangp's auth and want to extend it or use a community app.

到目前为止我尝试过的事情:

What I have tried so far:

1. 在用户个人资料中添加了一个字段，用于存储上次密码更新的日期.
2. 扩展了登录方法以检查该日期并将用户重定向到密码更改页面.

我很困惑:

1. 在更改密码之前阻止用户访问该网站.
2. 用户应该无法登录或只能输入url来直接访问页面.

请注意，我不想使用中间件，因为它将限制资源.

Please note that I don't want to use middleware as it will be a resource constraint.

推荐答案

您似乎处在正确的轨道上.设置上次更新密码的日期，检查时间增量是否大于30天，如果是，则重定向至更改密码页面.您的登录"视图应基本保持不变，除非如果时间间隔大于30天，则不要实际将用户登录到请求对象.

You seem on the right track. Set the date of the last password updated, check if the timedelta is greater than 30 days, if so redirect to the change password page. Your Login view should essentially stay the same except don't actually login the user to the request object if the timedelta is greater than 30 days.

from datetime import date, timedelta
from django.contrib.auth import authenticate, login

def my_view(request):
    username = request.POST['username']
    password = request.POST['password']
    user = authenticate(username=username, password=password)
    if user is not None:
        if user.is_active:
            if date.today() - user.password_date > timedelta(days=30):
                # Redirect to password change page
            else:
                login(request, user)
                # Redirect to a success page.
        else:
            # Return a 'disabled account' error message
    else:
    # Return an 'invalid login' error message.

这篇关于Django强制密码到期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！