24-hour Rails password

Question

24-hour Rails password

In my rails 3.1 application, I want to create and end a random password for users. I am using devise gem for this. expiring password any plugin available for expiring password with some duration?
Or please give me some logical suggestions for implementing this feature.
Please consider me a newbie.

+4

ruby-on-rails logic devise

shajin Oct 4 '11 at 14:33

source share

4 answers

When creating a password, pay attention to the time it was created. Then, when the password is used, verify that the password was created less than 24 hours ago.

Depending on which framework you use, this functionality (or something similar) may already exist within the framework or, possibly, as a plugin. If not, it is not particularly difficult to implement. All you need is an extra column in the data store to store the date and time the password was created and a little extra logic when creating the password and using the password.

+4

cdeszaq Oct 4 '11 at 14:37

source share

Take a look at the Extise Security Extension self-defense:

https://github.com/phatworx/devise_security_extension

I use it to expire passwords and archive passwords (so that the old password is not reused) without problems.

+2

yui Jun 04 '12 at 22:01

source share

@ Jeriko's answer contains the old code, here are the changes

In the model /user.rb:

  def password_should_expire? if DateTime.now() > password_changed_at + 30.seconds return true; else return false; end end

In the application controller:

  before_filter :check_password_expiry def check_password_expiry return if !current_user || ["sessions","passwords"].include?(controller_name) # do nothing if not logged in, or viewing an account-related page # otherwise you might lock them out completely without being able to change their password if current_user.password_should_expire? @expiring_user = current_user # save him for later @expiring_user.set_reset_password_token! # this is a devise method sign_out(current_user) # log them out and force them to use the reset token to create a new password redirect_to edit_password_url(@expiring_user, :reset_password_token => @expiring_user.reset_password_token, :forced_reset => true) end end

0

YDRabbit Jun 16 '16 at 21:26

source share

Jeriko · Accepted Answer · 2011-10-04T15:22:57+0000

It looks like you just want the password to expire once. If you want to do this at regular intervals (for example, every couple of months) or if you want to prevent users from reusing passwords, this becomes more difficult.

In the application I'm working on:

app / models / user.rb (assuming you name your model):

 def password_should_expire? # your logic goes here, remember it should return false after the password has been reset end

application / controllers / application_controller.rb

 before_filter :check_password_expiry def check_password_expiry return if !current_user || ["sessions","passwords"].include?(controller_name) # do nothing if not logged in, or viewing an account-related page # otherwise you might lock them out completely without being able to change their password if current_user.password_should_expire? @expiring_user = current_user # save him for later @expiring_user.generate_reset_password_token! # this is a devise method sign_out(current_user) # log them out and force them to use the reset token to create a new password redirect_to edit_password_url(@expiring_user, :reset_password_token => @expiring_user.reset_password_token, :forced_reset => true) end end

24-hour Rails password

More articles: