Open Closed

Password Checks #5221


User avatar
0
yunusemrecaglar created
  • ABP Framework version: v6.0.1
  • UI type: Blazor
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no

In our project, we want to check if the passwords of users who log in have not been changed for more than 180 days. If a password has not been changed for 180 days or more, we want to prompt the user to change their password. Additionally, we want to verify if the newly entered password matches any of the last 3 passwords the user used. If the new password matches any of the last 3 passwords, we want to display a warning message indicating that the entered password is not allowed. How can we perform these operations?


5 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    We added the Periodic Password Changes feature in 7.2

    https://blog.abp.io/abp/ABP.IO-Platform-7.2-RC-Has-Been-Published

    If the new password matches any of the last 3 passwords, we want to display a warning message indicating that the entered password is not allowed

    You can override the ChangePasswordModel to store the recently modified password to cache&database and check it.

  • User Avatar
    0
    yunusemrecaglar created

    hi, Have you implemented a mechanism that prevents the usage of the last 3 passwords?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    No, we don't such plan to implement it.

  • User Avatar
    0
    yunusemrecaglar created

    How can we accomplish that?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    You can save the password to the cache or database when changing the password.

    The bottom-level method to change the password is SetPasswordHashAsync

    ABP set the last password change time here, you can override the IdentityUserStore to save and get the last 3 passwords for comparison

    https://github.com/abpframework/abp/blob/dev/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/IdentityUserStore.cs

Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19