Feature #19458 » 0001-Allow-to-specify-maximum-password-age.patch
| app/models/user.rb | ||
|---|---|---|
| 323 | 323 |
return auth_source.allow_password_changes? |
| 324 | 324 |
end |
| 325 | 325 | |
| 326 |
def password_expired? |
|
| 327 |
changed_on = self.passwd_changed_on || Time.at(0) |
|
| 328 |
period = Setting.password_max_age.to_i |
|
| 329 | ||
| 330 |
if period.zero? |
|
| 331 |
false |
|
| 332 |
else |
|
| 333 |
changed_on < period.days.ago |
|
| 334 |
end |
|
| 335 |
end |
|
| 336 | ||
| 326 | 337 |
def must_change_password? |
| 327 |
must_change_passwd? && change_password_allowed?
|
|
| 338 |
(must_change_passwd? || password_expired?) && change_password_allowed?
|
|
| 328 | 339 |
end |
| 329 | 340 | |
| 330 | 341 |
def generate_password? |
| app/views/my/password.html.erb | ||
|---|---|---|
| 17 | 17 |
<%= submit_tag l(:button_apply) %> |
| 18 | 18 |
<% end %> |
| 19 | 19 | |
| 20 |
<% unless @user.must_change_passwd? %> |
|
| 20 |
<% unless @user.must_change_passwd? || @user.password_expired? %>
|
|
| 21 | 21 |
<% content_for :sidebar do %> |
| 22 | 22 |
<%= render :partial => 'sidebar' %> |
| 23 | 23 |
<% end %> |
| app/views/settings/_authentication.html.erb | ||
|---|---|---|
| 14 | 14 | |
| 15 | 15 |
<p><%= setting_text_field :password_min_length, :size => 6 %></p> |
| 16 | 16 | |
| 17 |
<p> |
|
| 18 |
<%= setting_select :password_max_age, [[l(:label_disabled), 0]] + [7, 30, 60, 90, 180, 365].collect{|days| [l('datetime.distance_in_words.x_days', :count => days), days.to_s]} %>
|
|
| 19 |
</p> |
|
| 20 | ||
| 17 | 21 |
<p><%= setting_check_box :lost_password, :label => :label_password_lost %></p> |
| 18 | 22 | |
| 19 | 23 |
<p><%= setting_text_field :max_additional_emails, :size => 6 %></p> |
| config/locales/de.yml | ||
|---|---|---|
| 1026 | 1026 |
setting_non_working_week_days: Arbeitsfreie Tage |
| 1027 | 1027 |
setting_openid: Erlaube OpenID-Anmeldung und -Registrierung |
| 1028 | 1028 |
setting_password_min_length: Mindestlänge des Kennworts |
| 1029 |
setting_password_max_age: Erzwinge Passwortwechsel nach |
|
| 1029 | 1030 |
setting_per_page_options: Objekte pro Seite |
| 1030 | 1031 |
setting_plain_text_mail: Nur reinen Text (kein HTML) senden |
| 1031 | 1032 |
setting_protocol: Protokoll |
| config/locales/en.yml | ||
|---|---|---|
| 386 | 386 |
setting_file_max_size_displayed: Maximum size of text files displayed inline |
| 387 | 387 |
setting_repository_log_display_limit: Maximum number of revisions displayed on file log |
| 388 | 388 |
setting_openid: Allow OpenID login and registration |
| 389 |
setting_password_max_age: Require password change after |
|
| 389 | 390 |
setting_password_min_length: Minimum password length |
| 390 | 391 |
setting_new_project_user_role_id: Role given to a non-admin user who creates a project |
| 391 | 392 |
setting_default_projects_modules: Default enabled modules for new projects |
| config/settings.yml | ||
|---|---|---|
| 36 | 36 |
password_min_length: |
| 37 | 37 |
format: int |
| 38 | 38 |
default: 8 |
| 39 |
# Maximum password age in days |
|
| 40 |
password_max_age: |
|
| 41 |
format: int |
|
| 42 |
default: 0 |
|
| 39 | 43 |
# Maximum number of additional email addresses per user |
| 40 | 44 |
max_additional_emails: |
| 41 | 45 |
format: int |
| test/integration/account_test.rb | ||
|---|---|---|
| 150 | 150 |
assert_equal false, User.find_by_login('jsmith').must_change_passwd?
|
| 151 | 151 |
end |
| 152 | 152 | |
| 153 |
def test_user_with_expired_password_should_be_forced_to_change_its_password |
|
| 154 |
User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago
|
|
| 155 | ||
| 156 |
with_settings :password_max_age => 7 do |
|
| 157 |
post '/login', :username => 'jsmith', :password => 'jsmith' |
|
| 158 |
assert_redirected_to '/my/page' |
|
| 159 |
follow_redirect! |
|
| 160 |
assert_redirected_to '/my/password' |
|
| 161 | ||
| 162 |
get '/issues' |
|
| 163 |
assert_redirected_to '/my/password' |
|
| 164 |
end |
|
| 165 |
end |
|
| 166 | ||
| 167 |
def test_user_with_expired_password_should_be_able_to_change_its_password |
|
| 168 |
User.find_by_login('jsmith').update_attribute :passwd_changed_on, 14.days.ago
|
|
| 169 | ||
| 170 |
with_settings :password_max_age => 7 do |
|
| 171 |
post '/login', :username => 'jsmith', :password => 'jsmith' |
|
| 172 |
assert_redirected_to '/my/page' |
|
| 173 |
follow_redirect! |
|
| 174 |
assert_redirected_to '/my/password' |
|
| 175 |
follow_redirect! |
|
| 176 |
assert_response :success |
|
| 177 |
post '/my/password', :password => 'jsmith', :new_password => 'newpassword', :new_password_confirmation => 'newpassword' |
|
| 178 |
assert_redirected_to '/my/account' |
|
| 179 |
follow_redirect! |
|
| 180 |
assert_response :success |
|
| 181 | ||
| 182 |
assert_equal false, User.find_by_login('jsmith').must_change_passwd?
|
|
| 183 |
end |
|
| 184 | ||
| 185 |
end |
|
| 186 | ||
| 153 | 187 |
def test_register_with_automatic_activation |
| 154 | 188 |
Setting.self_registration = '3' |
| 155 | 189 | |
