diff --git a/.bumpversion.cfg b/.bumpversion.cfg index f27847d8f..6817204fd 100644 --- a/.bumpversion.cfg +++ b/.bumpversion.cfg @@ -37,6 +37,10 @@ values = [bumpversion:file:passbook/lib/__init__.py] +[bumpversion:file:passbook/hibp_policy/__init__.py] + +[bumpversion:file:passbook/password_expiry_policy/__init__.py] + [bumpversion:file:passbook/saml_idp/__init__.py] [bumpversion:file:passbook/audit/__init__.py] diff --git a/passbook/core/settings.py b/passbook/core/settings.py index 355b1e0b7..9f42352d6 100644 --- a/passbook/core/settings.py +++ b/passbook/core/settings.py @@ -75,6 +75,7 @@ INSTALLED_APPS = [ 'passbook.captcha_factor.apps.PassbookCaptchaFactorConfig', 'passbook.hibp_policy.apps.PassbookHIBPConfig', 'passbook.pretend.apps.PassbookPretendConfig', + 'passbook.password_expiry_policy.apps.PassbookPasswordExpiryPolicyConfig', ] # Message Tag fix for bootstrap CSS Classes diff --git a/passbook/hibp_policy/__init__.py b/passbook/hibp_policy/__init__.py index 46daba859..72217860b 100644 --- a/passbook/hibp_policy/__init__.py +++ b/passbook/hibp_policy/__init__.py @@ -1,2 +1,2 @@ """passbook hibp_policy""" -__version__ = '0.0.7-alpha' +__version__ = '0.1.1-beta' diff --git a/passbook/password_expiry_policy/__init__.py b/passbook/password_expiry_policy/__init__.py new file mode 100644 index 000000000..f0d53bad3 --- /dev/null +++ b/passbook/password_expiry_policy/__init__.py @@ -0,0 +1,2 @@ +"""passbook password_expiry""" +__version__ = '0.1.1-beta' diff --git a/passbook/password_expiry_policy/admin.py b/passbook/password_expiry_policy/admin.py new file mode 100644 index 000000000..67192491d --- /dev/null +++ b/passbook/password_expiry_policy/admin.py @@ -0,0 +1,5 @@ +"""Passbook password_expiry_policy Admin""" + +from passbook.lib.admin import admin_autoregister + +admin_autoregister('passbook_password_expiry_policy') diff --git a/passbook/password_expiry_policy/apps.py b/passbook/password_expiry_policy/apps.py new file mode 100644 index 000000000..c335659f9 --- /dev/null +++ b/passbook/password_expiry_policy/apps.py @@ -0,0 +1,11 @@ +"""Passbook password_expiry_policy app config""" + +from django.apps import AppConfig + + +class PassbookPasswordExpiryPolicyConfig(AppConfig): + """Passbook password_expiry_policy app config""" + + name = 'passbook.password_expiry_policy' + label = 'passbook_password_expiry_policy' + verbose_name = 'passbook Password Expiry Policy' diff --git a/passbook/password_expiry_policy/forms.py b/passbook/password_expiry_policy/forms.py new file mode 100644 index 000000000..cd957af0a --- /dev/null +++ b/passbook/password_expiry_policy/forms.py @@ -0,0 +1,24 @@ +"""passbook PasswordExpiry Policy forms""" + +from django import forms +from django.utils.translation import gettext as _ + +from passbook.core.forms.policies import GENERAL_FIELDS +from passbook.password_expiry_policy.models import PasswordExpiryPolicy + + +class PasswordExpiryPolicyForm(forms.ModelForm): + """Edit PasswordExpiryPolicy instances""" + + class Meta: + + model = PasswordExpiryPolicy + fields = GENERAL_FIELDS + ['days', 'deny_only'] + widgets = { + 'name': forms.TextInput(), + 'order': forms.NumberInput(), + 'days': forms.NumberInput(), + } + labels = { + 'deny_only': _("Only fail the policy, don't set user's password.") + } diff --git a/passbook/password_expiry_policy/migrations/0001_initial.py b/passbook/password_expiry_policy/migrations/0001_initial.py new file mode 100644 index 000000000..50f28fe06 --- /dev/null +++ b/passbook/password_expiry_policy/migrations/0001_initial.py @@ -0,0 +1,29 @@ +# Generated by Django 2.1.7 on 2019-03-03 13:46 + +import django.db.models.deletion +from django.db import migrations, models + + +class Migration(migrations.Migration): + + initial = True + + dependencies = [ + ('passbook_core', '0016_auto_20190227_1355'), + ] + + operations = [ + migrations.CreateModel( + name='PasswordExpiryPolicy', + fields=[ + ('policy_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Policy')), + ('deny_only', models.BooleanField(default=False)), + ('days', models.IntegerField()), + ], + options={ + 'verbose_name': 'Password Expiry Policy', + 'verbose_name_plural': 'Password Expiry Policies', + }, + bases=('passbook_core.policy',), + ), + ] diff --git a/passbook/password_expiry_policy/migrations/__init__.py b/passbook/password_expiry_policy/migrations/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/passbook/password_expiry_policy/models.py b/passbook/password_expiry_policy/models.py new file mode 100644 index 000000000..f4f406dd4 --- /dev/null +++ b/passbook/password_expiry_policy/models.py @@ -0,0 +1,40 @@ +"""passbook password_expiry_policy Models""" +from datetime import timedelta +from logging import getLogger + +from django.db import models +from django.utils.timezone import now +from django.utils.translation import gettext as _ + +from passbook.core.models import Policy, User + +LOGGER = getLogger(__name__) + + +class PasswordExpiryPolicy(Policy): + """If password change date is more than x days in the past, call set_unusable_password + and show a notice""" + + deny_only = models.BooleanField(default=False) + days = models.IntegerField() + + form = 'passbook.password_expiry_policy.forms.PasswordExpiryPolicyForm' + + def passes(self, user: User) -> bool: + """If password change date is more than x days in the past, call set_unusable_password + and show a notice""" + actual_days = (now() - user.password_change_date).days + days_since_expiry = now() - (user.password_change_date + timedelta(days=self.days)).days + if actual_days >= self.days: + if not self.deny_only: + user.set_unusable_password() + user.save() + return False, _('Password expired %(days)d days ago. Please update your password.' % { + 'days': days_since_expiry + }) + return False, _('Password has expired.') + + class Meta: + + verbose_name = _('Password Expiry Policy') + verbose_name_plural = _('Password Expiry Policies')