[Mayan EDMS: 1478] User Password Rules in v2.1.5

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Mayan EDMS: 1478] User Password Rules in v2.1.5

Mark Fleming
Roberto,

Thank you for all your magnificent effort over the years in producing an excellent EDMS. I am evaluating for our company to use Mayan v2.1.5 (installed using Docker). I apologise if this is covered elsewhere - I have been unable to find two items in the documentation or this discussion group:

1. Is there a way to implement user password rules - i.e. force the user to change it after a certain number of days and password must contain letters, numbers and special characters?

2. I have noticed that users remain logged in when they close the browser (and even when the server is stopped and restarted). Can Mayan be configured to always log users out when the browser window is closed?

Thank you once again.

Mark

--

---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Mayan EDMS: 1482] Re: User Password Rules in v2.1.5

rosarior
Administrator
Hi Mark,

The current version does not support password rules. The development version which should become version 2.2 or 3.0 has been updated to use Django 1.10 which includes what they call

Password validation should cover or allow to cover with some custom backends all needed password rules. I don't know if password validation will allow forcing a password change after a number of days.
I suspect that will require a periodic scheduled task or a check every time the user logs in. There is no official release date for the next version. The move to Django 1.10 broke many things
and we are still in process of fixing every test regression one by one. The aim for the release is February 2017.

Looking at the Django documentation it seems this should has been implemented -> https://docs.djangoproject.com/en/1.10/topics/http/sessions/#browser-length-sessions-vs-persistent-sessions
According to the documentation setting SESSION_EXPIRE_AT_BROWSER_CLOSE to True in your settings file should change the behavior.


On Tuesday, January 10, 2017 at 4:51:15 AM UTC-4, Mark Fleming wrote:
Roberto,

Thank you for all your magnificent effort over the years in producing an excellent EDMS. I am evaluating for our company to use Mayan v2.1.5 (installed using Docker). I apologise if this is covered elsewhere - I have been unable to find two items in the documentation or this discussion group:

1. Is there a way to implement user password rules - i.e. force the user to change it after a certain number of days and password must contain letters, numbers and special characters?

2. I have noticed that users remain logged in when they close the browser (and even when the server is stopped and restarted). Can Mayan be configured to always log users out when the browser window is closed?

Thank you once again.

Mark

--

---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Mayan EDMS: 1485] Re: User Password Rules in v2.1.5

Mark Fleming
Roberto,

Thanks your the response. I added the line SESSION_EXPIRE_AT_BROWSER_CLOSE = True 
into 
/var/lib/docker/volumes/mayan_settings/_data/base.py 
in the section commented as custom settings (just below PROJECT_WEBSITE). 

I restarted the server and browser but the user still remains logged in after the browser window closes. Have I put the setting into the correct file/section?

I wish you well with your testing for the next release.

On Saturday, 14 January 2017 03:07:46 UTC, Roberto Rosario wrote:
Hi Mark,

Looking at the Django documentation it seems this should has been implemented -> <a href="https://docs.djangoproject.com/en/1.10/topics/http/sessions/#browser-length-sessions-vs-persistent-sessions" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdocs.djangoproject.com%2Fen%2F1.10%2Ftopics%2Fhttp%2Fsessions%2F%23browser-length-sessions-vs-persistent-sessions\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEFNfrXoBJhpd53ghspgvBSnrVqVA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdocs.djangoproject.com%2Fen%2F1.10%2Ftopics%2Fhttp%2Fsessions%2F%23browser-length-sessions-vs-persistent-sessions\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEFNfrXoBJhpd53ghspgvBSnrVqVA&#39;;return true;">https://docs.djangoproject.com/en/1.10/topics/http/sessions/#browser-length-sessions-vs-persistent-sessions
According to the documentation setting <a href="https://docs.djangoproject.com/en/1.10/ref/settings/#std:setting-SESSION_EXPIRE_AT_BROWSER_CLOSE" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdocs.djangoproject.com%2Fen%2F1.10%2Fref%2Fsettings%2F%23std%3Asetting-SESSION_EXPIRE_AT_BROWSER_CLOSE\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNG0O8i6SDjuh5OkdCZ4ot2QjM3_zQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdocs.djangoproject.com%2Fen%2F1.10%2Fref%2Fsettings%2F%23std%3Asetting-SESSION_EXPIRE_AT_BROWSER_CLOSE\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNG0O8i6SDjuh5OkdCZ4ot2QjM3_zQ&#39;;return true;">SESSION_EXPIRE_AT_BROWSER_CLOSE to True in your settings file should change the behavior.

--

---
You received this message because you are subscribed to the Google Groups "Mayan EDMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Loading...