Commit 2e8c2ad1 authored by Xiaowu Zhang's avatar Xiaowu Zhang

erp5_authentication_policy: force user to change password if not yet do

See merge request nexedi/erp5!1196
parents e2f46ae8 6a44a135
......@@ -25,6 +25,13 @@ if password_event_list:
password_lifetime_expire_warning_duration = portal_preferences.getPreferredPasswordLifetimeExpireWarningDuration()
if password_lifetime_expire_warning_duration and now > expire_date - password_lifetime_expire_warning_duration * ONE_HOUR:
expire_date_warning = expire_date
else:
# No Password Event found means user doesn't yet change password
# Force user to change it if authentication policy is configured
if portal.portal_preferences.getPreferredMaxPasswordLifetimeDuration() is not None:
if context.getPassword():
is_password_expired = True
request = portal.REQUEST
request.set('is_user_account_password_expired', is_password_expired)
request.set('is_user_account_password_expired_expire_date', expire_date_warning)
......
......@@ -132,6 +132,7 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
reference=username,
password=password)
login.validate()
self.tic()
return person
def test_BlockLogin(self):
......@@ -545,14 +546,32 @@ class TestAuthenticationPolicy(ERP5TypeTestCase):
self.assertTrue(portal.portal_preferences.isAuthenticationPolicyEnabled())
preference = portal.portal_catalog.getResultValue(portal_type = 'System Preference',
title = 'Authentication',)
preference.setPreferredMaxPasswordLifetimeDuration(24)
# No password event will be created for such configuration
preference.setPreferredNumberOfLastPasswordToCheck(0)
preference.setPreferredMaxPasswordLifetimeDuration(None)
self.tic()
self._clearCache()
person = self.createUser('test-04',
password='used_ALREADY_1234')
login = person.objectValues(portal_type='ERP5 Login')[0]
self.assertEqual(login.getDestinationRelatedValue(portal_type='Password Event'), None)
self.assertFalse(login.isPasswordExpired())
self.assertFalse(request['is_user_account_password_expired'])
# password is expired if no passwor event
preference.setPreferredMaxPasswordLifetimeDuration(24)
self.tic()
self._clearCache()
self.assertEqual(login.getDestinationRelatedValue(portal_type='Password Event'), None)
self.assertTrue(login.isPasswordExpired())
self.assertTrue(request['is_user_account_password_expired'])
# now set password to trigger password event creation
login.setPassword('used_ALREADY_1234')
self.tic()
self._clearCache()
self.assertTrue(login.getDestinationRelatedValue(portal_type='Password Event') is not None)
self.assertFalse(login.isPasswordExpired())
self.assertFalse(request['is_user_account_password_expired'])
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment