diff options
author | jlopezgu <juan.pablo.lopez.gutierrez@intel.com> | 2016-09-13 14:37:09 -0500 |
---|---|---|
committer | Juan Pablo lopez Gutierrez <juan.pablo.lopez.gutierrez@intel.com> | 2017-02-15 20:57:30 +0000 |
commit | d0a4f14fbb97fac4b8c04bfd3d9fe26a5354b5b1 (patch) | |
tree | 10af8fca2e96754de580dd095ec1c0abc9d2b543 /openstack_auth | |
parent | 9c02a16322f6c9ee0673f1d9aa173245858d6cca (diff) | |
download | django_openstack_auth-d0a4f14fbb97fac4b8c04bfd3d9fe26a5354b5b1.tar.gz |
Implement expiration date alert message
A new attribute was added to keystone user response, that will allow
us to warn users if their passwords are about to expire.
This will be configured in the local_settings.py file
Implements blueprint: password-expires-validation
Change-Id: Id66aa1c9596f8db8d07f63f3feb5166cb723a8e1
Diffstat (limited to 'openstack_auth')
-rw-r--r-- | openstack_auth/user.py | 32 | ||||
-rw-r--r-- | openstack_auth/views.py | 10 |
2 files changed, 37 insertions, 5 deletions
diff --git a/openstack_auth/user.py b/openstack_auth/user.py index dce6ad9..06debc6 100644 --- a/openstack_auth/user.py +++ b/openstack_auth/user.py @@ -11,6 +11,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +import datetime import hashlib import logging @@ -47,6 +48,7 @@ def create_user_from_token(request, token, endpoint, services_region=None): return User(id=token.user['id'], token=token, user=token.user['name'], + password_expires_at=token.user['password_expires_at'], user_domain_id=token.user_domain_id, # We need to consider already logged-in users with an old # version of Token without user_domain_name. @@ -76,9 +78,11 @@ class Token(object): """ def __init__(self, auth_ref, unscoped_token=None): # User-related attributes - user = {} - user['id'] = auth_ref.user_id - user['name'] = auth_ref.username + user = {'id': auth_ref.user_id, 'name': auth_ref.username} + data = getattr(auth_ref, '_data', {}) + expiration_date = data.get('token', {}).get('user', {})\ + .get('password_expires_at') + user['password_expires_at'] = expiration_date self.user = user self.user_domain_id = auth_ref.user_domain_id self.user_domain_name = auth_ref.user_domain_name @@ -195,6 +199,11 @@ class User(models.AbstractBaseUser, models.AnonymousUser): Unscoped Keystone token. + .. attribute:: password_expires_at + + Password expiration date. This attribute could be None when using + keystone version < 3.0 or if the feature is not enabled in keystone. + """ keystone_user_id = db_models.CharField(primary_key=True, max_length=255) @@ -205,8 +214,8 @@ class User(models.AbstractBaseUser, models.AnonymousUser): authorized_tenants=None, endpoint=None, enabled=False, services_region=None, user_domain_id=None, user_domain_name=None, domain_id=None, domain_name=None, - project_id=None, project_name=None, - is_federated=False, unscoped_token=None, password=None): + project_id=None, project_name=None, is_federated=False, + unscoped_token=None, password=None, password_expires_at=None): self.id = id self.pk = id self.token = token @@ -228,6 +237,7 @@ class User(models.AbstractBaseUser, models.AnonymousUser): self.enabled = enabled self._authorized_tenants = authorized_tenants self.is_federated = is_federated + self.password_expires_at = password_expires_at # Unscoped token is used for listing user's project that works # for both federated and keystone user. @@ -424,5 +434,17 @@ class User(models.AbstractBaseUser, models.AnonymousUser): return False return True + def time_until_expiration(self): + """Returns the number of remaining days until user's password expires. + + Calculates the number days until the user must change their password, + once the password expires the user will not able to log in until an + admin changes its password. + """ + if self.password_expires_at is not None: + expiration_date = datetime.datetime.strptime( + self.password_expires_at, "%Y-%m-%dT%H:%M:%S.%f") + return expiration_date - datetime.datetime.now() + class Meta(object): app_label = 'openstack_auth' diff --git a/openstack_auth/views.py b/openstack_auth/views.py index ce51fa6..e02ff70 100644 --- a/openstack_auth/views.py +++ b/openstack_auth/views.py @@ -120,6 +120,16 @@ def login(request, template_name=None, extra_context=None, **kwargs): region_name = regions.get(login_region) request.session['region_endpoint'] = region request.session['region_name'] = region_name + expiration_time = request.user.time_until_expiration() + threshold_days = getattr( + settings, 'PASSWORD_EXPIRES_WARNING_THRESHOLD_DAYS', -1) + if expiration_time is not None and \ + expiration_time.days <= threshold_days: + expiration_time = str(expiration_time).rsplit(':', 1)[0] + msg = (_('Please consider changing your password, it will expire' + ' in %s minutes') % + expiration_time).replace(':', ' Hours and ') + messages.warning(request, msg) return res |