github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-26 06:13:38 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
081b00391e
discourse/app/models/user_password.rb
Alan Guo Xiang Tan e97ef7e9af
FEATURE: Allow site admin to mark a user's password as expired (#27314) 
This commit adds the ability for site administrators to mark users'
passwords as expired. Note that this commit does not add any client side
interface to mark a user's password as expired.

The following changes are introduced in this commit:

1. Adds a `user_passwords` table and `UserPassword` model. While the
   `user_passwords` table is currently used to only store expired
   passwords, it will be used in the future to store a user's current
   password as well.

2. Adds a `UserPasswordExpirer.expire_user_password` method which can
   be used from the Rails console to mark a user's password as expired.

3. Updates `SessionsController#create` to check that the user's current
   password has not been marked as expired after confirming the
   password. If the password is determined to be expired based on the
   existence of a `UserPassword` record with the `password_expired_at`
   column set, we will not log the user in and will display a password
   expired notice. A forgot password email is automatically send out to
   the user as well.
2024-06-04 15:42:53 +08:00

38 lines
1.3 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
class UserPassword < ActiveRecord::Base
validates :user_id, presence: true
validates :user_id,
uniqueness: {
scope: :password_expired_at,
},
if: -> { password_expired_at.nil? }
validates :password_hash, presence: true, length: { is: 64 }, uniqueness: { scope: :user_id }
validates :password_salt, presence: true, length: { is: 32 }
validates :password_algorithm, presence: true, length: { maximum: 64 }
belongs_to :user
end
# == Schema Information
#
# Table name: user_passwords
#
# id :integer not null, primary key
# user_id :integer not null
# password_hash :string(64) not null
# password_salt :string(32) not null
# password_algorithm :string(64) not null
# password_expired_at :datetime
# created_at :datetime not null
# updated_at :datetime not null
#
# Indexes
#
# idx_user_passwords_on_user_id_and_expired_at_and_hash (user_id,password_expired_at,password_hash)
# index_user_passwords_on_user_id (user_id) UNIQUE WHERE (password_expired_at IS NULL)
# index_user_passwords_on_user_id_and_password_hash (user_id,password_hash) UNIQUE
#
Reference in New Issue View Git Blame Copy Permalink