authentik/passbook/policies/expiry/models.py

62 lines
2.1 KiB
Python
Raw Normal View History

2019-03-03 16:12:05 +00:00
"""passbook password_expiry_policy Models"""
from datetime import timedelta
from typing import Type
2019-03-03 16:12:05 +00:00
from django.db import models
from django.forms import ModelForm
2019-03-03 16:12:05 +00:00
from django.utils.timezone import now
from django.utils.translation import gettext as _
from rest_framework.serializers import BaseSerializer
2019-10-01 09:24:10 +01:00
from structlog import get_logger
2019-03-03 16:12:05 +00:00
from passbook.policies.models import Policy
from passbook.policies.types import PolicyRequest, PolicyResult
2019-03-03 16:12:05 +00:00
LOGGER = get_logger()
2019-03-03 16:12:05 +00:00
class PasswordExpiryPolicy(Policy):
"""If password change date is more than x days in the past, invalidate the user's password
2019-03-03 16:12:05 +00:00
and show a notice"""
deny_only = models.BooleanField(default=False)
days = models.IntegerField()
@property
def serializer(self) -> BaseSerializer:
from passbook.policies.expiry.api import PasswordExpiryPolicySerializer
return PasswordExpiryPolicySerializer
def form(self) -> Type[ModelForm]:
from passbook.policies.expiry.forms import PasswordExpiryPolicyForm
return PasswordExpiryPolicyForm
2019-03-03 16:12:05 +00:00
def passes(self, request: PolicyRequest) -> PolicyResult:
2019-03-03 16:12:05 +00:00
"""If password change date is more than x days in the past, call set_unusable_password
and show a notice"""
actual_days = (now() - request.user.password_change_date).days
2019-12-31 11:51:16 +00:00
days_since_expiry = (
now() - (request.user.password_change_date + timedelta(days=self.days))
).days
2019-03-03 16:12:05 +00:00
if actual_days >= self.days:
if not self.deny_only:
request.user.set_unusable_password()
request.user.save()
2019-12-31 11:51:16 +00:00
message = _(
(
"Password expired %(days)d days ago. "
"Please update your password."
)
% {"days": days_since_expiry}
)
return PolicyResult(False, message)
2019-12-31 11:51:16 +00:00
return PolicyResult(False, _("Password has expired."))
return PolicyResult(True)
2019-03-03 16:12:05 +00:00
class Meta:
2019-12-31 11:51:16 +00:00
verbose_name = _("Password Expiry Policy")
verbose_name_plural = _("Password Expiry Policies")