Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a password expiration config option (resolves #2485) #2486

Merged
merged 7 commits into from Jul 5, 2016

Conversation

Projects
None yet
6 participants
@benfulton
Copy link
Contributor

commented Jun 10, 2016

Add a "last_password_change" field to user table and user object.
Add a config option "password expiration_period" to allow admins
to require users to change passwords every so many days. On login,
check for the presence of the config option and if the user pw
has expired, redirect to the "change password" page.

Add a password expiration config option
Add a "last_password_change" field to user table and user object.
Add a config option "password expiration_period" to allow admins
to require users to change passwords every so many days. On login,
check for the presence of the config option and if the user pw
has expired, redirect to the "change password" page.
if user.last_password_change < datetime.today() - pw_expires:
trans.response.send_redirect(web.url_for(controller='user',
action='change_password',
message='Your time is up! Change your password to access galaxy',

This comment has been minimized.

Copy link
@martenson

martenson Jun 10, 2016

Member

Please rephrase. Maybe something like Your password has expired. Please change it to access Galaxy.

@erasche

This comment has been minimized.

Copy link
Member

commented Jun 10, 2016

👍 on the idea (any implementation issues aside). This will be nice to have!

@@ -0,0 +1,18 @@
"""
Migration script to add a last_password_change field to

This comment has been minimized.

Copy link
@martenson

martenson Jun 10, 2016

Member

to the User table?

@@ -113,6 +113,7 @@ def __init__( self, **kwargs ):

self.expose_user_name = kwargs.get( "expose_user_name", False )
self.expose_user_email = kwargs.get( "expose_user_email", False )
self.password_expiration_period = timedelta(days=int(kwargs.get( "password_expiration_period", 0 )))

This comment has been minimized.

Copy link
@martenson

martenson Jun 10, 2016

Member

please adhere to the codestyle of the file and add space before and after a bracket content

@martenson

This comment has been minimized.

Copy link
Member

commented Jun 10, 2016

Looks very nice, added some minor comments inline, will test in action later today. Thank you @benfulton !

@martenson

This comment has been minimized.

Copy link
Member

commented Jun 10, 2016

Thank you for the changes. I might get to testing it after the weekend, sorry.
@galaxybot test this

@martenson

This comment has been minimized.

Copy link
Member

commented Jun 11, 2016

Tool Shed inherits the user controller but has separate database, we probably want to extend the functionality of expiring password to it. I can have a stab.

@nsoranzo

This comment has been minimized.

Copy link
Member

commented Jun 12, 2016

This is changing the user permissions on 2 files: lib/galaxy/webapps/galaxy/controllers/user.py and lib/galaxy/webapps/galaxy/controllers/user.py

This should be reverted.

@martenson

This comment has been minimized.

Copy link
Member

commented Jun 13, 2016

@nsoranzo good catch, I didn't even know github shows these changes

@dannon

This comment has been minimized.

Copy link
Member

commented Jun 15, 2016

https://github.com/benfulton/galaxy/pull/1 fixes file permissions and has one more change inc addressing incorrect login logic

dannon and others added some commits Jun 15, 2016

Don't actually log the person in in the event that their password has…
… expired. Change 'about to expire' warning to a warning and not an error.
@dannon

This comment has been minimized.

Copy link
Member

commented Jun 25, 2016

@galaxybot test this

Add password_expiration_period to toolshed config
This is necessary as it shares the user class with the galaxy app.
@erasche

This comment has been minimized.

Copy link
Member

commented Jun 29, 2016

@galaxybot test this

(from request on IRC)

@dannon

This comment has been minimized.

Copy link
Member

commented Jul 5, 2016

@benfulton Thanks for following up on the toolshed config!

(failing test is travis osx fail, not code fail)

@dannon dannon merged commit dd12980 into galaxyproject:dev Jul 5, 2016

1 check failed

continuous-integration/travis-ci/pr The Travis CI build could not complete due to an error
Details

@benfulton benfulton deleted the benfulton:ForcePasswordChange branch Jul 7, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.