Commit a31eab5f authored by Xiaowu Zhang's avatar Xiaowu Zhang

erp5_authentication_policy: force user to change password if not yet do

parent f5f322a5
...@@ -25,6 +25,13 @@ if password_event_list: ...@@ -25,6 +25,13 @@ if password_event_list:
password_lifetime_expire_warning_duration = portal_preferences.getPreferredPasswordLifetimeExpireWarningDuration() password_lifetime_expire_warning_duration = portal_preferences.getPreferredPasswordLifetimeExpireWarningDuration()
if password_lifetime_expire_warning_duration and now > expire_date - password_lifetime_expire_warning_duration * ONE_HOUR: if password_lifetime_expire_warning_duration and now > expire_date - password_lifetime_expire_warning_duration * ONE_HOUR:
expire_date_warning = expire_date expire_date_warning = expire_date
else:
# No Password Event found means user doesn't yet change password
# Force user to change it if authentication policy is configured
if portal.portal_preferences.getPreferredMaxPasswordLifetimeDuration() is not None:
if context.getPassword():
is_password_expired = True
request = portal.REQUEST request = portal.REQUEST
request.set('is_user_account_password_expired', is_password_expired) request.set('is_user_account_password_expired', is_password_expired)
request.set('is_user_account_password_expired_expire_date', expire_date_warning) request.set('is_user_account_password_expired_expire_date', expire_date_warning)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment