discourse/db/migrate/20240603234529_create_user_passwords.rb
Alan Guo Xiang Tan e97ef7e9af
FEATURE: Allow site admin to mark a user's password as expired ()
This commit adds the ability for site administrators to mark users'
passwords as expired. Note that this commit does not add any client side
interface to mark a user's password as expired.

The following changes are introduced in this commit:

1. Adds a `user_passwords` table and `UserPassword` model. While the
   `user_passwords` table is currently used to only store expired
   passwords, it will be used in the future to store a user's current
   password as well.

2. Adds a `UserPasswordExpirer.expire_user_password` method which can
   be used from the Rails console to mark a user's password as expired.

3. Updates `SessionsController#create` to check that the user's current
   password has not been marked as expired after confirming the
   password. If the password is determined to be expired based on the
   existence of a `UserPassword` record with the `password_expired_at`
   column set, we will not log the user in and will display a password
   expired notice. A forgot password email is automatically send out to
   the user as well.
2024-06-04 15:42:53 +08:00

24 lines
785 B
Ruby

# frozen_string_literal: true
class CreateUserPasswords < ActiveRecord::Migration[7.0]
def change
create_table :user_passwords, id: :integer do |t|
t.integer :user_id, null: false
t.string :password_hash, limit: 64, null: false
t.string :password_salt, limit: 32, null: false
t.string :password_algorithm, limit: 64, null: false
t.datetime :password_expired_at, null: true
t.timestamps
end
add_index :user_passwords, %i[user_id], unique: true, where: "password_expired_at IS NULL"
add_index :user_passwords, %i[user_id password_hash], unique: true
add_index :user_passwords,
%i[user_id password_expired_at password_hash],
name: "idx_user_passwords_on_user_id_and_expired_at_and_hash"
end
end