mirror of
https://github.com/discourse/discourse.git
synced 2024-12-30 08:04:53 +08:00
e97ef7e9af
This commit adds the ability for site administrators to mark users' passwords as expired. Note that this commit does not add any client side interface to mark a user's password as expired. The following changes are introduced in this commit: 1. Adds a `user_passwords` table and `UserPassword` model. While the `user_passwords` table is currently used to only store expired passwords, it will be used in the future to store a user's current password as well. 2. Adds a `UserPasswordExpirer.expire_user_password` method which can be used from the Rails console to mark a user's password as expired. 3. Updates `SessionsController#create` to check that the user's current password has not been marked as expired after confirming the password. If the password is determined to be expired based on the existence of a `UserPassword` record with the `password_expired_at` column set, we will not log the user in and will display a password expired notice. A forgot password email is automatically send out to the user as well.
24 lines
785 B
Ruby
24 lines
785 B
Ruby
# frozen_string_literal: true
|
|
|
|
class CreateUserPasswords < ActiveRecord::Migration[7.0]
|
|
def change
|
|
create_table :user_passwords, id: :integer do |t|
|
|
t.integer :user_id, null: false
|
|
t.string :password_hash, limit: 64, null: false
|
|
t.string :password_salt, limit: 32, null: false
|
|
t.string :password_algorithm, limit: 64, null: false
|
|
t.datetime :password_expired_at, null: true
|
|
|
|
t.timestamps
|
|
end
|
|
|
|
add_index :user_passwords, %i[user_id], unique: true, where: "password_expired_at IS NULL"
|
|
|
|
add_index :user_passwords, %i[user_id password_hash], unique: true
|
|
|
|
add_index :user_passwords,
|
|
%i[user_id password_expired_at password_hash],
|
|
name: "idx_user_passwords_on_user_id_and_expired_at_and_hash"
|
|
end
|
|
end
|