Table of Contents |
---|
Purpose
...
Must be controlled by regular expression: ^(?=.*[a-zа-яёїієґ])(?=.*[A-ZА-ЯЁЇIЄҐ])(?=.*\d){12}
- Validate upper, lowercase letter and numbers
...
- Add to mithril.users password_expiresset_at = now()+config.password_lifetime
2. Save passwords history
When $.decrypted_hash<>mihril.users.password (the user set up a new password) - add the row to mithril.user_passwords_history
Destination | Source | Description |
---|---|---|
id | Autogenerated | |
user_id | $.user_id | Extract user from token |
password | $.decrypted_hash | |
inserted_at | Timestamp: now() | Get current date-time |
3. Not allow to use recently used passwords
...
Code Block | ||
---|---|---|
| ||
{:error, [{%{ description: "This password has been used recently. Try another one", params: [], rule: :invalid }, "$.password"}]} |
4.
...
- Each time when user login into system check condition:
- now()<=mithril.users.password_expires_at-config.password_to_change
- if condition=false
- show message 'Your passwords expires soon. Please, change it to the new one.'
...
Expire Passwords
Fetch Once a day fetch all records from mithril.users where now()>=mithril.users.password_expiresset_at+config.password_lifetime
- set expires_at=now() for all tokens where tokens.user_id=$user.id (--and tokens.name='refresh_token')don
Don't send access_token in response on {{host}}/
oauth/tokens until the password will be changed. Show the message Error 401 "The password
...
expired".