Commit 06f72fdf authored by Rafael Monnerat's avatar Rafael Monnerat

slapos_erp5: Implement quick password expiration

    It add a script to be custom on project site, if you have short term users, that requires short password expiration timing.
parent b1047cb1
Pipeline #18350 failed with stage
in 0 seconds
"""
Returns the list of logins that will expire in 24 hours.
This is used for mantain superusers accounts in auto expiration mode.
"""
return []
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Login_getFastExpirationReferenceList</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
"""
Returns if user account is Person's password is expired.
Start password recovery process for expired password (if configured).
This script was introduce to expire superusers passwords faster,
requiring them to reset it for using it. This allow us keep them
with a reasonably easy access w/o require to reccur to zope password
while debug or update code on production.
The second reason is to overcome certain security restrictions when
search Password events.
"""
portal = context.getPortalObject()
is_password_expired = False
expire_date_warning = 0
password_event_list = context.Login_unrestrictedSearchPasswordEvent()
quick_expiration_login_list = context.Login_getFastExpirationReferenceList()
if password_event_list:
ONE_HOUR = 1 / 24.0
portal_preferences = portal.portal_preferences
expire_date = password_event_list[0].creation_date + portal_preferences.getPreferredMaxPasswordLifetimeDuration() * ONE_HOUR
if context.getReference() in quick_expiration_login_list:
# Expire the superusers every 24 hours maximum
expire_date = password_event_list[0].creation_date + 24 * ONE_HOUR
else:
expire_date = password_event_list[0].creation_date + portal_preferences.getPreferredMaxPasswordLifetimeDuration() * ONE_HOUR
now = DateTime()
if expire_date < now:
# password is expired
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment