discourse/lib/validators
Alan Guo Xiang Tan e97ef7e9af
FEATURE: Allow site admin to mark a user's password as expired (#27314)
This commit adds the ability for site administrators to mark users'
passwords as expired. Note that this commit does not add any client side
interface to mark a user's password as expired.

The following changes are introduced in this commit:

1. Adds a `user_passwords` table and `UserPassword` model. While the
   `user_passwords` table is currently used to only store expired
   passwords, it will be used in the future to store a user's current
   password as well.

2. Adds a `UserPasswordExpirer.expire_user_password` method which can
   be used from the Rails console to mark a user's password as expired.

3. Updates `SessionsController#create` to check that the user's current
   password has not been marked as expired after confirming the
   password. If the password is determined to be expired based on the
   existence of a `UserPassword` record with the `password_expired_at`
   column set, we will not log the user in and will display a password
   expired notice. A forgot password email is automatically send out to
   the user as well.
2024-06-04 15:42:53 +08:00
..
allow_user_locale_enabled_validator.rb
allowed_ip_address_validator.rb
alternative_reply_by_email_addresses_validator.rb
at_least_one_group_validator.rb
categories_topics_validator.rb
category_search_priority_weights_validator.rb
censored_words_validator.rb
color_list_validator.rb
css_color_validator.rb
default_composer_category_validator.rb
delete_rejected_email_after_days_validator.rb
email_address_validator.rb
email_setting_validator.rb
email_validator.rb
enable_local_logins_via_email_validator.rb
enable_private_email_messages_validator.rb
enable_sso_validator.rb
external_system_avatars_validator.rb
form_template_yaml_validator.rb DEV: Update to lastest rubocop-discourse 2024-05-27 18:06:14 +02:00
google_oauth2_hd_groups_validator.rb
group_setting_validator.rb
host_list_setting_validator.rb
integer_setting_validator.rb
ip_address_format_validator.rb
linkedin_oidc_credentials_validator.rb
markdown_linkify_tlds_validator.rb
markdown_typographer_quotation_marks_validator.rb
max_emojis_validator.rb
max_username_length_validator.rb
min_username_length_validator.rb
not_username_validator.rb
password_validator.rb FEATURE: Allow site admin to mark a user's password as expired (#27314) 2024-06-04 15:42:53 +08:00
pop3_polling_enabled_setting_validator.rb
post_validator.rb DEV: Update to lastest rubocop-discourse 2024-05-27 18:06:14 +02:00
quality_title_validator.rb
regex_presence_validator.rb
regex_setting_validation.rb
regex_setting_validator.rb
regexp_list_validator.rb
reply_by_email_address_validator.rb
reply_by_email_enabled_validator.rb
search_ranking_weights_validator.rb
search_tokenize_chinese_validator.rb
search_tokenize_japanese_validator.rb
selectable_avatars_mode_validator.rb
sso_overrides_email_validator.rb
string_setting_validator.rb
stripped_length_validator.rb PERF: bail out of expensive post validations 2024-05-07 18:56:16 +02:00
summarization_validator.rb
timezone_validator.rb
topic_title_length_validator.rb
unicode_username_allowlist_validator.rb
unicode_username_validator.rb
unique_among_validator.rb
upload_validator.rb DEV: Update to lastest rubocop-discourse 2024-05-27 18:06:14 +02:00
url_validator.rb
user_full_name_validator.rb
username_setting_validator.rb
watched_words_validator.rb