Skip to content

Commit

Permalink
chore: add a warning on password expiration
Browse files Browse the repository at this point in the history
Signed-off-by: Benjamin Gaussorgues <[email protected]>
  • Loading branch information
Altahrim committed Oct 17, 2024
1 parent d7dedaf commit dcb73c5
Show file tree
Hide file tree
Showing 5 changed files with 17 additions and 14 deletions.
2 changes: 1 addition & 1 deletion css/password_policy-settings.css
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
/* extracted by css-entry-points-plugin */
@import './settings-Be1Zyivi.chunk.css';
@import './settings-JzBOrW1D.chunk.css';

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion js/password_policy-settings.mjs

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion js/password_policy-settings.mjs.map

Large diffs are not rendered by default.

23 changes: 13 additions & 10 deletions src/AdminSettings.vue
Original file line number Diff line number Diff line change
Expand Up @@ -26,16 +26,6 @@
{{ t('password_policy', 'User password history') }}
</label>
</li>
<li>
<input id="password-policy-expiration"
v-model="config.expiration"
min="0"
type="number"
@change="updateNumberSetting('expiration')">
<label for="password-policy-expiration">
{{ t('password_policy', 'Number of days until user password expires') }}
</label>
</li>
<li>
<input id="password-policy_failed-login"
v-model="config.maximumLoginAttempts"
Expand All @@ -49,6 +39,19 @@
{{ t('password_policy', 'Please note, this option is meant to protect attacked accounts. Disabled accounts have to be re-enabled manually by administration. Attackers that try to guess passwords of accounts will have their IP address blocked by the bruteforce protection independent from this setting.') }}
</p>
</li>
<li>
<input id="password-policy-expiration"
v-model="config.expiration"
min="0"
type="number"
@change="updateNumberSetting('expiration')">
<label for="password-policy-expiration">
{{ t('password_policy', 'Number of days until user password expires') }}
</label>
<p class="havibeenpwned-hint">
{{ t('password_policy', 'Warning: enabling password expiration is nowadays considered a security risk by several security agencies.') }}
</p>
</li>
</ul>

<ul class="password-policy__settings-list">
Expand Down

0 comments on commit dcb73c5

Please sign in to comment.