Hi Mark, The current version does not support password rules. The development version which should become version 2.2 or 3.0 has been updated to use Django 1.10 which includes what they call password validation. https://docs.djangoproject.com/en/1.10/topics/auth/passwords/#module-django.contrib.auth.password_validation <https://docs.djangoproject.com/en/1.10/topics/auth/passwords/#module-django.contrib.auth.password_validation>
Password validation should cover or allow to cover with some custom backends all needed password rules. I don't know if password validation will allow forcing a password change after a number of days. I suspect that will require a periodic scheduled task or a check every time the user logs in. There is no official release date for the next version. The move to Django 1.10 broke many things and we are still in process of fixing every test regression one by one. The aim for the release is February 2017. Looking at the Django documentation it seems this should has been implemented -> https://docs.djangoproject.com/en/1.10/topics/http/sessions/#browser-length-sessions-vs-persistent-sessions According to the documentation setting SESSION_EXPIRE_AT_BROWSER_CLOSE <https://docs.djangoproject.com/en/1.10/ref/settings/#std:setting-SESSION_EXPIRE_AT_BROWSER_CLOSE> to True in your settings file should change the behavior. On Tuesday, January 10, 2017 at 4:51:15 AM UTC-4, Mark Fleming wrote: > > Roberto, > > Thank you for all your magnificent effort over the years in producing an > excellent EDMS. I am evaluating for our company to use Mayan v2.1.5 > (installed using Docker). I apologise if this is covered elsewhere - I have > been unable to find two items in the documentation or this discussion group: > > 1. Is there a way to implement user password rules - i.e. force the user > to change it after a certain number of days and password must contain > letters, numbers and special characters? > > 2. I have noticed that users remain logged in when they close the browser > (and even when the server is stopped and restarted). Can Mayan be > configured to always log users out when the browser window is closed? > > Thank you once again. > > Mark > -- --- You received this message because you are subscribed to the Google Groups "Mayan EDMS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
