20
20
21
21
from password_policies .conf import settings
22
22
from password_policies .models import PasswordChangeRequired , PasswordHistory
23
- from password_policies .utils import PasswordCheck
24
-
23
+ from password_policies .utils import PasswordCheck , string_to_datetime , datetime_to_string
25
24
26
25
class PasswordChangeMiddleware (MiddlewareMixin ):
27
26
"""
@@ -70,22 +69,24 @@ class PasswordChangeMiddleware(MiddlewareMixin):
70
69
This middleware does not try to redirect using the HTTPS
71
70
protocol."""
72
71
73
- checked = "_password_policies_last_checked"
74
- expired = "_password_policies_expired"
75
- last = "_password_policies_last_changed"
76
- required = "_password_policies_change_required"
72
+ checked = settings . PASSWORD_POLICIES_LAST_CHECKED_SESSION_KEY
73
+ expired = settings . PASSWORD_POLICIES_EXPIRED_SESSION_KEY
74
+ last = settings . PASSWORD_POLICIES_LAST_CHANGED_SESSION_KEY
75
+ required = settings . PASSWORD_POLICIES_CHANGE_REQUIRED_SESSION_KEY
77
76
td = timedelta (seconds = settings .PASSWORD_DURATION_SECONDS )
78
77
79
78
def _check_history (self , request ):
80
79
if not request .session .get (self .last , None ):
81
80
newest = PasswordHistory .objects .get_newest (request .user )
82
81
if newest :
83
- request .session [self .last ] = newest .created
82
+ request .session [self .last ] = datetime_to_string ( newest .created )
84
83
else :
85
84
# TODO: This relies on request.user.date_joined which might not
86
85
# be available!!!
87
- request .session [self .last ] = request .user .date_joined
88
- if request .session [self .last ] < self .expiry_datetime :
86
+ request .session [self .last ] = datetime_to_string (request .user .date_joined )
87
+
88
+ date_last = string_to_datetime (request .session [self .last ])
89
+ if date_last < self .expiry_datetime :
89
90
request .session [self .required ] = True
90
91
if not PasswordChangeRequired .objects .filter (user = request .user ).count ():
91
92
PasswordChangeRequired .objects .create (user = request .user )
@@ -95,27 +96,30 @@ def _check_history(self, request):
95
96
def _check_necessary (self , request ):
96
97
97
98
if not request .session .get (self .checked , None ):
98
- request .session [self .checked ] = self .now
99
+ request .session [self .checked ] = datetime_to_string ( self .now )
99
100
100
101
# If the PASSWORD_CHECK_ONLY_AT_LOGIN is set, then only check at the beginning of session, which we can
101
102
# tell by self.now time having just been set.
102
103
if (
103
104
not settings .PASSWORD_CHECK_ONLY_AT_LOGIN
104
- or request .session .get (self .checked , None ) == self .now
105
+ or request .session .get (self .checked , None ) == datetime_to_string ( self .now )
105
106
):
106
107
# If a password change is enforced we won't check
107
108
# the user's password history, thus reducing DB hits...
108
109
if PasswordChangeRequired .objects .filter (user = request .user ).count ():
109
110
request .session [self .required ] = True
110
111
return
111
- if request .session [self .checked ] < self .expiry_datetime :
112
+
113
+ date_checked = string_to_datetime (request .session [self .checked ])
114
+ if date_checked < self .expiry_datetime :
112
115
try :
113
116
del request .session [self .last ]
114
117
del request .session [self .checked ]
115
118
del request .session [self .required ]
116
119
del request .session [self .expired ]
117
120
except KeyError :
118
121
pass
122
+
119
123
if settings .PASSWORD_USE_HISTORY :
120
124
self ._check_history (request )
121
125
else :
0 commit comments