16👍
✅
You seem on the right track. Set the date of the last password updated, check if the timedelta is greater than 30 days, if so redirect to the change password page. Your Login view should essentially stay the same except don’t actually login the user to the request object if the timedelta is greater than 30 days.
from datetime import date, timedelta
from django.contrib.auth import authenticate, login
def my_view(request):
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
if date.today() - user.password_date > timedelta(days=30):
# Redirect to password change page
else:
login(request, user)
# Redirect to a success page.
else:
# Return a 'disabled account' error message
else:
# Return an 'invalid login' error message.
0👍
Well, there is django-passwords-policies-iplweb, https://github.com/iplweb/django-password-policies-iplweb, which is a friendly maitained fork of http://tarak.github.io/django-password-policies/ , which is currently not maintained.
👤dotz
- Django STATIC_URL is not working
- Sending a message to a single user using django-channels
- How do I update an already existing row when using ModelForms?
- Django update one field using ModelForm
- Ruby on Rails vs. Django
Source:stackexchange.com