I needed to add auto-expiry feature for user passwords in a Django project. It turned out to be super simple.
Logic is: when expiry occurs user is redirected to a password change page.
Note
I'm well aware that recent NIST recommendations discourage this practice, and I also think that monthly password rotation is moronic idea.
However it is mandated by law in Poland for certain usages.
You can easily implement this as a middleware, which works like that:
class PasswordMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
user = request.user
password_change_path = reverse("password_change")
if user.is_authenticated and password_expired(user):
if request.path != password_change_path:
return redirect(password_change_path)
return self.get_response(request)
And you need to add this to middleware directly after AuthenticationMiddleware.