Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Password Expiration feature #535

Open
wants to merge 15 commits into
base: master
Choose a base branch
from
Open

Add Password Expiration feature #535

wants to merge 15 commits into from
+132 −36

Conversation

merhard
Copy link

@merhard merhard commented Apr 22, 2014

This is code to add a submodule for easier Password Expiration, a security concern requiring app users to periodically change their password.

The submodule API adds:

# password expiration
require_valid_password # this is a before filter
@user.password_expired?
@user.expire_password!
@user.update_password!(password_params)

Thoughts?

@arnvald
Copy link
Collaborator

arnvald commented Apr 23, 2014

Hey @merhard,

thanks for contributing to Sorcery! 💛

As we're now in process of rewriting some parts of the library, I'm not sure if this code should be part of the core gem or it should be maintained as separate plugin. Anyway, I'll review the code and let you know if I have any questions, and when we decide about the infrastructure of the future gem version, I'll let you know.

@arnvald arnvald added the Feature label May 9, 2014
@arnvald arnvald mentioned this pull request Jul 14, 2014
Closed
@arnvald arnvald mentioned this pull request Jun 29, 2015
Open
@gthorsen
Copy link

What is the status of this? This would be a great feature for enterprise apps. :)

joshbuker
joshbuker suggested changes Sep 19, 2016
View reviewed changes
Copy link
Contributor

@joshbuker joshbuker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rails 3 has been deprecated for the upcoming Sorcery version. Can this be updated to support Rails 4 & 5?

@merhard
Copy link
Author

merhard commented Sep 20, 2016

This code seems Rails agnostic and should be usable on all 3 versions (Rails 3, 4, and 5). I would be willing to update this pull request for the current Sorcery code base if there is interest

@joshbuker
Copy link
Contributor

Ah, I saw references to rails_3 which is what concerned me. Currently Sorcery is in the middle of transitioning to a new maintainer, so it might be a little while before the code can be fully merged in. I think this would definitely be a useful submodule however, so if you want to update the PR it would be appreciated.

@maysam
Copy link

maysam commented Sep 17, 2021

please resolve the conflict 👯

@joshbuker
Copy link
Contributor

Please open a new PR in Sorcery/sorcery, per README this one is deprecated.

@joshbuker
Copy link
Contributor

joshbuker commented Sep 20, 2021
edited
Loading

Also @maysam, per updated NIST guidelines, periodic password expiration is no longer a recommended best practice. This proposed plugin/submodule should no longer be of benefit.

Please see: https://pages.nist.gov/800-63-FAQ/#q-b05

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshbuker joshbuker joshbuker requested changes

Assignees
No one assigned
Labels
Feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@merhard @arnvald @gthorsen @joshbuker @maysam @v-kolesnikov @Ch4s3 @chhlga