Implementation of an early password expiration warning after successful

login.

bt5/erp5_authentication_policy/PropertySheetTemplateItem/portal_property_sheets/AuthenticationPolicyPreference.xml

@@ -34,7 +34,7 @@
         </item>
         <item>
             <key> <string>last_id</string> </key>
-            <value> <string>10</string> </value>
+            <value> <string>11</string> </value>
         </item>
         <item>
             <key> <string>portal_type</string> </key>

bt5/erp5_authentication_policy/PropertySheetTemplateItem/portal_property_sheets/AuthenticationPolicyPreference/preferred_password_lifetime_expire_warning_duration_property.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Standard Property" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>categories</string> </key>
+            <value>
+              <tuple>
+                <string>elementary_type/int</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value> <string>The time interval ( (in hours)  before real password expire happens. During it interval an warning will be shown to user after every successful login.</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>preferred_password_lifetime_expire_warning_duration_property</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Standard Property</string> </value>
+        </item>
+        <item>
+            <key> <string>preference</string> </key>
+            <value> <int>1</int> </value>
+        </item>
+        <item>
+            <key> <string>property_default</string> </key>
+            <value> <string>python: 0</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/Person_isPasswordExpired.xml

@@ -65,20 +65,32 @@ def _isPasswordExpired():\n
   one_hour = 1/24.0\n
   now = DateTime()\n
   max_password_lifetime_duration = portal.portal_preferences.getPreferredMaxPasswordLifetimeDuration()\n
+  password_lifetime_expire_warning_duration = portal.portal_preferences.getPreferredPasswordLifetimeExpireWarningDuration()\n
   last_password_modification_date = context.getLastPasswordModificationDate()\n
-  if last_password_modification_date is not None and \\\n
-     (last_password_modification_date + max_password_lifetime_duration*one_hour) < now:\n
-    # password is expired\n
-    context.log(\'expired %s\' %context.getReference())\n
-    return 1\n
-  return 0\n
 \n
-_isPasswordExpired = CachingMethod(_isPasswordExpired,\n
+  early_warning = False\n
+  if last_password_modification_date is not None:\n
+    expire_date = last_password_modification_date + max_password_lifetime_duration*one_hour \n
+    if password_lifetime_expire_warning_duration not in (0, None,):\n
+      # calculate early warning period\n
+      if now > expire_date - password_lifetime_expire_warning_duration*one_hour:\n
+        early_warning = True\n
+    if expire_date < now:\n
+      # password is expired\n
+      context.log(\'expired %s\' %context.getReference())\n
+      return True, early_warning\n
+  return False, early_warning\n
+\n
+_isPasswordExpired1 = CachingMethod(_isPasswordExpired,\n
                                    id=\'Person_isPasswordExpired\',\n
                                    cache_factory=\'erp5_content_short\')\n
-is_password_expired = _isPasswordExpired()\n
+is_password_expired, is_user_account_password_expired_warning_on = _isPasswordExpired()\n
+\n
 request.set(\'is_user_account_password_expired\', is_password_expired)\n
-return _isPasswordExpired()\n
+request.set(\'is_user_account_password_expired_warning_on\', is_user_account_password_expired_warning_on)\n
+\n
+context.log(\'in --> %s %s\' %(is_password_expired, is_user_account_password_expired_warning_on))\n
+return is_password_expired\n
 
 
 ]]></string> </value>

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/SystemPreference_viewAuthenticationPolicy.xml

@@ -92,6 +92,7 @@
                         <string>my_preferred_min_password_length</string>
                         <string>my_preferred_min_password_lifetime_duration</string>
                         <string>my_preferred_max_password_lifetime_duration</string>
+                        <string>my_preferred_password_lifetime_expire_warning_duration</string>
                         <string>my_preferred_number_of_last_password_to_check</string>
                         <string>my_preffered_force_username_check_in_password</string>
                         <string>my_preferred_min_regular_expression_group_number</string>

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/SystemPreference_viewAuthenticationPolicy/my_preferred_password_lifetime_expire_warning_duration.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ProxyField" module="Products.ERP5Form.ProxyField"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>delegated_list</string> </key>
+            <value>
+              <list>
+                <string>title</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>my_preferred_password_lifetime_expire_warning_duration</string> </value>
+        </item>
+        <item>
+            <key> <string>message_values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>external_validator_failed</string> </key>
+                    <value> <string>The input failed the external validator.</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>overrides</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>tales</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string>my_integer_value</string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string>Base_viewFieldLibrary</string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string>Click to edit the target</string> </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value> <string>Password Expire Warning Duration</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

bt5/erp5_authentication_policy/SkinTemplateItem/portal_skins/erp5_authentication_policy/logged_in.xml

