Documentation for Password Expiration Feature¶ ↑
The password expiration feature requires that users change their password on login if it has expired (default: every 90 days). You can force password expiration checks for all logged in users by adding the following code to your route block:
rodauth.require_current_password
Additionally, you can set a minimum amount of time after a password is changed until it can be changed again. By default this is not enabled, but it can be enabled by setting allow_password_change_after
to a positive number of seconds.
It is not recommended to use this feature unless you have a policy that requires it, as password expiration in general results in users chosing weaker passwords. When asked to change their password, many users choose a password that is based on their previous password, so forcing password expiration is in general a net loss from a security perspective.
Auth Value Methods¶ ↑
- allow_password_change_after
-
How long in seconds after the last password change until another password change is allowed (always allowed by default).
- password_change_needed_redirect
-
Where to redirect if a password needs to be changed.
- password_changed_at_session_key
-
The key in the session storing the timestamp the password was changed at.
- password_expiration_changed_at_column
-
The column in the
password_expiration_table
containing the timestamp - password_expiration_default
-
If the last password change time for an account cannot be determined, whether to consider the account expired, false by default.
- password_expiration_error_flash
-
The flash error to display when the account’s password has expired and needs to be changed.
- password_expiration_id_column
-
The column in the
password_expiration_table
containing the account’s id. - password_expiration_table
-
The table holding the password last changed timestamps.
- password_not_changeable_yet_error_flash
-
The flash error to display when not enough time has elapsed since the last password change and an attempt is made to change the password.
- password_not_changeable_yet_redirect
-
Where to redirect if the password cannot be changed yet.
- require_password_change_after
-
How long in seconds until a password change is required (90 days by default).
Auth Methods¶ ↑
- password_expired?
-
Whether the password has expired for the related account.
- update_password_changed_at
-
Update the password last changed timestamp for the current account.