authentik.policies.expiry.models
authentik password_expiry_policy Models
1"""authentik password_expiry_policy Models""" 2 3from datetime import timedelta 4 5from django.db import models 6from django.utils.timezone import now 7from django.utils.translation import gettext as _ 8from rest_framework.serializers import BaseSerializer 9from structlog.stdlib import get_logger 10 11from authentik.policies.models import Policy 12from authentik.policies.types import PolicyRequest, PolicyResult 13 14LOGGER = get_logger() 15 16 17class PasswordExpiryPolicy(Policy): 18 """If password change date is more than x days in the past, invalidate the user's password 19 and show a notice""" 20 21 deny_only = models.BooleanField(default=False) 22 days = models.IntegerField() 23 24 @property 25 def serializer(self) -> type[BaseSerializer]: 26 from authentik.policies.expiry.api import PasswordExpiryPolicySerializer 27 28 return PasswordExpiryPolicySerializer 29 30 @property 31 def component(self) -> str: 32 return "ak-policy-password-expiry-form" 33 34 def passes(self, request: PolicyRequest) -> PolicyResult: 35 """If password change date is more than x days in the past, call set_unusable_password 36 and show a notice""" 37 actual_days = (now() - request.user.password_change_date).days 38 days_since_expiry = ( 39 now() - (request.user.password_change_date + timedelta(days=self.days)) 40 ).days 41 if actual_days >= self.days: 42 if not self.deny_only: 43 request.user.set_unusable_password() 44 request.user.save() 45 message = _( 46 "Password expired {days} days ago. Please update your password.".format( 47 days=days_since_expiry 48 ) 49 ) 50 return PolicyResult(False, message) 51 return PolicyResult(False, _("Password has expired.")) 52 return PolicyResult(True) 53 54 class Meta(Policy.PolicyMeta): 55 verbose_name = _("Password Expiry Policy") 56 verbose_name_plural = _("Password Expiry Policies")
LOGGER =
<BoundLoggerLazyProxy(logger=None, wrapper_class=None, processors=None, context_class=None, initial_values={}, logger_factory_args=())>
18class PasswordExpiryPolicy(Policy): 19 """If password change date is more than x days in the past, invalidate the user's password 20 and show a notice""" 21 22 deny_only = models.BooleanField(default=False) 23 days = models.IntegerField() 24 25 @property 26 def serializer(self) -> type[BaseSerializer]: 27 from authentik.policies.expiry.api import PasswordExpiryPolicySerializer 28 29 return PasswordExpiryPolicySerializer 30 31 @property 32 def component(self) -> str: 33 return "ak-policy-password-expiry-form" 34 35 def passes(self, request: PolicyRequest) -> PolicyResult: 36 """If password change date is more than x days in the past, call set_unusable_password 37 and show a notice""" 38 actual_days = (now() - request.user.password_change_date).days 39 days_since_expiry = ( 40 now() - (request.user.password_change_date + timedelta(days=self.days)) 41 ).days 42 if actual_days >= self.days: 43 if not self.deny_only: 44 request.user.set_unusable_password() 45 request.user.save() 46 message = _( 47 "Password expired {days} days ago. Please update your password.".format( 48 days=days_since_expiry 49 ) 50 ) 51 return PolicyResult(False, message) 52 return PolicyResult(False, _("Password has expired.")) 53 return PolicyResult(True) 54 55 class Meta(Policy.PolicyMeta): 56 verbose_name = _("Password Expiry Policy") 57 verbose_name_plural = _("Password Expiry Policies")
If password change date is more than x days in the past, invalidate the user's password and show a notice
def
deny_only(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
def
days(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
serializer: type[rest_framework.serializers.BaseSerializer]
25 @property 26 def serializer(self) -> type[BaseSerializer]: 27 from authentik.policies.expiry.api import PasswordExpiryPolicySerializer 28 29 return PasswordExpiryPolicySerializer
Get serializer for this model
def
passes( self, request: authentik.policies.types.PolicyRequest) -> authentik.policies.types.PolicyResult:
35 def passes(self, request: PolicyRequest) -> PolicyResult: 36 """If password change date is more than x days in the past, call set_unusable_password 37 and show a notice""" 38 actual_days = (now() - request.user.password_change_date).days 39 days_since_expiry = ( 40 now() - (request.user.password_change_date + timedelta(days=self.days)) 41 ).days 42 if actual_days >= self.days: 43 if not self.deny_only: 44 request.user.set_unusable_password() 45 request.user.save() 46 message = _( 47 "Password expired {days} days ago. Please update your password.".format( 48 days=days_since_expiry 49 ) 50 ) 51 return PolicyResult(False, message) 52 return PolicyResult(False, _("Password has expired.")) 53 return PolicyResult(True)
If password change date is more than x days in the past, call set_unusable_password and show a notice
policy_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
Inherited Members
- authentik.policies.models.Policy
- policy_uuid
- name
- execution_logging
- objects
- PolicyMeta
- created
- last_updated
- get_next_by_created
- get_previous_by_created
- get_next_by_last_updated
- get_previous_by_last_updated
- bindings
- dummypolicy
- eventmatcherpolicy
- passwordexpirypolicy
- reputationpolicy
- expressionpolicy
- geoippolicy
- promptstage_set
- passwordpolicy
- uniquepasswordpolicy
The requested object does not exist
class
PasswordExpiryPolicy.MultipleObjectsReturned(authentik.policies.models.Policy.MultipleObjectsReturned):
The query returned multiple objects when only one was expected.