@@ -47,24 +47,23 @@
     <tal:block tal:condition="isAnon">\n
       <tal:block tal:define="dummy python: response.expireCookie(\'__ac\', path=\'/\');\n
                  is_user_account_blocked python: request.get(\'is_user_account_blocked\', False);\n
-                 is_user_account_password_expired python: request.get(\'is_user_account_password_expired\', False);\n
-                 d python: context.log(\'? --%s %s\' %(is_user_account_blocked, is_user_account_password_expired));">\n
+                 is_user_account_password_expired python: request.get(\'is_user_account_password_expired\', False);">\n
 \n
         <!-- Login and/or password is incorrect. -->\n
-        <tal:block  tal:omit-tag="python: not is_user_account_blocked and not is_user_account_password_expired"\n
-                    tal:define="url python: \'%s/login_form?portal_status_message=%s\' % (here.absolute_url(), here.Base_translateString(\'Login and/or password is incorrect.\'));\n
-                                url python: request.get(\'came_from\') and  \'%s&amp;came_from=%s\' % (url, request[\'came_from\']) or url;\n
-                                dummy python: response.redirect(url);">\n
+        <tal:block tal:condition="python: not is_user_account_blocked and not is_user_account_password_expired">\n
+          <tal:block tal:define="url python: \'%s/login_form?portal_status_message=%s\' % (here.absolute_url(), here.Base_translateString(\'Login and/or password is incorrect.\'));\n
+                                 url python: request.get(\'came_from\') and  \'%s&amp;came_from=%s\' % (url, request[\'came_from\']) or url;\n
+                                 dummy python: response.redirect(url);"/>\n
         </tal:block>\n
 \n
         <!-- Login is blocked. -->\n
         <tal:block tal:condition="is_user_account_blocked">\n
           <tal:block tal:define="url python: \'%s/login_form?portal_status_message=%s\' % (here.absolute_url(), here.Base_translateString(\'Account is blocked.\'));\n
-                               url python: request.get(\'came_from\') and  \'%s&amp;came_from=%s\' % (url, request[\'came_from\']) or url;\n
-                               dummy python: response.redirect(url);"/>\n
+                                 url python: request.get(\'came_from\') and  \'%s&amp;came_from=%s\' % (url, request[\'came_from\']) or url;\n
+                                 dummy python: response.redirect(url);"/>\n
         </tal:block>\n
 \n
-        <!-- Password is expired. -->\n
+        <!-- Password is expired permanently. -->\n
         <tal:block tal:condition="is_user_account_password_expired">\n
           <tal:block tal:define="url python: \'%s/login_form?portal_status_message=%s\' % (here.absolute_url(), here.Base_translateString(\'Password is expired.\'));\n
                                  url python: request.get(\'came_from\') and  \'%s&amp;came_from=%s\' % (url, request[\'came_from\']) or url;\n
@@ -73,9 +72,20 @@
 \n
       </tal:block>\n
     </tal:block>\n
-    <tal:block tal:condition="not: isAnon">\n
-      <tal:block tal:define="came_from python: request.get(\'came_from\') or here.absolute_url();\n
-                 dummy python: response.redirect(came_from);" />\n
+    <tal:block tal:condition="not: isAnon"\n
+               tal:define="is_user_account_password_expired_warning_on python:request.get(\'is_user_account_password_expired_warning_on\', False);">\n
+      \n
+      <!--  XXX: Password will expire soon just war user ?  -->\n
+      <tal:block tal:condition="is_user_account_password_expired_warning_on">\n
+         <tal:block tal:define="came_from python: request.get(\'came_from\') or here.absolute_url();\n
+                               dummy python: response.redirect(\'%s?portal_status_message=%s\' %(came_from, here.Base_translateString(\'Your password will expire soon.\')));" />\n
+      </tal:block>\n
+\n
+      <tal:block tal:condition="not: is_user_account_password_expired_warning_on">\n
+        <tal:block tal:define="came_from python: request.get(\'came_from\') or here.absolute_url();\n
+                               dummy python: response.redirect(came_from);" />\n
+      </tal:block>\n
+\n
     </tal:block>\n
   </tal:block>\n
 </tal:block>

bt5/erp5_authentication_policy/bt/revision

-2
\ No newline at end of file
+3
\ No newline at end of file

bt5/erp5_authentication_policy/bt/version

-0.2
\ No newline at end of file
+0.3
\ No newline at end of file