Configurable Password Expiration rules for newly created users.

Question

Configurable Password Expiration rules for newly created users.

issackelly opened this issue 9 years ago · 5 comments

I'd like to migrate to django-security, unfortunately this means two things need to happen (in my codebase/environment, or in the larger project...somewhere)

Currently, with the password expiry middleware enabled, we'll create new PasswordExpiry objects for each user when my tests are run. because auto_now_add=True on PasswordExpiry.password_expiry_date this means that many of my view-based integration tests are failing because all users that get created via models also get their password expired.

If instead of auto_now_add=True there were a default that checked a setting, this could be configurable per installation.

This would save me from re-writing several hundred tests in order to implement this feature, and it would ease the transition into production for my current project.

funkaoshi commented 9 years ago

Perfect.

Answer 1 · 2015-11-16T22:48:46.000Z

An example of what I'm suggesting:

issackelly@06ce296

Answer 2 · 2015-11-18T21:37:13.000Z

Ah, I see. In our code base we have a helper for making users in our tests, and that helper does the following:

user.passwordexpiry_set.get_or_create()[0].never_expire()

Answer 3 · 2015-11-18T21:37:24.000Z

Let me see if the people here have other ideas.

Answer 4 · 2015-11-30T21:27:44.000Z

That's what I ended up doing in my tests, I got lucky and all of my tests that work with users inherited from only a couple of places.