/django-password-expire

Django app to manage password expiration

Primary LanguagePythonBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

Django password expiration app

This app provides configurable expiration of passwords.

Features

  • Configurable password duration and warning duration
  • Visual warning to user using Django messages
  • Prevents user from logging in after expiration

Requirements

This Django app requires Python >= 3.6 and has been tested with Django 2.2, 3.1, and 3.2.

Installation

  1. pip install django-password-expire.
  2. Add password_expire to INSTALLED_APPS.
  3. Add 'password_expire.middleware.PasswordExpireMiddleware' to MIDDLEWARE. It should be listed after authentication and session middlewares.
  4. Configure the app in your settings: 
    # contact information if password is expired
PASSWORD_EXPIRE_CONTACT = "John Doe <jdoe@example.com>"
# expire passwords after 90 days
PASSWORD_EXPIRE_SECONDS = 90 * 24 * 60 * 60
# start warning 10 days before expiration
PASSWORD_EXPIRE_WARN_SECONDS = 10 * 24 * 60 * 60
  5. Run python manage.py migrate to create the required database tables.

To redirect new users to the change password page, set this flag in the settings:

PASSWORD_EXPIRE_FORCE = True

If you want to exclude superusers from the password expiration, set this flag:

PASSWORD_EXPIRE_EXCLUDE_SUPERUSERS = True

Acknowledgements

This app is inspired by django-password-policies-iplweb.