Force users to change password
This commit applies the password_expiration setting to all users. Users won't be able to do anything other than update password until it's done.
This commit is contained in:
@@ -172,6 +172,8 @@ class UserController extends Controller
|
||||
|
||||
if (! is_null($user)) {
|
||||
$user->password = Hash::make($request->newPassword);
|
||||
$user->password_last_updated = now();
|
||||
|
||||
$user->save();
|
||||
|
||||
Log::info('User '.$user->name.' has changed their password', [
|
||||
|
||||
@@ -85,6 +85,8 @@ class Kernel extends HttpKernel
|
||||
'usernameUUID' => \App\Http\Middleware\UsernameUUID::class,
|
||||
'forcelogout' => \App\Http\Middleware\ForceLogoutMiddleware::class,
|
||||
'2fa' => \PragmaRX\Google2FALaravel\Middleware::class,
|
||||
'passwordexpiration' => \App\Http\Middleware\PasswordExpirationMiddleware::class,
|
||||
'passwordredirect' => \App\Http\Middleware\PasswordExpirationRedirectMiddleware::class,
|
||||
'localize' => \Mcamara\LaravelLocalization\Middleware\LaravelLocalizationRoutes::class,
|
||||
'localizationRedirect' => \Mcamara\LaravelLocalization\Middleware\LaravelLocalizationRedirectFilter::class,
|
||||
'localeSessionRedirect' => \Mcamara\LaravelLocalization\Middleware\LocaleSessionRedirect::class,
|
||||
|
||||
40
app/Http/Middleware/PasswordExpirationMiddleware.php
Normal file
40
app/Http/Middleware/PasswordExpirationMiddleware.php
Normal file
@@ -0,0 +1,40 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use App\Facades\Options;
|
||||
use Carbon\Carbon;
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
class PasswordExpirationMiddleware
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
if(Auth::check())
|
||||
{
|
||||
$sinceUpdate = Carbon::parse(Auth::user()->password_last_updated)->diffInDays(now());
|
||||
$updateThreshold = Options::getOption('password_expiry');
|
||||
|
||||
if ($updateThreshold !== 0 && $sinceUpdate > $updateThreshold)
|
||||
{
|
||||
session()->put('passwordExpired', true);
|
||||
}
|
||||
else
|
||||
{
|
||||
session()->put('passwordExpired', false);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
28
app/Http/Middleware/PasswordExpirationRedirectMiddleware.php
Normal file
28
app/Http/Middleware/PasswordExpirationRedirectMiddleware.php
Normal file
@@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
class PasswordExpirationRedirectMiddleware
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle(Request $request, Closure $next)
|
||||
{
|
||||
if (Auth::check() && session('passwordExpired'))
|
||||
{
|
||||
// WARNING!! Routes under the profile group must not have this middleware, because it'll result in an infinite redirect loop.
|
||||
return redirect(route('showAccountSettings'));
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user