Skip to content

Add Password Expiration feature#535

Open
merhard wants to merge 15 commits into
NoamB:masterfrom
merhard:master
Open

Add Password Expiration feature#535
merhard wants to merge 15 commits into
NoamB:masterfrom
merhard:master

Conversation

@merhard

@merhard merhard commented Apr 22, 2014

Copy link
Copy Markdown

This is code to add a submodule for easier Password Expiration, a security concern requiring app users to periodically change their password.

The submodule API adds:

# password expiration
require_valid_password # this is a before filter
@user.password_expired?
@user.expire_password!
@user.update_password!(password_params)

Thoughts?

@arnvald

arnvald commented Apr 23, 2014

Copy link
Copy Markdown
Collaborator

Hey @merhard,

thanks for contributing to Sorcery! 💛

As we're now in process of rewriting some parts of the library, I'm not sure if this code should be part of the core gem or it should be maintained as separate plugin. Anyway, I'll review the code and let you know if I have any questions, and when we decide about the infrastructure of the future gem version, I'll let you know.

@gthorsen

Copy link
Copy Markdown

What is the status of this? This would be a great feature for enterprise apps. :)

@joshbuker joshbuker left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rails 3 has been deprecated for the upcoming Sorcery version. Can this be updated to support Rails 4 & 5?

@merhard

merhard commented Sep 20, 2016

Copy link
Copy Markdown
Author

This code seems Rails agnostic and should be usable on all 3 versions (Rails 3, 4, and 5). I would be willing to update this pull request for the current Sorcery code base if there is interest

@joshbuker

Copy link
Copy Markdown
Contributor

Ah, I saw references to rails_3 which is what concerned me. Currently Sorcery is in the middle of transitioning to a new maintainer, so it might be a little while before the code can be fully merged in. I think this would definitely be a useful submodule however, so if you want to update the PR it would be appreciated.

@maysam

maysam commented Sep 17, 2021

Copy link
Copy Markdown

please resolve the conflict 👯

@joshbuker

Copy link
Copy Markdown
Contributor

Please open a new PR in Sorcery/sorcery, per README this one is deprecated.

@joshbuker

joshbuker commented Sep 20, 2021

Copy link
Copy Markdown
Contributor

Also @maysam, per updated NIST guidelines, periodic password expiration is no longer a recommended best practice. This proposed plugin/submodule should no longer be of benefit.

Please see: https://pages.nist.gov/800-63-FAQ/#q-b05

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

8 participants