discourse/app/models/user_password.rb

# frozen_string_literal: true

class UserPassword < ActiveRecord::Base
  validates :user_id, presence: true

  validates :user_id,
            uniqueness: {
              scope: :password_expired_at,
            },
            if: -> { password_expired_at.nil? }

  validates :password_hash, presence: true, length: { is: 64 }, uniqueness: { scope: :user_id }
  validates :password_salt, presence: true, length: { is: 32 }
  validates :password_algorithm, presence: true, length: { maximum: 64 }

  belongs_to :user
end

# == Schema Information
#
# Table name: user_passwords
#
#  id                  :integer          not null, primary key
#  user_id             :integer          not null
#  password_hash       :string(64)       not null
#  password_salt       :string(32)       not null
#  password_algorithm  :string(64)       not null
#  password_expired_at :datetime
#  created_at          :datetime         not null
#  updated_at          :datetime         not null
#
# Indexes
#
#  idx_user_passwords_on_user_id_and_expired_at_and_hash  (user_id,password_expired_at,password_hash)
#  index_user_passwords_on_user_id                        (user_id) UNIQUE WHERE (password_expired_at IS NULL)
#  index_user_passwords_on_user_id_and_password_hash      (user_id,password_hash) UNIQUE
#
FEATURE: Allow site admin to mark a user's password as expired (#27314) This commit adds the ability for site administrators to mark users' passwords as expired. Note that this commit does not add any client side interface to mark a user's password as expired. The following changes are introduced in this commit: 1. Adds a `user_passwords` table and `UserPassword` model. While the `user_passwords` table is currently used to only store expired passwords, it will be used in the future to store a user's current password as well. 2. Adds a `UserPasswordExpirer.expire_user_password` method which can be used from the Rails console to mark a user's password as expired. 3. Updates `SessionsController#create` to check that the user's current password has not been marked as expired after confirming the password. If the password is determined to be expired based on the existence of a `UserPassword` record with the `password_expired_at` column set, we will not log the user in and will display a password expired notice. A forgot password email is automatically send out to the user as well. 2024-06-04 15:42:53 +08:00			`# frozen_string_literal: true`

			`class UserPassword < ActiveRecord::Base`
			`validates :user_id, presence: true`

			`validates :user_id,`
			`uniqueness: {`
			`scope: :password_expired_at,`
			`},`
			`if: -> { password_expired_at.nil? }`

			`validates :password_hash, presence: true, length: { is: 64 }, uniqueness: { scope: :user_id }`
			`validates :password_salt, presence: true, length: { is: 32 }`
			`validates :password_algorithm, presence: true, length: { maximum: 64 }`

			`belongs_to :user`
			`end`

			`# == Schema Information`
			`#`
			`# Table name: user_passwords`
			`#`
			`# id :integer not null, primary key`
			`# user_id :integer not null`
			`# password_hash :string(64) not null`
			`# password_salt :string(32) not null`
			`# password_algorithm :string(64) not null`
			`# password_expired_at :datetime`
			`# created_at :datetime not null`
			`# updated_at :datetime not null`
			`#`
			`# Indexes`
			`#`
			`# idx_user_passwords_on_user_id_and_expired_at_and_hash (user_id,password_expired_at,password_hash)`
			`# index_user_passwords_on_user_id (user_id) UNIQUE WHERE (password_expired_at IS NULL)`
			`# index_user_passwords_on_user_id_and_password_hash (user_id,password_hash) UNIQUE`
			`#`