TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-07 07:16:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: password age policy (#8132)

Browse Source 
# Which Problems Are Solved

Some organizations / customers have the requirement, that there users
regularly need to change their password.
ZITADEL already had the possibility to manage a `password age policy` (
thought the API) with the maximum amount of days a password should be
valid, resp. days after with the user should be warned of the upcoming
expiration.
The policy could not be managed though the Console UI and was not
checked in the Login UI.

# How the Problems Are Solved

- The policy can be managed in the Console UI's settings sections on an
instance and organization level.
- During an authentication in the Login UI, if a policy is set with an
expiry (>0) and the user's last password change exceeds the amount of
days set, the user will be prompted to change their password.
- The prompt message of the Login UI can be customized in the Custom
Login Texts though the Console and API on the instance and each
organization.
- The information when the user last changed their password is returned
in the Auth, Management and User V2 API.
- The policy can be retrieved in the settings service as `password
expiry settings`.

# Additional Changes

None.

# Additional Context

- closes #8081

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
This commit is contained in:
Livio Spring
2024-06-18 13:27:44 +02:00
committed by GitHub
parent 65f787cc02
commit fb8cd18f93
93 changed files with 1250 additions and 487 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
console/src/assets/i18n/zh.json
View File

@@ -1325,6 +1325,7 @@
"LANGUAGES": "语言",
"LOGIN": "登录行为和安全",
"LOCKOUT": "安全锁策略",
"AGE": "密码过期",
"COMPLEXITY": "密码复杂性",
"NOTIFICATIONS": "通知设置",
"SMTP_PROVIDER": "SMTP 提供商",
@@ -1545,7 +1546,7 @@
},
"PWD_AGE": {
"TITLE": "密码过期",
"DESCRIPTION": "您可以设置密码过期策略。此策略会在特定过期时间过后发出警告。"
"DESCRIPTION": "您可以设置密码过期策略。此策略将强制用户在密码过期后下次登录时更改密码。没有自动警告和通知。"
},
"PWD_LOCKOUT": {
"TITLE": "锁定策略",
@@ -1698,8 +1699,8 @@
"SHOWLOCKOUTFAILURES": "显示锁定失败",
"MAXPASSWORDATTEMPTS": "密码最大尝试次数",
"MAXOTPATTEMPTS": "最多尝试 OTP 次数",
"EXPIREWARNDAYS": "密码过期警告",
"MAXAGEDAYS": "Max Age in days",
"EXPIREWARNDAYS": "密码将在几天后过期",
"MAXAGEDAYS": "最大有效期 (天)",
"USERLOGINMUSTBEDOMAIN": "用户名必须包含组织域名",
"USERLOGINMUSTBEDOMAIN_DESCRIPTION": "如果启用此设置,所有登录名都将以组织域为后缀。如果禁用此设置,您必须确保用户名在所有组织中都是唯一的。",
"VALIDATEORGDOMAINS": "组织域名验证需要 (DNS 或 HTTP 挑战)",