Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Purpose

...

Must be controlled by regular expression: ^(?=.*[a-z][а-яёїієґ])(?=.*[A-ZА-ЯЁЇIЄҐ])(?=.*\d){12}


  1. Validate upper, lowercase letter and numbers

...

  • Add to mithril.users password_expiresset_at = now()+config.password_lifetime

2. Save passwords history

When $.decrypted_hash<>mihril.users.password (the user set up a new password)  -  add the row to mithril.user_passwords_history

Destination
Source
Description
id
Autogenerated
user_id$.user_idExtract user from token
password$.decrypted_hash
inserted_atTimestamp: now()Get current date-time

3. Not allow to use recently used passwords

...

Code Block
languageerl
{:error, [{%{
        description: "This password has been used recently. Try another one",
        params: [],
        rule: :invalid
      }, "$.password"}]}

4

...

.

...

  • show message 'Your passwords expires soon. Please, change it to the new one.'

...

Expire Passwords

Fetch Once a day fetch all records from mithril.users where now()>=mithril.users.password_expiresset_at+config.password_lifetime

  • set expires_at=now() for all tokens where tokens.user_id=$user.id (--and tokens.name='refresh_token')don

Don't send access_token in response on {{host}}/oauth/tokens  until the password will be changed. Show the message Error 401 "The password

...

expired".